PT-2002-1273 · Paintbbs · Paintbbs

Published

2002-05-03

Updated

2008-09-11

CVE-2002-0202

CVSS v2.0

3.6

Low

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions PaintBBS version 1.2

Description The issue allows local users to obtain the encrypted server password via the world-readable oekakibbs.conf file or modify the server configuration via the world-writeable /oekaki/ folder due to insecure permissions of certain files and directories installed by PaintBBS.

Recommendations For PaintBBS version 1.2, consider changing the permissions of the oekakibbs.conf file to restrict read access and modify the permissions of the /oekaki/ folder to prevent write access by unauthorized users.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-0202

Affected Products

Paintbbs

PT-2002-1273 · Paintbbs · Paintbbs

CVE-2002-0202

Related Identifiers

Affected Products

References · 4