Vulnerability Name:

CVE-2009-1893 (CCN-51718)

Assigned:2009-07-14
Published:2009-07-14
Updated:2023-02-13
Summary:
CVSS v3 Severity:5.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
6.0 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
3.3 Low (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P)
2.9 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
5.6 Medium (REDHAT CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:C)
4.9 Medium (REDHAT Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:C/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Complete
Vulnerability Consequences:File Manipulation
References:Source: MITRE
Type: CNA
CVE-2009-1893

Source: CCN
Type: RHSA-2009-1154
Critical: dhcp security update

Source: CCN
Type: SECTRACK ID: 1022554
Red Hat dhcpd init Script Symlink Flaw Lets Local Users Gain Elevated Privileges

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: ASA-2009-289
dhcp security update (RHSA-2009-1154)

Source: CCN
Type: OSVDB ID: 56464
Red Hat Linux DHCP dhcpd configtest Function Symlink Arbitrary File Overwrite

Source: secalert@redhat.com
Type: Vendor Advisory
secalert@redhat.com

Source: CCN
Type: BID-35670
ISC DHCP 'dhcpd -t' Command Insecure Temporary File Creation Vulnerability

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: XF
Type: UNKNOWN
dhcp-dhcpdt-symlink(51718)

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: Internet Systems Consortium Web site
ISC DHCP

Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:3:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:isc:dhcpd:3.0.1:rc12:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcpd:3.0.1:rc13:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcpd:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcpd:3.0.1:rc1:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcpd:3.0.1:rc10:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcpd:3.0.1:rc11:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcpd:3.0.1:rc14:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcpd:3.0.1:rc2:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcpd:3.0.1:rc3:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcpd:3.0.1:rc4:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcpd:3.0.1:rc5:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcpd:3.0.1:rc6:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcpd:3.0.1:rc7:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcpd:3.0.1:rc8:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcpd:3.0.1:rc9:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcpd:3.0_b2pl23:*:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcpd:3.0_b2pl9:*:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcpd:3.0_pl1:*:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcpd:3.0_pl2:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:11597
    V
    		The configtest function in the Red Hat dhcpd init script for DHCP 3.0.1 in Red Hat Enterprise Linux (RHEL) 3 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file, related to the "dhcpd -t" command.
    2013-04-29
    oval:org.mitre.oval:def:6440
    V
    		Red Hat dhcpd init Script Symlink Flaw Lets Local Users Gain Elevated Privileges
    2010-01-11
    oval:com.redhat.rhsa:def:20091154
    P
    		RHSA-2009:1154: dhcp security update (Critical)
    2009-07-14
    BACK
    isc dhcpd 3.0.1 rc12
    isc dhcpd 3.0.1 rc13
    isc dhcpd 3.0
    isc dhcpd 3.0.1 rc1
    isc dhcpd 3.0.1 rc10
    isc dhcpd 3.0.1 rc11
    isc dhcpd 3.0.1 rc14
    isc dhcpd 3.0.1 rc2
    isc dhcpd 3.0.1 rc3
    isc dhcpd 3.0.1 rc4
    isc dhcpd 3.0.1 rc5
    isc dhcpd 3.0.1 rc6
    isc dhcpd 3.0.1 rc7
    isc dhcpd 3.0.1 rc8
    isc dhcpd 3.0.1 rc9
    isc dhcpd 3.0_b2pl23
    isc dhcpd 3.0_b2pl9
    isc dhcpd 3.0_pl1
    isc dhcpd 3.0_pl2
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3