PT-2006-6993 · Positive · H-Sphere
Published
2006-12-07
·
Updated
2017-07-29
·
CVE-2006-6382
CVSS v2.0
6.8
Medium
| Vector | AV:L/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Positive Software H-Sphere versions prior to 2.5.0 RC3
Description
The control panel creates log files in a user's directory with insecure permissions, allowing local users to append log data to arbitrary files via a symlink attack.
Recommendations
For versions prior to 2.5.0 RC3, update to version 2.5.0 RC3 or later to resolve the issue. As a temporary workaround, consider restricting access to the log files directory to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
H-Sphere