CVE-2004-0563

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

23/12/2004

Last modified:

03/04/2025

Description

The tspc.conf configuration file in freenet6 before 0.9.6 and before 1.0 on Debian Linux has world readable permissions, which could allow local users to gain sensitive information, such as a username and password.

Impact

Vector 2.0

AV:L/AC:L/Au:N/C:P/I:N/A:N CVSS v2.0 Severity and Metrics:

Base Score: 2.10 LOW
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Attack Vector (AV): Local
Attack Complexity (AC): Low
Authentication (Au): None
Confidentiality (C): Physical
Integrity (I): None
Availability (A): None

Base Score 2.0

2.10

Severity 2.0

LOW

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:a:freenet6:freenet6:0.9.6:::::::*
cpe:2.3:a:freenet6:freenet6:1.0:::::::*

To consult the complete list of CPE names with products and versions, see this page

References to Advisories, Solutions, and Tools

http://secunia.com/advisories/12705/
http://securitytracker.com/id?1011460=
http://www.debian.org/security/2004/dsa-555
http://www.securityfocus.com/bid/11280
https://exchange.xforce.ibmcloud.com/vulnerabilities/17544
http://secunia.com/advisories/12705/
http://securitytracker.com/id?1011460=
http://www.debian.org/security/2004/dsa-555
http://www.securityfocus.com/bid/11280
https://exchange.xforce.ibmcloud.com/vulnerabilities/17544