{ "id": "CVE-2009-1962", "sourceIdentifier": "cve@mitre.org", "published": "2009-06-08T01:00:00.843", "lastModified": "2017-08-17T01:30:35.537", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "Xfig, possibly 3.2.5, allows local users to read and write arbitrary files via a symlink attack on the (1) xfig-eps[PID], (2) xfig-pic[PID].pix, (3) xfig-pic[PID].err, (4) xfig-pcx[PID].pix, (5) xfig-xfigrc[PID], (6) xfig[PID], (7) xfig-print[PID], (8) xfig-export[PID].err, (9) xfig-batch[PID], (10) xfig-exp[PID], or (11) xfig-spell.[PID] temporary files, where [PID] is a process ID." }, { "lang": "es", "value": "Xfig en Debian GNU/Linux, posiblemente v3.2.5, permite a usuarios locales leer y escribir archivos de su elecci\u00f3n a trav\u00e9s de un enlace simb\u00f3lico a los ficheros temporales (1) xfig-eps[PID], (2) xfig-pic[PID].pix, (3) xfig-pic[PID].err, (4) xfig-pcx[PID].pix, (5) xfig-xfigrc[PID], (6) xfig[PID], (7) xfig-print[PID], (8) xfig-export[PID].err, (9) xfig-batch[PID], (10) xfig-exp[PID], or (11) xfig-spell.[PID] donde [PID] es el ID (identificador) del proceso." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "accessVector": "LOCAL", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 4.4 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 3.4, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-59" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:xfig:xfig:3.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "BD269541-F1A0-4FFD-BFB6-423BC806D076" }, { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:alpha:*:*:*:*:*", "matchCriteriaId": "F5114DA3-FBB9-47C4-857B-3212404DAD4E" }, { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:amd64:*:*:*:*:*", "matchCriteriaId": "4D5F5A52-285E-4E7E-83B8-508079DBCEAE" }, { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:arm:*:*:*:*:*", "matchCriteriaId": "674BE2D9-009B-46C5-A071-CB10368B8D48" }, { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:hppa:*:*:*:*:*", "matchCriteriaId": "703486E5-906B-4BDB-A046-28D4D73E3F03" }, { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:ia-32:*:*:*:*:*", "matchCriteriaId": "ABB5AC0D-2358-4C8E-99B5-2CE0A678F549" }, { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:ia-64:*:*:*:*:*", "matchCriteriaId": "38B37184-BA88-44F1-AC9E-8B60C2419111" }, { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:m68k:*:*:*:*:*", "matchCriteriaId": "0D8C9247-3E18-4DD9-AF5B-B2996C76443F" }, { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:mips:*:*:*:*:*", "matchCriteriaId": "0EEA2CDD-7FCD-461E-90FC-CDB3C3992A32" }, { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:mipsel:*:*:*:*:*", "matchCriteriaId": "D7B877A8-5318-402E-8AE1-753E7419060F" }, { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:powerpc:*:*:*:*:*", "matchCriteriaId": "A3938420-087D-4D92-A2F8-EAE54D9837EC" }, { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:s\\/390:*:*:*:*:*", "matchCriteriaId": "0331E302-352E-457D-BF75-3C12AD5E206E" }, { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:sparc:*:*:*:*:*", "matchCriteriaId": "10F42CF8-FB98-4AFC-96C5-FD7D442B0FA3" }, { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:alpha:*:*:*:*:*", "matchCriteriaId": "CF03E406-5B00-4C49-9705-45DCDB4008DC" }, { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:amd64:*:*:*:*:*", "matchCriteriaId": "7020CA7E-FB01-4F6D-9BA7-A0D88980C21E" }, { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:arm:*:*:*:*:*", "matchCriteriaId": "234806CB-272F-4EFA-9FBB-C031A9C3D71C" }, { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:armel:*:*:*:*:*", "matchCriteriaId": "2A76BD7E-C96E-4279-A55A-5DC5EDB49A1C" }, { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:hppa:*:*:*:*:*", "matchCriteriaId": "636EE19C-B240-463C-A283-F4E78D99717E" }, { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:ia-32:*:*:*:*:*", "matchCriteriaId": "421F6F87-777E-411F-9F68-1CA0D6F70451" }, { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:ia-64:*:*:*:*:*", "matchCriteriaId": "29D886A2-920A-4FA6-9499-E0C25A178783" }, { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:m68k:*:*:*:*:*", "matchCriteriaId": "04376A10-26EB-400E-B2A1-F5C594A026DF" }, { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:mips:*:*:*:*:*", "matchCriteriaId": "D9595A0F-BF18-4C50-B7FD-61685A83D8C3" }, { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:mipsel:*:*:*:*:*", "matchCriteriaId": "47A7B824-7355-4F51-9316-B1EB3D9EB9AC" }, { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:powerpc:*:*:*:*:*", "matchCriteriaId": "2E6CFC20-96B6-46B2-9DD7-024E0775757A" }, { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:s\\/390:*:*:*:*:*", "matchCriteriaId": "9403840E-C30B-44F1-A115-BA0A00520EA0" }, { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:sparc:*:*:*:*:*", "matchCriteriaId": "1D65FD67-8F21-4BEE-BD29-FDF69B9A437B" } ] } ] } ], "references": [ { "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:244", "source": "cve@mitre.org" }, { "url": "http://www.openwall.com/lists/oss-security/2009/04/01/6", "source": "cve@mitre.org" }, { "url": "http://www.securityfocus.com/bid/34328", "source": "cve@mitre.org" }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49600", "source": "cve@mitre.org" } ] }