CVE Vulnerabilities

CVE-2009-5054

Published: Feb 03, 2011 | Modified: Feb 15, 2011
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
LOW

Smarty before 3.0.0 beta 4 does not consider the umask value when setting the permissions of files, which might allow attackers to bypass intended access restrictions via standard filesystem operations.

Affected Software

Name Vendor Start Version End Version
Smarty Smarty * 2.6.26 (including)
Smarty Smarty 1.0 (including) 1.0 (including)
Smarty Smarty 1.0a (including) 1.0a (including)
Smarty Smarty 1.0b (including) 1.0b (including)
Smarty Smarty 1.1.0 (including) 1.1.0 (including)
Smarty Smarty 1.2.0 (including) 1.2.0 (including)
Smarty Smarty 1.2.1 (including) 1.2.1 (including)
Smarty Smarty 1.2.2 (including) 1.2.2 (including)
Smarty Smarty 1.3.0 (including) 1.3.0 (including)
Smarty Smarty 1.3.1 (including) 1.3.1 (including)
Smarty Smarty 1.3.2 (including) 1.3.2 (including)
Smarty Smarty 1.4.0 (including) 1.4.0 (including)
Smarty Smarty 1.4.0-b1 (including) 1.4.0-b1 (including)
Smarty Smarty 1.4.0-b2 (including) 1.4.0-b2 (including)
Smarty Smarty 1.4.1 (including) 1.4.1 (including)
Smarty Smarty 1.4.2 (including) 1.4.2 (including)
Smarty Smarty 1.4.3 (including) 1.4.3 (including)
Smarty Smarty 1.4.4 (including) 1.4.4 (including)
Smarty Smarty 1.4.5 (including) 1.4.5 (including)
Smarty Smarty 1.4.6 (including) 1.4.6 (including)
Smarty Smarty 1.5.0 (including) 1.5.0 (including)
Smarty Smarty 1.5.1 (including) 1.5.1 (including)
Smarty Smarty 1.5.2 (including) 1.5.2 (including)
Smarty Smarty 2.0.0 (including) 2.0.0 (including)
Smarty Smarty 2.0.1 (including) 2.0.1 (including)
Smarty Smarty 2.1.0 (including) 2.1.0 (including)
Smarty Smarty 2.1.1 (including) 2.1.1 (including)
Smarty Smarty 2.2.0 (including) 2.2.0 (including)
Smarty Smarty 2.3.0 (including) 2.3.0 (including)
Smarty Smarty 2.3.1 (including) 2.3.1 (including)
Smarty Smarty 2.4.0 (including) 2.4.0 (including)
Smarty Smarty 2.4.1 (including) 2.4.1 (including)
Smarty Smarty 2.4.2 (including) 2.4.2 (including)
Smarty Smarty 2.5.0 (including) 2.5.0 (including)
Smarty Smarty 2.5.0-rc1 (including) 2.5.0-rc1 (including)
Smarty Smarty 2.5.0-rc2 (including) 2.5.0-rc2 (including)
Smarty Smarty 2.6.0 (including) 2.6.0 (including)
Smarty Smarty 2.6.0-rc1 (including) 2.6.0-rc1 (including)
Smarty Smarty 2.6.0-rc2 (including) 2.6.0-rc2 (including)
Smarty Smarty 2.6.0-rc3 (including) 2.6.0-rc3 (including)
Smarty Smarty 2.6.1 (including) 2.6.1 (including)
Smarty Smarty 2.6.2 (including) 2.6.2 (including)
Smarty Smarty 2.6.3 (including) 2.6.3 (including)
Smarty Smarty 2.6.4 (including) 2.6.4 (including)
Smarty Smarty 2.6.5 (including) 2.6.5 (including)
Smarty Smarty 2.6.6 (including) 2.6.6 (including)
Smarty Smarty 2.6.7 (including) 2.6.7 (including)
Smarty Smarty 2.6.9 (including) 2.6.9 (including)
Smarty Smarty 2.6.10 (including) 2.6.10 (including)
Smarty Smarty 2.6.11 (including) 2.6.11 (including)
Smarty Smarty 2.6.12 (including) 2.6.12 (including)
Smarty Smarty 2.6.13 (including) 2.6.13 (including)
Smarty Smarty 2.6.14 (including) 2.6.14 (including)
Smarty Smarty 2.6.15 (including) 2.6.15 (including)
Smarty Smarty 2.6.16 (including) 2.6.16 (including)
Smarty Smarty 2.6.17 (including) 2.6.17 (including)
Smarty Smarty 2.6.18 (including) 2.6.18 (including)
Smarty Smarty 2.6.20 (including) 2.6.20 (including)
Smarty Smarty 2.6.22 (including) 2.6.22 (including)
Smarty Smarty 2.6.24 (including) 2.6.24 (including)
Smarty Smarty 2.6.25 (including) 2.6.25 (including)
Gallery2 Ubuntu dapper *
Gallery2 Ubuntu hardy *
Moodle Ubuntu dapper *
Moodle Ubuntu hardy *
Smarty Ubuntu dapper *
Smarty Ubuntu hardy *
Smarty Ubuntu karmic *
Smarty Ubuntu lucid *
Smarty Ubuntu maverick *
Smarty Ubuntu natty *
Smarty Ubuntu oneiric *
Smarty Ubuntu precise *
Smarty Ubuntu quantal *
Smarty Ubuntu upstream *

References