Vulnerabilities > CVE-2007-1588 - Remote Security vulnerability in Myserver 0.8.5

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

myserver

NVD

Published: 2007-03-21

Updated: 2008-11-15

Summary

server.cpp in MyServer 0.8.5 calls Process::setuid before calling Process::setgid and thus does not properly drop privileges, which might allow remote attackers to execute CGI programs with unintended privileges.

Vulnerable Configurations

Part	Description	Count
Application	Myserver Myserver Myserver 0.8.5	1

References

http://osvdb.org/34521
http://sourceforge.net/mailarchive/forum.php?thread_id=31631045&forum_id=47875
http://www.myserverproject.net/news.php