CVE-2012-0878 Information

Feb 14, 2021 cve

Description

Paste Script 1.7.5 and earlier does not properly set group memberships during execution with root privileges which might allow remote attackers to bypass intended file-access restrictions by leveraging a web application that uses the local filesystem.

Reference

http://groups.google.com/group/paste-users/browse_thread/thread/2aa651ba331c2471 http://rhn.redhat.com/errata/RHSA-2012-1206.html http://secunia.com/advisories/48812 http://secunia.com/advisories/50410 http://www.openwall.com/lists/oss-security/2012/02/23/1 http://www.openwall.com/lists/oss-security/2012/02/23/4 https://bitbucket.org/ianb/pastescript/changeset/a19e462769b4 https://bitbucket.org/ianb/pastescript/pull-request/3/fix-group-permissions-for-pastescriptserve https://bugzilla.redhat.com/show_bug.cgi?id=796790

Share on: