Ubuntu.comUB:CVE-2012-2760CVE-2012-2760
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
21.2%
mod_auth_openid before 0.7 for Apache uses world-readable permissions for
/tmp/mod_auth_openid.db, which allows local users to obtain session ids.
Bugs
References
archives.neohapsis.com/archives/fulldisclosure/2012-05/0235.html
packetstormsecurity.org/files/112991/Mod_Auth_OpenID-Session-Stealing.html
secunia.com/advisories/49247
www.exploit-db.com/exploits/18917
github.com/bmuller/mod_auth_openid/blob/master/ChangeLog
github.com/bmuller/mod_auth_openid/pull/30
launchpad.net/bugs/cve/CVE-2012-2760
nvd.nist.gov/vuln/detail/CVE-2012-2760
security-tracker.debian.org/tracker/CVE-2012-2760
www.cve.org/CVERecord?id=CVE-2012-2760
Related
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
21.2%