Published: 12/09/2013 Updated: 23/09/2013

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

Phpbb3 prior to 3.0.11-4 for Debian GNU/Linux uses world-writable permissions for cache files, which allows local users to modify the file contents via standard filesystem write operations.

Vulnerable Product	Search on Vulmon	Subscribe to Product
debian phpbb3
debian phpbb3 3.0.11-2
debian phpbb3 3.0.2-2
debian phpbb3 3.0.2-1
debian phpbb3 3.0.1-1
debian phpbb3 3.0.0-1
debian phpbb3 3.0.10-2
debian phpbb3 3.0.9-1
debian phpbb3 3.0.7-p1-1
debian phpbb3 3.0.2-4
debian phpbb3 3.0.0-rc7-1
debian phpbb3 3.0.0-rc4-1
debian phpbb3 3.0.7-p1-5
debian phpbb3 3.0.7-p1-4
debian phpbb3 3.0.7-p1-3
debian phpbb3 3.0.7-p1-2
debian phpbb3 3.0.0-rc3-1
debian phpbb3 3.0.0-rc2-1
debian phpbb3 3.0.0-rc1
debian phpbb3 3.0.0-b5
debian phpbb3 3.0.11-1
debian phpbb3 3.0.10-1
debian phpbb3 3.0.4-1
debian phpbb3 3.0.2-3
debian phpbb3 3.0.0-2
debian phpbb3 3.0.0-rc5-1

Andreas Beckmann discovered that phpBB, a web forum, as installed in Debian, sets incorrect permissions for cached files, allowing a malicious local user to overwrite them For the oldstable distribution (squeeze), this problem has been fixed in version 307-PL1-4+squeeze1 For the stable distribution (wheezy), this problem has been fixed in versi ...

CWE-264 http://www.debian.org/security/2013/dsa-2752 http://secunia.com/advisories/54665 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711172 https://nvd.nist.gov https://www.debian.org/security/./dsa-2752

CVE-2013-5724

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect