Lucene search

K
ubuntucveUbuntu.comUB:CVE-2011-0754
HistoryFeb 02, 2011 - 12:00 a.m.

CVE-2011-0754

2011-02-0200:00:00
ubuntu.com
ubuntu.com
7

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

EPSS

0

Percentile

15.7%

The SplFileInfo::getType function in the Standard PHP Library (SPL)
extension in PHP before 5.3.4 on Windows does not properly detect symbolic
links, which might make it easier for local users to conduct symlink
attacks by leveraging cross-platform differences in the stat structure,
related to lack of a FILE_ATTRIBUTE_REPARSE_POINT check.

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

EPSS

0

Percentile

15.7%

Related for UB:CVE-2011-0754