Vulnerability CVE-2009-0912 - CERT Civis.Net

Vulnerability Name:

CVE-2009-0912 (CCN-49220)

Assigned:

2009-03-10

Published:

2009-03-10

Updated:

2017-08-17

Summary:

perl-MDK-Common 1.1.11 and 1.1.24, 1.2.9 through 1.2.14, and possibly other versions, in Mandriva Linux does not properly handle strings when writing them to configuration files, which allows attackers to gain privileges via "special characters" in unspecified vectors.

CVSS v3 Severity:

5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2009-0912

Source: CCN
Type: Mandriva CVS Repository
Index of /soft/perl-MDK-Common

Source: MANDRIVA
Type: Vendor Advisory
MDVSA-2009:072

Source: CCN
Type: OSVDB ID: 52989
perl-MDK-Common on Mandriva Linux Configuration File Modification Unspecified Privilege Escalation

Source: BID
Type: Patch
34089

Source: CCN
Type: BID-34089
Mandriva perl-MDK-Common Unspecified Privilege Escalation Vulnerability

Source: VUPEN
Type: Vendor Advisory
ADV-2009-0688

Source: XF
Type: UNKNOWN
perlmdkcommon-unspecified-priv-escalation(49220)

Source: XF
Type: UNKNOWN
perlmdkcommon-unspecified-priv-escalation(49220)

Vulnerable Configuration:

Configuration 1:

cpe:/a:mandriva:multi_network_firewall:2.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2008.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2008.0:-:x86_64:*:*:*:*:*

OR cpe:/o:mandriva:linux:2008.1:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2008.1:-:x86_64:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*

OR cpe:/o:mandriva:linux_corporate_server:3.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux_corporate_server:3.0:-:x86_64:*:*:*:*:*

OR cpe:/o:mandriva:linux_corporate_server:4.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux_corporate_server:4.0:-:x86_64:*:*:*:*:*

Configuration CCN 1:

cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:x86_64:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*

Denotes that component is vulnerable