Vulnerability Description
The write_array_file function in utils/include.pl in GForge 4.5.14 updates configuration files by truncating them to zero length and then writing new data, which might allow attackers to bypass intended access restrictions or have unspecified other impact in opportunistic circumstances.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian | Debian Linux | 4.0 |
| Gforge | Gforge | 4.5.14 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/30088Vendor Advisory
- http://secunia.com/advisories/30286Vendor Advisory
- http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch8.diff
- http://www.debian.org/security/2008/dsa-1577Patch
- http://www.securityfocus.com/bid/29215
- http://www.vupen.com/english/advisories/2008/1537/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42456
- http://secunia.com/advisories/30088Vendor Advisory
- http://secunia.com/advisories/30286Vendor Advisory
- http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch8.diff
- http://www.debian.org/security/2008/dsa-1577Patch
- http://www.securityfocus.com/bid/29215
- http://www.vupen.com/english/advisories/2008/1537/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42456
FAQ
What is CVE-2008-0167?
CVE-2008-0167 is a vulnerability with a CVSS score of 4.6 (MEDIUM). The write_array_file function in utils/include.pl in GForge 4.5.14 updates configuration files by truncating them to zero length and then writing new data, which might allow attackers to bypass intend...
How severe is CVE-2008-0167?
CVE-2008-0167 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-0167?
Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux, Gforge Gforge.