CVE-2009-3304

medium

Description

GForge 4.5.14, 4.7 rc2, and 4.8.2 allows local users to overwrite arbitrary files via a symlink attack on authorized_keys files in users' home directories, related to deb-specific/ssh_dump_update.pl and cronjobs/cvs-cron/ssh_create.php.

References

http://www.securityfocus.com/bid/37195

http://www.debian.org/security/2009/dsa-1945

http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch13.diff.gz

Details

Source: Mitre, NVD

Published: 2009-12-04

Updated: 2009-12-07

Risk Information

CVSS v2

Base Score: 3.3

Vector: CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P

Severity: Low

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Severity: Medium

Detections

Analytics