Vulnerability CVE-2008-0931


Published: 2008-03-03   Modified: 2012-02-12

Description:
w_export.c in XWine 1.0.1 on Debian GNU/Linux sets insecure permissions (0666) for /etc/wine/config, which might allow local users to execute arbitrary commands or cause a denial of service by modifying the file.

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

CVSS2 => (AV:L/AC:M/Au:N/C:N/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.3/10
9.2/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Complete
Complete
Affected software
Xwine -> Xwine 

 References:
http://secunia.com/advisories/29125
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=468050
http://www.securityfocus.com/bid/28369
http://www.debian.org/security/2008/dsa-1526
http://secunia.com/advisories/29452

Copyright 2024, cxsecurity.com

 

Back to Top