CVE-2008-0673 - Vulnerability Details - OpenCVE

TinTin++ 1.97.9 and WinTin++ 1.97.9 open files on the basis of an inbound file-transfer request, before the user has an opportunity to decline the request, which allows remote attackers to truncate arbitrary files in the top level of a home directory.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Tintin	Tintin\+\+ Wintin\+\+

Configuration 1 [-]

OR	cpe:2.3:a:tintin:tintin\+\+:1.97.9:::::::*
	cpe:2.3:a:tintin:wintin\+\+:1.97.9:::::::*

No data.

References

Link	Providers
http://aluigi.altervista.org/adv/rintintin-adv.txt
http://secunia.com/advisories/28833
http://security.gentoo.org/glsa/glsa-201111-07.xml
http://securityreason.com/securityalert/3632
http://www.securityfocus.com/archive/1/487687/100/0/threaded
http://www.securityfocus.com/bid/27660
http://www.vupen.com/english/advisories/2008/0449

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-02-12T00:00:00

Updated: 2024-08-07T07:54:22.983Z

Reserved: 2008-02-11T00:00:00

Link: CVE-2008-0673

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-02-12T01:00:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-0673

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-02-06T00:00:00", "descriptions": [{"lang": "en", "value": "TinTin++ 1.97.9 and WinTin++ 1.97.9 open files on the basis of an inbound file-transfer request, before the user has an opportunity to decline the request, which allows remote attackers to truncate arbitrary files in the top level of a home directory."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "GLSA-201111-07", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-201111-07.xml"}, {"name": "3632", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3632"}, {"name": "28833", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28833"}, {"name": "27660", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/27660"}, {"name": "20080206 Chat vulnerabilities in TinTin++ 1.97.9", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/487687/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://aluigi.altervista.org/adv/rintintin-adv.txt"}, {"name": "ADV-2008-0449", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0449"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-0673", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "TinTin++ 1.97.9 and WinTin++ 1.97.9 open files on the basis of an inbound file-transfer request, before the user has an opportunity to decline the request, which allows remote attackers to truncate arbitrary files in the top level of a home directory."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "GLSA-201111-07", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-201111-07.xml"}, {"name": "3632", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3632"}, {"name": "28833", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28833"}, {"name": "27660", "refsource": "BID", "url": "http://www.securityfocus.com/bid/27660"}, {"name": "20080206 Chat vulnerabilities in TinTin++ 1.97.9", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/487687/100/0/threaded"}, {"name": "http://aluigi.altervista.org/adv/rintintin-adv.txt", "refsource": "MISC", "url": "http://aluigi.altervista.org/adv/rintintin-adv.txt"}, {"name": "ADV-2008-0449", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0449"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T07:54:22.983Z"}, "title": "CVE Program Container", "references": [{"name": "GLSA-201111-07", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-201111-07.xml"}, {"name": "3632", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/3632"}, {"name": "28833", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28833"}, {"name": "27660", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/27660"}, {"name": "20080206 Chat vulnerabilities in TinTin++ 1.97.9", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/487687/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://aluigi.altervista.org/adv/rintintin-adv.txt"}, {"name": "ADV-2008-0449", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/0449"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-0673", "datePublished": "2008-02-12T00:00:00", "dateReserved": "2008-02-11T00:00:00", "dateUpdated": "2024-08-07T07:54:22.983Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tintin:tintin\\+\\+:1.97.9:*:*:*:*:*:*:*", "matchCriteriaId": "DE9FDF3F-CB50-4F04-BC93-C2DFCDDA7732", "vulnerable": true}, {"criteria": "cpe:2.3:a:tintin:wintin\\+\\+:1.97.9:*:*:*:*:*:*:*", "matchCriteriaId": "58E0F62F-A394-4CF7-913F-4CC9D4D53D5C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "TinTin++ 1.97.9 and WinTin++ 1.97.9 open files on the basis of an inbound file-transfer request, before the user has an opportunity to decline the request, which allows remote attackers to truncate arbitrary files in the top level of a home directory."}, {"lang": "es", "value": "TinTin 1.97.9 y WinTin 1.97.9 abre ficheros sobre la base de una solicitud de fichero de transferencia, antes de que el usuario tenga la oportunidad de rechazar la petici\u00f3n, lo que permite a atacantes remotos truncar archivos arbitrarios en el nivel superior de un directorio ra\u00edz."}], "id": "CVE-2008-0673", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-02-12T01:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://aluigi.altervista.org/adv/rintintin-adv.txt"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28833"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-201111-07.xml"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3632"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/487687/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/27660"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/0449"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://aluigi.altervista.org/adv/rintintin-adv.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28833"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-201111-07.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/3632"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/487687/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/27660"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/0449"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}