CVE-2012-0273 - Vulnerability Details - OpenCVE

Multiple stack-based buffer overflows in MinaliC 2.0.0 allow remote attackers to execute arbitrary code via a (1) session_id cookie in a request to the get_cookie_value function in response.c, (2) directory name in a request to the add_default_file function in response.c, or (3) file name in a request to the retrieve_physical_file_name_or_brows function in response.c.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.04271.

Key SSVC decision points have not yet been added.

Vendors	Products
Hans Alshoff	Minalic

Configuration 1 [-]

cpe:2.3:a:hans_alshoff:minalic:2.0.0:*:*:*:*:*:*:*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://secunia.com/advisories/45462
http://secunia.com/secunia_research/2012-5
http://www.securityfocus.com/bid/52873
https://exchange.xforce.ibmcloud.com/vulnerabilities/74651
https://exchange.xforce.ibmcloud.com/vulnerabilities/74652
https://exchange.xforce.ibmcloud.com/vulnerabilities/74653

History

No history.

MITRE

Status: PUBLISHED

Assigner: flexera

Published: 2014-06-20T14:00:00

Updated: 2024-08-06T18:23:29.218Z

Reserved: 2011-12-30T00:00:00

Link: CVE-2012-0273

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-06-20T14:55:05.153

Modified: 2025-04-12T10:46:40.837

Link: CVE-2012-0273

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-04-04T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in MinaliC 2.0.0 allow remote attackers to execute arbitrary code via a (1) session_id cookie in a request to the get_cookie_value function in response.c, (2) directory name in a request to the add_default_file function in response.c, or (3) file name in a request to the retrieve_physical_file_name_or_brows function in response.c."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "shortName": "flexera"}, "references": [{"name": "45462", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/45462"}, {"name": "minalic-getcookievalue-bo(74651)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74651"}, {"tags": ["x_refsource_MISC"], "url": "http://secunia.com/secunia_research/2012-5"}, {"name": "minalic-response-bo(74653)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74653"}, {"name": "minalic-adddefaultfile-bo(74652)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74652"}, {"name": "52873", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/52873"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "PSIRT-CNA@flexerasoftware.com", "ID": "CVE-2012-0273", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple stack-based buffer overflows in MinaliC 2.0.0 allow remote attackers to execute arbitrary code via a (1) session_id cookie in a request to the get_cookie_value function in response.c, (2) directory name in a request to the add_default_file function in response.c, or (3) file name in a request to the retrieve_physical_file_name_or_brows function in response.c."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "45462", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/45462"}, {"name": "minalic-getcookievalue-bo(74651)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74651"}, {"name": "http://secunia.com/secunia_research/2012-5", "refsource": "MISC", "url": "http://secunia.com/secunia_research/2012-5"}, {"name": "minalic-response-bo(74653)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74653"}, {"name": "minalic-adddefaultfile-bo(74652)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74652"}, {"name": "52873", "refsource": "BID", "url": "http://www.securityfocus.com/bid/52873"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:23:29.218Z"}, "title": "CVE Program Container", "references": [{"name": "45462", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/45462"}, {"name": "minalic-getcookievalue-bo(74651)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74651"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://secunia.com/secunia_research/2012-5"}, {"name": "minalic-response-bo(74653)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74653"}, {"name": "minalic-adddefaultfile-bo(74652)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74652"}, {"name": "52873", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/52873"}]}]}, "cveMetadata": {"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "assignerShortName": "flexera", "cveId": "CVE-2012-0273", "datePublished": "2014-06-20T14:00:00", "dateReserved": "2011-12-30T00:00:00", "dateUpdated": "2024-08-06T18:23:29.218Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hans_alshoff:minalic:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "FAC95F2C-2AEC-4DE9-98D8-C75036171F6B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in MinaliC 2.0.0 allow remote attackers to execute arbitrary code via a (1) session_id cookie in a request to the get_cookie_value function in response.c, (2) directory name in a request to the add_default_file function in response.c, or (3) file name in a request to the retrieve_physical_file_name_or_brows function in response.c."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de buffer basado en pila en MinaliC 2.0.0 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de (1) una cookie session_id en una solicitud a la funci\u00f3n get_cookie_value en response.c, (2) un nombre de directorio en una solicitud a la funci\u00f3n add_default_file en response.c o (3) un nombre de fichero en una solicitud a la funci\u00f3n retrieve_physical_file_name_or_brows en response.c."}], "id": "CVE-2012-0273", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-06-20T14:55:05.153", "references": [{"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://secunia.com/advisories/45462"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://secunia.com/secunia_research/2012-5"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.securityfocus.com/bid/52873"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74651"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74652"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74653"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/45462"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/secunia_research/2012-5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/52873"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74651"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74652"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74653"}], "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}