CVE-2011-1500

Current Description

PreferencesPithosDialog.py in Pithos 0.3.7 does not properly restrict permissions for the .config/pithos.ini file in a user's home directory, which allows local users to obtain Pandora credentials by reading this file.

Basic Data

PublishedApril 13, 2011
Last ModifiedAugust 17, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-264
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score2.1
SeverityLOW
Exploitability Score3.9
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationKevinmehallPithos0.3.7*******

Vulnerable Software List

VendorProductVersions
Kevinmehall Pithos 0.3.7

References

NameSourceURLTags
[oss-security] 20110408 CVE request for pithos information disclosurehttp://openwall.com/lists/oss-security/2011/04/08/2MLIST
[oss-security] 20110408 Re: CVE request for pithos information disclosurehttp://openwall.com/lists/oss-security/2011/04/08/4MLIST
44059http://secunia.com/advisories/44059SECUNIAVendor Advisory
47300http://www.securityfocus.com/bid/47300BID
https://bugs.launchpad.net/pithos/+bug/733307https://bugs.launchpad.net/pithos/+bug/733307CONFIRM
pithos-pithos-info-disclosure(66661)https://exchange.xforce.ibmcloud.com/vulnerabilities/66661XF