CVE-2010-3691
First published: Thu Oct 07 2010(Updated: )
PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is enabled, allows local users to overwrite arbitrary files via a symlink attack on an unspecified file.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apereo Phpcas | =0.2 | |
| Apereo Phpcas | =0.3 | |
| Apereo Phpcas | =0.3.1 | |
| Apereo Phpcas | =0.3.2 | |
| Apereo Phpcas | =0.4 | |
| Apereo Phpcas | =0.4.1 | |
| Apereo Phpcas | =0.4.8 | |
| Apereo Phpcas | =0.4.9 | |
| Apereo Phpcas | =0.4.10 | |
| Apereo Phpcas | =0.4.11 | |
| Apereo Phpcas | =0.4.12 | |
| Apereo Phpcas | =0.4.13 | |
| Apereo Phpcas | =0.4.14 | |
| Apereo Phpcas | =0.4.15 | |
| Apereo Phpcas | =0.4.16 | |
| Apereo Phpcas | =0.4.17 | |
| Apereo Phpcas | =0.4.18 | |
| Apereo Phpcas | =0.4.19 | |
| Apereo Phpcas | =0.4.20 | |
| Apereo Phpcas | =0.4.21 | |
| Apereo Phpcas | =0.4.22 | |
| Apereo Phpcas | =0.4.23 | |
| Apereo Phpcas | =0.5.0 | |
| Apereo Phpcas | =0.5.1 | |
| Apereo Phpcas | =0.6.0 | |
| Apereo Phpcas | =1.0.0 | |
| Apereo Phpcas | =1.0.1 | |
| Apereo Phpcas | =1.1.0 | |
| Apereo Phpcas | =1.1.1 | |
| Apereo Phpcas | <=1.1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://developer.jasig.org/source/changelog/jasigsvn?cs=21538
- http://www.openwall.com/lists/oss-security/2010/10/01/2
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82
- https://issues.jasig.org/browse/PHPCAS-80
- http://www.openwall.com/lists/oss-security/2010/09/29/6
- http://www.openwall.com/lists/oss-security/2010/10/01/5
- http://www.vupen.com/english/advisories/2010/2705
- http://secunia.com/advisories/41878
- http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049602.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049600.html
- http://www.securityfocus.com/bid/43585
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html
- http://www.vupen.com/english/advisories/2010/2909
- http://secunia.com/advisories/42184
- http://secunia.com/advisories/42149
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html
- https://forge.indepnet.net/projects/glpi/repository/revisions/12601
- http://www.vupen.com/english/advisories/2011/0456
- http://secunia.com/advisories/43427
- http://www.debian.org/security/2011/dsa-2172
- collector/nvd-historical
- collector/nvd-index
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- vendor/apereo
- canonical/apereo phpcas
- version/apereo phpcas/0.2
- version/apereo phpcas/0.3
- version/apereo phpcas/0.3.1
- version/apereo phpcas/0.3.2
- version/apereo phpcas/0.4
- version/apereo phpcas/0.4.1
- version/apereo phpcas/0.4.8
- version/apereo phpcas/0.4.9
- version/apereo phpcas/0.4.10
- version/apereo phpcas/0.4.11
- version/apereo phpcas/0.4.12
- version/apereo phpcas/0.4.13
- version/apereo phpcas/0.4.14
- version/apereo phpcas/0.4.15
- version/apereo phpcas/0.4.16
- version/apereo phpcas/0.4.17
- version/apereo phpcas/0.4.18
- version/apereo phpcas/0.4.19
- version/apereo phpcas/0.4.20
- version/apereo phpcas/0.4.21
- version/apereo phpcas/0.4.22
- version/apereo phpcas/0.4.23
- version/apereo phpcas/0.5.0
- version/apereo phpcas/0.5.1
- version/apereo phpcas/0.6.0
- version/apereo phpcas/1.0.0
- version/apereo phpcas/1.0.1
- version/apereo phpcas/1.1.0
- version/apereo phpcas/1.1.1
- version/apereo phpcas/1.1.2