2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2009-0912" ,
"sourceIdentifier" : "cve@mitre.org" ,
"published" : "2009-03-16T17:30:00.390" ,
"lastModified" : "2017-08-17T01:30:05.537" ,
"vulnStatus" : "Modified" ,
2024-07-14 02:06:08 +00:00
"cveTags" : [ ] ,
2023-04-24 12:24:31 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "perl-MDK-Common 1.1.11 and 1.1.24, 1.2.9 through 1.2.14, and possibly other versions, in Mandriva Linux does not properly handle strings when writing them to configuration files, which allows attackers to gain privileges via \"special characters\" in unspecified vectors."
} ,
{
"lang" : "es" ,
"value" : "perl-MDK-Common v1.1.11 y v1.1.24, v1.2.9 hasta v1.2.14, y posiblemente otras versiones, en Mandriva Linux no maneja correctamente las cadenas de caracteres cuando las a\u00f1ade a ficheros de configuraci\u00f3n, permitiendo a atacantes remotos obtener privilegios mediante \"caracteres especiales\" en vectores no especificados."
}
] ,
"metrics" : {
"cvssMetricV2" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "2.0" ,
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C" ,
"accessVector" : "LOCAL" ,
"accessComplexity" : "LOW" ,
"authentication" : "NONE" ,
"confidentialityImpact" : "COMPLETE" ,
"integrityImpact" : "COMPLETE" ,
"availabilityImpact" : "COMPLETE" ,
"baseScore" : 7.2
} ,
"baseSeverity" : "HIGH" ,
"exploitabilityScore" : 3.9 ,
"impactScore" : 10.0 ,
"acInsufInfo" : false ,
"obtainAllPrivilege" : true ,
"obtainUserPrivilege" : false ,
"obtainOtherPrivilege" : false ,
"userInteractionRequired" : false
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-20"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:mandriva:multi_network_firewall:2.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "4DCD4AE9-A466-4413-A0C8-5509CBC8DA33"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:mandriva:linux:2008.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "107F6BEE-C3CB-460A-B574-16D031D823AE"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:mandriva:linux:2008.0:-:x86_64:*:*:*:*:*" ,
"matchCriteriaId" : "29197BBD-0C26-41ED-A972-E730216CC742"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:mandriva:linux:2008.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "9E024B17-9AEE-40AD-9EDC-3BC0FBB53BE3"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:mandriva:linux:2008.1:-:x86_64:*:*:*:*:*" ,
"matchCriteriaId" : "E6DCA59C-F054-4726-9A63-CF9419F7DC28"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:mandriva:linux:2009.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "7F90D927-CBCD-4432-9C04-A5F040D8F337"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*" ,
"matchCriteriaId" : "BA4E53C3-30E4-4FA2-8431-AC592966F4B1"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:mandriva:linux_corporate_server:3.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "3F2E9E33-9EF8-4D35-AC4F-CC371682EB2F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:mandriva:linux_corporate_server:3.0:-:x86_64:*:*:*:*:*" ,
"matchCriteriaId" : "264BA60D-3B77-424B-907D-0B168C831787"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:mandriva:linux_corporate_server:4.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "1C6579A7-D98C-406F-B621-7E111EF875B3"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:mandriva:linux_corporate_server:4.0:-:x86_64:*:*:*:*:*" ,
"matchCriteriaId" : "7CE263F7-5E3E-4007-AEDE-E6BDE42B3081"
}
]
}
]
}
] ,
"references" : [
{
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:072" ,
"source" : "cve@mitre.org" ,
"tags" : [
"Vendor Advisory"
]
} ,
{
"url" : "http://www.securityfocus.com/bid/34089" ,
"source" : "cve@mitre.org" ,
"tags" : [
"Patch"
]
} ,
{
"url" : "http://www.vupen.com/english/advisories/2009/0688" ,
"source" : "cve@mitre.org" ,
"tags" : [
"Vendor Advisory"
]
} ,
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49220" ,
"source" : "cve@mitre.org"
}
]
}
