NVD

Id
50508  
Name
CVE-2009-3304  
Description
GForge 4.5.14, 4.7 rc2, and 4.8.2 allows local users to overwrite arbitrary files via a symlink attack on authorized_keys files in users" home directories, related to deb-specific/ssh_dump_update.pl and cronjobs/cvs-cron/ssh_create.php.  
Reject
 
CVSS Version
2  
CVSS Score
3.3  
Severity
Low  
CVSS Base Score
3.3  
CVSS Impact Subscore
4.9  
CVSS Exploit Subscore
3.4  
CVSS Vector
(AV:L/AC:M/Au:N/C:N/I:P/A:P)  
Pub Date
2017-01-07  
Published
2009-12-04  
Modified Date
2009-12-07  
Seq
2009-3304  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
255521 50508 CVE-2009-3304 http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch13.diff.gz  View
255522 50508 CVE-2009-3304 DSA-1945  View
255523 50508 CVE-2009-3304 37195  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
42752 JVNDB-2009-003759 GForge における任意のファイルを上書きされる脆弱性 GForge は、deb-specific/ssh_dump_update.pl および cronjobs/cvs-cron/ssh_create.php に不備があるため、任意のファイルを上書きされる脆弱性が存在します。 CVE-2009-3304 40735 CVE-2009-3304 50508 3.3 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-003759.html 2009-12-04 2012-06-26 View