CVE-2004-0563 - The tspc.conf configuration file in freenet6 before 0.9.6 and before 1.0 on Debian Linux has world r

CVE-2004-0563

Summary

The tspc.conf configuration file in freenet6 before 0.9.6 and before 1.0 on Debian Linux has world readable permissions, which could allow local users to gain sensitive information, such as a username and password.

References

http://secunia.com/advisories/12705/
http://securitytracker.com/id?1011460
http://www.debian.org/security/2004/dsa-555
http://www.securityfocus.com/bid/11280
https://exchange.xforce.ibmcloud.com/vulnerabilities/17544

Vulnerable Configurations

cpe:2.3:a:freenet6:freenet6:0.9.6:*:*:*:*:*:*:*
cpe:2.3:a:freenet6:freenet6:0.9.6:*:*:*:*:*:*:*
cpe:2.3:a:freenet6:freenet6:1.0:*:*:*:*:*:*:*
cpe:2.3:a:freenet6:freenet6:1.0:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 11-07-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	11280
debian	DSA-555
sectrack	1011460
secunia	12705
xf	freenet6-world-readable(17544)

Last major update

11-07-2017 - 01:30

Published

23-12-2004 - 05:00

Last modified

11-07-2017 - 01:30