Description
PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is enabled, allows local users to overwrite arbitrary files via a symlink attack on an unspecified file.
References (20)
Core 20
Core References
Issue Tracking x_refsource_confirm
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2011/dsa-2172
Various Sources x_refsource_confirm
https://issues.jasig.org/browse/PHPCAS-80
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0456
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049600.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049602.html
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2909
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/43585
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42149
Various Sources x_refsource_confirm
https://forge.indepnet.net/projects/glpi/repository/revisions/12601
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2705
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/43427
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/09/29/6
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html
Various Sources x_refsource_confirm
https://developer.jasig.org/source/changelog/jasigsvn?cs=21538
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/41878
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/10/01/5
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/10/01/2
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42184
Scores
EPSS
0.0035
EPSS Percentile
27.0%
Details
CWE
CWE-59
Status
published
Products (30)
apereo/phpcas
0.2
apereo/phpcas
0.3
apereo/phpcas
0.3.1
apereo/phpcas
0.3.2
apereo/phpcas
0.4
apereo/phpcas
0.4.1
apereo/phpcas
0.4.8
apereo/phpcas
0.4.9
apereo/phpcas
0.4.10
apereo/phpcas
0.4.11
... and 20 more
Published
Oct 07, 2010
Tracked Since
Feb 18, 2026