Vulnerability Description
Perforce Server 2009.2 and earlier, when the protection table is empty, allows remote authenticated users to obtain super privileges via a "p4 protect" command.
CVSS Score
4.6
MEDIUM
AV:N/AC:H/Au:S/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Perforce | Perforce Server | <= 2009.2 |
Related Weaknesses (CWE)
References
- http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.htmlExploit
- http://www.perforce.com/perforce/doc.current/manuals/cmdref/protect.html
- http://www.securityfocus.com/bid/36261
- http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.htmlExploit
- http://www.perforce.com/perforce/doc.current/manuals/cmdref/protect.html
- http://www.securityfocus.com/bid/36261
FAQ
What is CVE-2010-0935?
CVE-2010-0935 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Perforce Server 2009.2 and earlier, when the protection table is empty, allows remote authenticated users to obtain super privileges via a "p4 protect" command.
How severe is CVE-2010-0935?
CVE-2010-0935 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-0935?
Check the references section above for vendor advisories and patch information. Affected products include: Perforce Perforce Server.