CVE-2012-3454 — LOW (3.6) — White Hats Nepal

Vulnerability Description

eXtplorer 2.1.0b6 uses world writable permissions for the /var/lib/extplorer/ftp_tmp directory, which allows local users to delete or overwrite arbitrary files.

CVSS Score

3.6

LOW

AV:L/AC:L/Au:N/C:N/I:P/A:P

Confidentiality

NONE

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Extplorer	Extplorer	2.1.0

Related Weaknesses (CWE)

CWE-264

References

http://www.openwall.com/lists/oss-security/2012/08/03/7
http://www.securityfocus.com/bid/54801
http://www.openwall.com/lists/oss-security/2012/08/03/7
http://www.securityfocus.com/bid/54801

FAQ

What is CVE-2012-3454?

CVE-2012-3454 is a vulnerability with a CVSS score of 3.6 (LOW). eXtplorer 2.1.0b6 uses world writable permissions for the /var/lib/extplorer/ftp_tmp directory, which allows local users to delete or overwrite arbitrary files.

How severe is CVE-2012-3454?

CVE-2012-3454 has been rated LOW with a CVSS base score of 3.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-3454?

Check the references section above for vendor advisories and patch information. Affected products include: Extplorer Extplorer.