Published: 24/03/2008 Updated: 08/08/2017

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

VMScore: 570

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows malicious users to bypass restrictions and edit or read restricted properties via the (1) list, (2) display, and (3) set methods.

Vulnerable Product	Search on Vulmon	Subscribe to Product
roundup-tracker roundup 1.4.1
roundup-tracker roundup 1.4.0
roundup-tracker roundup 1.1.2
roundup-tracker roundup 1.1.1
roundup-tracker roundup 0.7.2
roundup-tracker roundup 0.7.1
roundup-tracker roundup 0.6.8
roundup-tracker roundup 0.6.7
roundup-tracker roundup 0.8.4
roundup-tracker roundup 0.8.5
roundup-tracker roundup 0.7.12
roundup-tracker roundup 0.6.11
roundup-tracker roundup 0.5.3
roundup-tracker roundup 0.5.4
roundup-tracker roundup 0.2.1
roundup-tracker roundup 0.2.0
roundup-tracker roundup 0.2.4
roundup-tracker roundup 0.2.7
roundup-tracker roundup 0.3.0
roundup-tracker roundup 0.4.0
roundup-tracker roundup 0.5.0
roundup-tracker roundup 0.6.2
roundup-tracker roundup 0.6.1
roundup-tracker roundup 1.3.1
roundup-tracker roundup 1.3.0
roundup-tracker roundup 1.0.1
roundup-tracker roundup 0.7.6
roundup-tracker roundup 0.7.5
roundup-tracker roundup 0.7.0
roundup-tracker roundup 0.8.6
roundup-tracker roundup 0.9.0
roundup-tracker roundup 0.8.1
roundup-tracker roundup 0.7.9
roundup-tracker roundup 0.5.7
roundup-tracker roundup 0.5.8
roundup-tracker roundup 0.1.1
roundup-tracker roundup 0.1.0
roundup-tracker roundup 0.2.3
roundup-tracker roundup 0.2.8
roundup-tracker roundup 0.4.1
roundup-tracker roundup 0.4.2
roundup-tracker roundup 0.6.0
roundup-tracker roundup 0.6.6
roundup-tracker roundup 0.6.5
roundup-tracker roundup
roundup-tracker roundup 1.4.2
roundup-tracker roundup 1.2.1
roundup-tracker roundup 1.2.0
roundup-tracker roundup 0.7.8
roundup-tracker roundup 0.7.7
roundup-tracker roundup 0.8.2
roundup-tracker roundup 0.8.3
roundup-tracker roundup 0.7.10
roundup-tracker roundup 0.7.11
roundup-tracker roundup 0.5.5
roundup-tracker roundup 0.5.6
roundup-tracker roundup 0.1.3
roundup-tracker roundup 0.1.2
roundup-tracker roundup 0.2.6
roundup-tracker roundup 0.6.4
roundup-tracker roundup 0.6.3
roundup-tracker roundup 1.3.3
roundup-tracker roundup 1.3.2
roundup-tracker roundup 1.1.0
roundup-tracker roundup 1.0
roundup-tracker roundup 0.7.4
roundup-tracker roundup 0.7.3
roundup-tracker roundup 0.6.10
roundup-tracker roundup 0.6.9
roundup-tracker roundup 0.8.0
roundup-tracker roundup 0.5.9
roundup-tracker roundup 0.5
roundup-tracker roundup 0.5.1
roundup-tracker roundup 0.5.2
roundup-tracker roundup 0.2.5
roundup-tracker roundup 0.2.2

Debian Bug report logs - #484728 roundup: security hole: CVE-2008-1475 Package: roundup; Maintainer for roundup is Kai Storbeck <kai@xs4allnl>; Source for roundup is src:roundup (PTS, buildd, popcon) Reported by: Alvaro Herrera <alvherre@alvhno-iporg> Date: Thu, 5 Jun 2008 22:33:02 UTC Severity: grave Tags: patc ...

CWE-264 https://bugzilla.redhat.com/show_bug.cgi?id=436546 http://sourceforge.net/tracker/index.php?func=detail&aid=1907211&group_id=31577&atid=402788 https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00264.html https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00375.html http://www.securityfocus.com/bid/28238 http://secunia.com/advisories/29336 http://secunia.com/advisories/29375 http://secunia.com/advisories/30274 http://security.gentoo.org/glsa/glsa-200805-21.xml http://secunia.com/advisories/32805 https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00478.html https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00452.html http://www.vupen.com/english/advisories/2008/0891 https://exchange.xforce.ibmcloud.com/vulnerabilities/41240 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484728 https://nvd.nist.gov

CVE-2008-1475

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect