CVE-2008-0167

NameCVE-2008-0167
DescriptionThe write_array_file function in utils/include.pl in GForge 4.5.14 updates configuration files by truncating them to zero length and then writing new data, which might allow attackers to bypass intended access restrictions or have unspecified other impact in opportunistic circumstances.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1577-1
NVD severitymedium (attack range: local)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gforgesource(unstable)4.6.99+svn6496-1low
gforgesourceetch4.5.14-22etch8mediumDSA-1577-1

Notes

https://rt.debian.org/Ticket/Display.html?id=672

Search for package or bug name: Reporting problems