CVE-2013-5724

Phpbb3 before 3.0.11-4 for Debian GNU/Linux uses world-writable permissions for cache files, which allows local users to modify the file contents via standard filesystem write operations.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711172
http://secunia.com/advisories/54665	Vendor Advisory
http://www.debian.org/security/2013/dsa-2752

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:debian:phpbb3::::::::
	cpe:2.3:a:debian:phpbb3:3.0.0-1:::::::*
	cpe:2.3:a:debian:phpbb3:3.0.0-2:::::::*
	cpe:2.3:a:debian:phpbb3:3.0.0-b5:::::::*
	cpe:2.3:a:debian:phpbb3:3.0.0-rc1:::::::*
	cpe:2.3:a:debian:phpbb3:3.0.0-rc2-1:::::::*
	cpe:2.3:a:debian:phpbb3:3.0.0-rc3-1:::::::*
	cpe:2.3:a:debian:phpbb3:3.0.0-rc4-1:::::::*
	cpe:2.3:a:debian:phpbb3:3.0.0-rc5-1:::::::*
	cpe:2.3:a:debian:phpbb3:3.0.0-rc7-1:::::::*
	cpe:2.3:a:debian:phpbb3:3.0.1-1:::::::*
	cpe:2.3:a:debian:phpbb3:3.0.2-1:::::::*
	cpe:2.3:a:debian:phpbb3:3.0.2-2:::::::*
	cpe:2.3:a:debian:phpbb3:3.0.2-3:::::::*
	cpe:2.3:a:debian:phpbb3:3.0.2-4:::::::*
	cpe:2.3:a:debian:phpbb3:3.0.4-1:::::::*
	cpe:2.3:a:debian:phpbb3:3.0.7-p1-1:::::::*
	cpe:2.3:a:debian:phpbb3:3.0.7-p1-2:::::::*
	cpe:2.3:a:debian:phpbb3:3.0.7-p1-3:::::::*
	cpe:2.3:a:debian:phpbb3:3.0.7-p1-4:::::::*
	cpe:2.3:a:debian:phpbb3:3.0.7-p1-5:::::::*
	cpe:2.3:a:debian:phpbb3:3.0.9-1:::::::*
	cpe:2.3:a:debian:phpbb3:3.0.10-1:::::::*
	cpe:2.3:a:debian:phpbb3:3.0.10-2:::::::*
	cpe:2.3:a:debian:phpbb3:3.0.11-1:::::::*
	cpe:2.3:a:debian:phpbb3:3.0.11-2:::::::*

History

No history.

Information

Published : 2013-09-12 13:31

Updated : 2013-09-23 23:21

NVD link : CVE-2013-5724

Mitre link : CVE-2013-5724

CVE.ORG link : CVE-2013-5724

JSON object : View

Products Affected

debian

phpbb3

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2013-5724", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-09-12T13:31:18.477", "references": [{"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711172", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/54665", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2013/dsa-2752", "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "Phpbb3 before 3.0.11-4 for Debian GNU/Linux uses world-writable permissions for cache files, which allows local users to modify the file contents via standard filesystem write operations."}, {"lang": "es", "value": "Phpbb3 anterior a 3.0.11-4 para Debian GNU/Linux usa permisos de escritura global para archivos de cach\u00e9, lo cual permite a un usuario local modificar los contenidos de los archivos a trav\u00e9s de de operaciones de escritura est\u00e1ndar del sistema de archivos.\n"}], "lastModified": "2013-09-23T23:21:00.303", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:debian:phpbb3:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "875E0BC1-1756-4537-AFE6-9258A020617C", "versionEndIncluding": "3.0.11-3"}, {"criteria": "cpe:2.3:a:debian:phpbb3:3.0.0-1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C4EFC7A-BA10-4B39-A2A5-E49D460F84F8"}, {"criteria": "cpe:2.3:a:debian:phpbb3:3.0.0-2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "114589ED-3AD2-4FC6-97EB-98ED3BBD69BF"}, {"criteria": "cpe:2.3:a:debian:phpbb3:3.0.0-b5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70F79E5B-243D-486F-A7E5-08DEE3EB746B"}, {"criteria": "cpe:2.3:a:debian:phpbb3:3.0.0-rc1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70897C74-6A3A-45B3-8BC3-12E25B2CE040"}, {"criteria": "cpe:2.3:a:debian:phpbb3:3.0.0-rc2-1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F9C94CE-EFB4-4BFE-9446-7BCEEDA2338D"}, {"criteria": "cpe:2.3:a:debian:phpbb3:3.0.0-rc3-1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE3AE2E8-33F2-4FB8-A79F-D5411B7E972D"}, {"criteria": "cpe:2.3:a:debian:phpbb3:3.0.0-rc4-1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD2E4C48-4AB4-4048-8E1B-2C2D779181CF"}, {"criteria": "cpe:2.3:a:debian:phpbb3:3.0.0-rc5-1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6230764A-7123-41FC-8F69-12E1F6E48019"}, {"criteria": "cpe:2.3:a:debian:phpbb3:3.0.0-rc7-1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CBF474A2-CBB1-4CD5-9CFE-AA841BDABF10"}, {"criteria": "cpe:2.3:a:debian:phpbb3:3.0.1-1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F14D70B-5D69-4A9A-9959-177FB35E8B17"}, {"criteria": "cpe:2.3:a:debian:phpbb3:3.0.2-1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2A10916-A2DA-4E8A-BD5A-591265ACC240"}, {"criteria": "cpe:2.3:a:debian:phpbb3:3.0.2-2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20EE2A36-C846-4E38-8974-7EE6205394B3"}, {"criteria": "cpe:2.3:a:debian:phpbb3:3.0.2-3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "129DE3DB-28C4-4692-801D-345EB9DC2DCA"}, {"criteria": "cpe:2.3:a:debian:phpbb3:3.0.2-4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F50004C2-3DDA-4D15-BC35-B61EADDED816"}, {"criteria": "cpe:2.3:a:debian:phpbb3:3.0.4-1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E25A2E50-0334-45C1-B666-50F0E68783D4"}, {"criteria": "cpe:2.3:a:debian:phpbb3:3.0.7-p1-1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D129DEE3-CE46-46E2-AFD4-3D7FC991BDC6"}, {"criteria": "cpe:2.3:a:debian:phpbb3:3.0.7-p1-2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D923E442-F35D-49DE-905A-FB30E45C6324"}, {"criteria": "cpe:2.3:a:debian:phpbb3:3.0.7-p1-3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "851997A3-9F36-435E-AF46-7490E3028303"}, {"criteria": "cpe:2.3:a:debian:phpbb3:3.0.7-p1-4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BBA5B6D-67F6-42CB-9584-0FF3C15E058F"}, {"criteria": "cpe:2.3:a:debian:phpbb3:3.0.7-p1-5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24CD4056-FF91-475B-892D-9144877A24F4"}, {"criteria": "cpe:2.3:a:debian:phpbb3:3.0.9-1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ACD0A660-E4E1-4C27-8AF3-591ED9AB132E"}, {"criteria": "cpe:2.3:a:debian:phpbb3:3.0.10-1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7BA78BBB-4281-446A-A4F1-08608249A57A"}, {"criteria": "cpe:2.3:a:debian:phpbb3:3.0.10-2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B718C136-C456-419D-9E4C-32E1B2933207"}, {"criteria": "cpe:2.3:a:debian:phpbb3:3.0.11-1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6CBD5BA8-67EE-4866-B8BA-21E634D8D667"}, {"criteria": "cpe:2.3:a:debian:phpbb3:3.0.11-2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E96E7F5B-F6FA-4ECF-9F6D-D82D8AF9635E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}