CVE-2010-3691

Description

PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is enabled, allows local users to overwrite arbitrary files via a symlink attack on an unspecified file.

Affected products

• Apereo / phpCAS1.1.2
• Apereo / phpCAS0.2 – 0.2
• Apereo / phpCAS0.3 – 0.3
• Apereo / phpCAS0.3.1 – 0.3.1
• Apereo / phpCAS0.3.2 – 0.3.2
• Apereo / phpCAS0.4 – 0.4
• Apereo / phpCAS0.4.1 – 0.4.1
• Apereo / phpCAS0.4.8 – 0.4.8
• Apereo / phpCAS0.4.9 – 0.4.9
• Apereo / phpCAS0.4.10 – 0.4.10
• Apereo / phpCAS0.4.11 – 0.4.11
• Apereo / phpCAS0.4.12 – 0.4.12
• Apereo / phpCAS0.4.13 – 0.4.13
• Apereo / phpCAS0.4.14 – 0.4.14
• Apereo / phpCAS0.4.15 – 0.4.15
• Apereo / phpCAS0.4.16 – 0.4.16
• Apereo / phpCAS0.4.17 – 0.4.17
• Apereo / phpCAS0.4.18 – 0.4.18
• Apereo / phpCAS0.4.19 – 0.4.19
• Apereo / phpCAS0.4.20 – 0.4.20
• Apereo / phpCAS0.4.21 – 0.4.21
• Apereo / phpCAS0.4.22 – 0.4.22
• Apereo / phpCAS0.4.23 – 0.4.23
• Apereo / phpCAS0.5.0 – 0.5.0
• Apereo / phpCAS0.5.1 – 0.5.1
• Apereo / phpCAS0.6.0 – 0.6.0
• Apereo / phpCAS1.0.0 – 1.0.0
• Apereo / phpCAS1.0.1 – 1.0.1
• Apereo / phpCAS1.1.0 – 1.1.0
• Apereo / phpCAS1.1.1 – 1.1.1

References

• VENDOR_ADVISORYhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82
• VENDOR_ADVISORYhttp://www.debian.org/security/2011/dsa-2172
• MISChttps://issues.jasig.org/browse/PHPCAS-80
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2011/0456
• MAILING_LISThttp://lists.fedoraproject.org/pipermail/package-announce/2010-October/049600.html
• MAILING_LISThttp://lists.fedoraproject.org/pipermail/package-announce/2010-October/049602.html
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/2909
• MISChttp://www.securityfocus.com/bid/43585
• VENDOR_ADVISORYhttp://secunia.com/advisories/42149
• MISChttps://forge.indepnet.net/projects/glpi/repository/revisions/12601
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/2705
• VENDOR_ADVISORYhttp://secunia.com/advisories/43427
• MAILING_LISThttp://www.openwall.com/lists/oss-security/2010/09/29/6
• MAILING_LISThttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html
• MISChttps://developer.jasig.org/source/changelog/jasigsvn?cs=21538
• MAILING_LISThttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html
• VENDOR_ADVISORYhttp://secunia.com/advisories/41878
• MAILING_LISThttp://www.openwall.com/lists/oss-security/2010/10/01/5
• MAILING_LISThttp://www.openwall.com/lists/oss-security/2010/10/01/2
• VENDOR_ADVISORYhttp://secunia.com/advisories/42184