Summary
Helmut Grohne discovered multiple privilege escalation flaws in FusionForge, a web-based project-management and collaboration software. Most of the vulnerabilities are related to the bad handling of privileged operations on user-controlled files or directories.
Solution
For the stable distribution (squeeze), this problem has been fixed in version 5.0.2-5+squeeze2.
For the testing (wheezy) and unstable (sid) distribution, these problems will be fixed soon.
We recommend that you upgrade your fusionforge packages.
Insight
FusionForge provides many tools to aid collaboration in a development project, such as bug-tracking, task management, mailing-lists, SCM repository, forums, support request helper, web/FTP hosting, release management, etc. All these services are integrated into one web site and managed through a web interface.
Affected
fusionforge on Debian Linux
Detection
This check tests the installed software version using the apt package manager.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2013-1423 -
CVSS Base Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities