Sign-up

ID

VAR-200903-0440


CVE

CVE-2009-0912


TITLE

Mandriva Linux of perl-MDK-Common Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2009-004524

DESCRIPTION

perl-MDK-Common 1.1.11 and 1.1.24, 1.2.9 through 1.2.14, and possibly other versions, in Mandriva Linux does not properly handle strings when writing them to configuration files, which allows attackers to gain privileges via "special characters" in unspecified vectors. Mandriva perl-MDK-Common is prone to an unspecified privilege-escalation vulnerability because the software fails to properly validate user-supplied input. An attacker may exploit this issue to gain elevated privileges

Trust: 1.98

sources: NVD: CVE-2009-0912 // JVNDB: JVNDB-2009-004524 // BID: 34089 // VULHUB: VHN-38358

AFFECTED PRODUCTS

vendor:mandrivamodel:linuxscope:eqversion:2009.0

Trust: 1.6

vendor:mandrivamodel:linuxscope:eqversion:2008.1

Trust: 1.6

vendor:mandrivamodel:multi network firewallscope:eqversion:2.0

Trust: 1.6

vendor:mandrivamodel:linux corporate serverscope:eqversion:4.0

Trust: 1.6

vendor:mandrivamodel:linux corporate serverscope:eqversion:3.0

Trust: 1.6

vendor:mandrivamodel:linuxscope:eqversion:2008.0

Trust: 1.6

vendor:mandrivamodel:linux corporate serverscope:eqversion:1.1.11

Trust: 0.8

vendor:mandrivamodel:linux corporate serverscope:eqversion:1.1.24

Trust: 0.8

vendor:mandrivamodel:linux corporate serverscope:eqversion:1.2.9 to 1.2.14

Trust: 0.8

vendor:mandrivamodel:linux corporate serverscope:eqversion: -

Trust: 0.8

vendor:mandrivamodel:linuxscope:eqversion:1.1.11

Trust: 0.8

vendor:mandrivamodel:linuxscope:eqversion:1.1.24

Trust: 0.8

vendor:mandrivamodel:linuxscope:eqversion:1.2.9 to 1.2.14

Trust: 0.8

vendor:mandrivamodel:linuxscope:eqversion: -

Trust: 0.8

vendor:mandrivamodel:multi network firewallscope:eqversion:1.1.11

Trust: 0.8

vendor:mandrivamodel:multi network firewallscope:eqversion:1.1.24

Trust: 0.8

vendor:mandrivamodel:multi network firewallscope:eqversion:1.2.9 to 1.2.14

Trust: 0.8

vendor:mandrivamodel:multi network firewallscope:eqversion: -

Trust: 0.8

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2009.0

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2009.0

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2008.1

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2008.1

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2008.0

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2008.0

Trust: 0.3

vendor:mandrakesoftmodel:multi network firewallscope:eqversion:2.0

Trust: 0.3

vendor:mandrakesoftmodel:corporate server x86 64scope:eqversion:4.0

Trust: 0.3

vendor:mandrakesoftmodel:corporate server x86 64scope:eqversion:3.0

Trust: 0.3

vendor:mandrakesoftmodel:corporate serverscope:eqversion:3.0

Trust: 0.3

vendor:mandrakesoftmodel:corporate serverscope:eqversion:4.0

Trust: 0.3

sources: BID: 34089 // JVNDB: JVNDB-2009-004524 // CNNVD: CNNVD-200903-276 // NVD: CVE-2009-0912

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-0912
value: HIGH

Trust: 1.0

NVD: CVE-2009-0912
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200903-276
value: HIGH

Trust: 0.6

VULHUB: VHN-38358
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2009-0912
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-38358
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-38358 // JVNDB: JVNDB-2009-004524 // CNNVD: CNNVD-200903-276 // NVD: CVE-2009-0912

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-38358 // JVNDB: JVNDB-2009-004524 // NVD: CVE-2009-0912

THREAT TYPE

local

Trust: 0.9

sources: BID: 34089 // CNNVD: CNNVD-200903-276

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200903-276

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-004524

PATCH
title:MDVSA-2009:072url:http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2009:072
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2009-004524

EXTERNAL IDS
db:NVDid:CVE-2009-0912
Trust: 2.5
db:BIDid:34089
Trust: 2.0
db:VUPENid:ADV-2009-0688
Trust: 1.7
db:JVNDBid:JVNDB-2009-004524
Trust: 0.8
db:MANDRIVAid:MDVSA-2009:072
Trust: 0.6
db:XFid:49220
Trust: 0.6
db:CNNVDid:CNNVD-200903-276
Trust: 0.6
db:VULHUBid:VHN-38358
Trust: 0.1
sources:
            
            
            VULHUB: VHN-38358 // 
            
            
            
            BID: 34089 // 
            
            
            
            JVNDB: JVNDB-2009-004524 // 
            
            
            
            CNNVD: CNNVD-200903-276 // 
            
            
            
            NVD: CVE-2009-0912

REFERENCES
url:http://www.securityfocus.com/bid/34089
Trust: 1.7
url:http://www.mandriva.com/security/advisories?name=mdvsa-2009:072
Trust: 1.7
url:http://www.vupen.com/english/advisories/2009/0688
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/49220
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0912
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0912
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/49220
Trust: 0.6
url:http://www.mandriva.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-38358 // 
            
            
            
            BID: 34089 // 
            
            
            
            JVNDB: JVNDB-2009-004524 // 
            
            
            
            CNNVD: CNNVD-200903-276 // 
            
            
            
            NVD: CVE-2009-0912

CREDITS
Mandriva
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200903-276

SOURCES
db:VULHUBid:VHN-38358
db:BIDid:34089
db:JVNDBid:JVNDB-2009-004524
db:CNNVDid:CNNVD-200903-276
db:NVDid:CVE-2009-0912

LAST UPDATE DATE
2024-11-23T23:00:06.429000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-38358date:2017-08-17T00:00:00
db:BIDid:34089date:2009-03-12T13:06:00
db:JVNDBid:JVNDB-2009-004524date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200903-276date:2009-03-17T00:00:00
db:NVDid:CVE-2009-0912date:2024-11-21T01:01:12.343

SOURCES RELEASE DATE
db:VULHUBid:VHN-38358date:2009-03-16T00:00:00
db:BIDid:34089date:2009-03-11T00:00:00
db:JVNDBid:JVNDB-2009-004524date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200903-276date:2009-03-16T00:00:00
db:NVDid:CVE-2009-0912date:2009-03-16T17:30:00.390