PT-2003-1911 · Microsoft+1 · Windows+3

Matthew Murphy

Publicado

2003-10-09

Atualizado

2024-02-16

CVE-2003-0844

CVSS v2.0

2.1

Baixa

Vetor

AV:L/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions mod gzip versions 1.3.26.1a and earlier

Description The issue allows local users to overwrite arbitrary files via a symlink attack on predictable temporary filenames on Unix systems, or an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled. This occurs when mod gzip is running in debug mode without the Apache log.

Recommendations For mod gzip versions 1.3.26.1a and earlier, consider disabling debug mode or ensuring the Apache log is enabled to prevent exploitation. Additionally, enabling the "Strengthen default permissions of internal system objects" policy on Windows systems can help mitigate the risk.

Correção

Link Following

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-59

Identificadores relacionados

CVE-2003-0844

Produtos afetados

Apache

Ntfs

Windows

Mod Gzip

PT-2003-1911 · Microsoft+1 · Windows+3

CVE-2003-0844

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3