CVE-2010-0935
First published: Fri Mar 05 2010(Updated: )
Perforce Server 2009.2 and earlier, when the protection table is empty, allows remote authenticated users to obtain super privileges via a "p4 protect" command.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Perforce Helix Core | =2008.1 | |
| Perforce Helix Core | =2007.3 | |
| Perforce Helix Core | =2002.2 | |
| Perforce Helix Core | =2000.2 | |
| Perforce Helix Core | <=2009.2 | |
| Perforce Helix Core | =2006.1 | |
| Perforce Helix Core | =2001.2 | |
| Perforce Helix Core | =99.2 | |
| Perforce Helix Core | =2007.2 | |
| Perforce Helix Core | =2004.2 | |
| Perforce Helix Core | =2005.1 | |
| Perforce Helix Core | =2005.2 | |
| Perforce Helix Core | =2000.1 | |
| Perforce Helix Core | =2001.1 | |
| Perforce Helix Core | =2002.1 | |
| Perforce Helix Core | =99.1 | |
| Perforce Helix Core | =2007.3_143793 | |
| Perforce Helix Core | =2003.1 | |
| Perforce Helix Core | =97.3 | |
| Perforce Helix Core | =2006.2 | |
| Perforce Helix Core | =98.2 | |
| Perforce Helix Core | =2003.2 | |
| Perforce Helix Core | =2008.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2010-0935?
CVE-2010-0935 has a medium severity rating as it allows remote authenticated users to gain super privileges.
How do I fix CVE-2010-0935?
To fix CVE-2010-0935, ensure that the protection table is properly configured to avoid granting super-user privileges.
What versions of Perforce Server are affected by CVE-2010-0935?
CVE-2010-0935 affects Perforce Server versions up to and including 2009.2.
What impact does CVE-2010-0935 have on system security?
CVE-2010-0935 can lead to unauthorized access and manipulation of the server by granting super-user rights to authenticated users.
Is authentication enough to secure Perforce Server against CVE-2010-0935?
No, simply authenticating users is not sufficient; proper configuration of the protection table is necessary to mitigate CVE-2010-0935.
- agent/type
- agent/softwarecombine
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/perforce
- canonical/perforce helix core
- version/perforce helix core/2008.1
- version/perforce helix core/2007.3
- version/perforce helix core/2002.2
- version/perforce helix core/2000.2
- version/perforce helix core/2009.2
- version/perforce helix core/2006.1
- version/perforce helix core/2001.2
- version/perforce helix core/99.2
- version/perforce helix core/2007.2
- version/perforce helix core/2004.2
- version/perforce helix core/2005.1
- version/perforce helix core/2005.2
- version/perforce helix core/2000.1
- version/perforce helix core/2001.1
- version/perforce helix core/2002.1
- version/perforce helix core/99.1
- version/perforce helix core/2007.3_143793
- version/perforce helix core/2003.1
- version/perforce helix core/97.3
- version/perforce helix core/2006.2
- version/perforce helix core/98.2
- version/perforce helix core/2003.2
- version/perforce helix core/2008.2