CVE-2010-0935
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
05/03/2010
Last modified:
11/04/2025
Description
Perforce Server 2009.2 and earlier, when the protection table is empty, allows remote authenticated users to obtain super privileges via a "p4 protect" command.
Impact
Base Score 2.0
4.60
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:perforce:perforce_server:*:*:*:*:*:*:*:* | 2009.2 (including) | |
| cpe:2.3:a:perforce:perforce_server:97.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:perforce:perforce_server:98.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:perforce:perforce_server:99.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:perforce:perforce_server:99.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:perforce:perforce_server:2000.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:perforce:perforce_server:2000.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:perforce:perforce_server:2001.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:perforce:perforce_server:2001.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:perforce:perforce_server:2002.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:perforce:perforce_server:2002.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:perforce:perforce_server:2003.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:perforce:perforce_server:2003.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:perforce:perforce_server:2004.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:perforce:perforce_server:2005.1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html
- http://www.perforce.com/perforce/doc.current/manuals/cmdref/protect.html
- http://www.securityfocus.com/bid/36261
- http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html
- http://www.perforce.com/perforce/doc.current/manuals/cmdref/protect.html
- http://www.securityfocus.com/bid/36261