PT-2009-6575 · Videocache+1 · Videocache+1
Published
2009-12-29
·
Updated
2018-10-10
·
CVE-2009-4454
CVSS v2.0
3.3
Low
| Vector | AV:L/AC:M/Au:N/C:N/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
VideoCache version 1.9.2
Description
The issue allows local users with Squid proxy user privileges to overwrite arbitrary files via a symlink attack on the /var/log/videocache/vccleaner.log file.
Recommendations
For VideoCache version 1.9.2, consider restricting access to the vccleaner.log file to prevent a symlink attack until a patch is available. As a temporary workaround, restrict the privileges of the Squid proxy user to minimize the risk of exploitation.
Exploit
Fix
Link Following
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Squid
Videocache