CVE-2012-2760

mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.1 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
VendorProductVersion
findingsciencemod_auth_openid
𝑥
≤ 0.6
findingsciencemod_auth_openid
0.1
findingsciencemod_auth_openid
0.2
findingsciencemod_auth_openid
0.2.1
findingsciencemod_auth_openid
0.3
findingsciencemod_auth_openid
0.4
findingsciencemod_auth_openid
0.5
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libapache2-mod-auth-openid
bullseye
0.8-5
fixed
squeeze
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libapache2-mod-auth-openid
zesty
not-affected
yakkety
not-affected
xenial
not-affected
wily
not-affected
vivid
not-affected
utopic
not-affected
trusty
dne
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
ignored
oneiric
ignored
natty
ignored
lucid
ignored
hardy
ignored
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/fulldisclosure/2012-05/0235.html
http://packetstormsecurity.org/files/112991/Mod_Auth_OpenID-Session-Stealing.html
http://secunia.com/advisories/49247
http://www.exploit-db.com/exploits/18917
http://www.mandriva.com/security/advisories?name=MDVSA-2012:114
http://www.osvdb.org/82139
http://www.securityfocus.com/bid/53661
https://exchange.xforce.ibmcloud.com/vulnerabilities/75813
https://github.com/bmuller/mod_auth_openid/blob/master/ChangeLog
https://github.com/bmuller/mod_auth_openid/pull/30
http://archives.neohapsis.com/archives/fulldisclosure/2012-05/0235.html
http://packetstormsecurity.org/files/112991/Mod_Auth_OpenID-Session-Stealing.html
http://secunia.com/advisories/49247
http://www.exploit-db.com/exploits/18917
http://www.mandriva.com/security/advisories?name=MDVSA-2012:114
http://www.osvdb.org/82139
http://www.securityfocus.com/bid/53661
https://exchange.xforce.ibmcloud.com/vulnerabilities/75813
https://github.com/bmuller/mod_auth_openid/blob/master/ChangeLog
https://github.com/bmuller/mod_auth_openid/pull/30