CVE-2008-1970

muCommander before 0.8.2 stores credentials.xml with insecure permissions, which allows local users to obtain credentials.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/29893	Vendor Advisory
http://www.mucommander.com/changes.php
http://www.securityfocus.com/bid/28875
https://exchange.xforce.ibmcloud.com/vulnerabilities/41908

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mucommander:mucommander::::::::
	cpe:2.3:a:mucommander:mucommander:0.1:::::::*
	cpe:2.3:a:mucommander:mucommander:0.2:::::::*
	cpe:2.3:a:mucommander:mucommander:0.3:::::::*
	cpe:2.3:a:mucommander:mucommander:0.4:::::::*
	cpe:2.3:a:mucommander:mucommander:0.5:::::::*
	cpe:2.3:a:mucommander:mucommander:0.6:::::::*
	cpe:2.3:a:mucommander:mucommander:0.7:::::::*
	cpe:2.3:a:mucommander:mucommander:0.8:beta1::::::
	cpe:2.3:a:mucommander:mucommander:0.8:beta2::::::
	cpe:2.3:a:mucommander:mucommander:0.8:beta3::::::

History

No history.

Information

Published : 2008-04-27 18:05

Updated : 2017-08-08 01:30

NVD link : CVE-2008-1970

Mitre link : CVE-2008-1970

CVE.ORG link : CVE-2008-1970

JSON object : View

Products Affected

mucommander

mucommander

CWE

CWE-255

Credentials Management Errors

{"id": "CVE-2008-1970", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-04-27T18:05:00.000", "references": [{"url": "http://secunia.com/advisories/29893", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.mucommander.com/changes.php", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/28875", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41908", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "muCommander before 0.8.2 stores credentials.xml with insecure permissions, which allows local users to obtain credentials."}, {"lang": "es", "value": "muCommander versiones anteriores a 0.8.2 almacena credentials.xml con permisos inseguros, lo cual permite a usuarios locales obtener credenciales."}], "lastModified": "2017-08-08T01:30:38.620", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mucommander:mucommander:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "91B3E7B3-80BA-440D-A2B2-77C852E0AC02", "versionEndIncluding": "0.8"}, {"criteria": "cpe:2.3:a:mucommander:mucommander:0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD654FFB-44FF-4EC3-875C-2F414C839EFA"}, {"criteria": "cpe:2.3:a:mucommander:mucommander:0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B746704F-D025-4ED1-8AF5-AF56B91CD892"}, {"criteria": "cpe:2.3:a:mucommander:mucommander:0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5314C4AE-B5B9-4DDD-ABDB-19819CCD3100"}, {"criteria": "cpe:2.3:a:mucommander:mucommander:0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB7E9160-A4BA-4E7D-A077-FA0AE0D35CAB"}, {"criteria": "cpe:2.3:a:mucommander:mucommander:0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D3EA0A4-C79A-419F-A9AA-9AA10B51BB22"}, {"criteria": "cpe:2.3:a:mucommander:mucommander:0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E321EB09-7B65-4C38-AA65-BDEA4A9A9C96"}, {"criteria": "cpe:2.3:a:mucommander:mucommander:0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "023CF501-ADA4-4EAF-A7C7-65CA70FEF99C"}, {"criteria": "cpe:2.3:a:mucommander:mucommander:0.8:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE7F03C7-BE88-434F-8F97-59E26C8C73CB"}, {"criteria": "cpe:2.3:a:mucommander:mucommander:0.8:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE872B53-F079-4BD9-8012-16781D98CCEE"}, {"criteria": "cpe:2.3:a:mucommander:mucommander:0.8:beta3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0AE5402-B11C-417D-AF77-32D4E7D3C103"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}