PT-2012-2925 · Paste+2 · Paste Script+2

Jan Lieskovsky

Published

2012-05-01

Updated

2022-05-17

CVE-2012-0878

CVSS v4.0

7.1

High

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Paste Script versions 1.7.5 and earlier

Description The issue arises from improper handling of group memberships during execution with root privileges. This could allow remote attackers to bypass intended file-access restrictions by exploiting a web application that utilizes the local filesystem.

Recommendations For Paste Script versions 1.7.5 and earlier, update to a version that properly sets group memberships during execution with root privileges to prevent attackers from bypassing file-access restrictions.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CESA-2012_1206

CVE-2012-0878

GHSA-27PX-QPMJ-QG38

PYSEC-2012-15

RHSA-2012:1206

RHSA-2012_1206

Affected Products

Centos

Paste Script

Red Hat

PT-2012-2925 · Paste+2 · Paste Script+2

CVE-2012-0878

Weakness Enumeration

Related Identifiers

Affected Products

References · 29