PT-2012-4726 · Logol · Logol
Andreas Beckmann
·
Publicado
2012-08-07
·
Atualizado
2012-08-08
·
CVE-2012-3453
CVSS v2.0
3.6
Baixa
| Vetor | AV:L/AC:L/Au:N/C:N/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
logol version 1.5.0
Description
The issue allows local users to delete or overwrite arbitrary files due to world writable permissions for the /var/lib/logol/results directory.
Recommendations
For logol version 1.5.0, consider changing the permissions of the /var/lib/logol/results directory to prevent world writability as a temporary workaround until a patch is available. Restrict access to the /var/lib/logol/results directory to minimize the risk of exploitation.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Logol