Vulnerability-Lookup - Search a vulnerability

Vulnerabilites related to mandriva - linux_corporate_server

Vulnerability from fkie_nvd

Published

2009-03-16 17:30

Modified

2025-04-09 00:30

Severity ?

Summary

perl-MDK-Common 1.1.11 and 1.1.24, 1.2.9 through 1.2.14, and possibly other versions, in Mandriva Linux does not properly handle strings when writing them to configuration files, which allows attackers to gain privileges via "special characters" in unspecified vectors.

References

URL	Tags
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2009:072	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/34089	Patch
cve@mitre.org	http://www.vupen.com/english/advisories/2009/0688	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/49220
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2009:072	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/34089	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/0688	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/49220

Impacted products

Vendor	Product	Version
mandriva	multi_network_firewall	2.0
mandriva	linux	2008.0
mandriva	linux	2008.0
mandriva	linux	2008.1
mandriva	linux	2008.1
mandriva	linux	2009.0
mandriva	linux	2009.0
mandriva	linux_corporate_server	3.0
mandriva	linux_corporate_server	3.0
mandriva	linux_corporate_server	4.0
mandriva	linux_corporate_server	4.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mandriva:multi_network_firewall:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DCD4AE9-A466-4413-A0C8-5509CBC8DA33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandriva:linux:2008.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "107F6BEE-C3CB-460A-B574-16D031D823AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandriva:linux:2008.0:-:x86_64:*:*:*:*:*",
              "matchCriteriaId": "29197BBD-0C26-41ED-A972-E730216CC742",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandriva:linux:2008.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E024B17-9AEE-40AD-9EDC-3BC0FBB53BE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandriva:linux:2008.1:-:x86_64:*:*:*:*:*",
              "matchCriteriaId": "E6DCA59C-F054-4726-9A63-CF9419F7DC28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandriva:linux:2009.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F90D927-CBCD-4432-9C04-A5F040D8F337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*",
              "matchCriteriaId": "BA4E53C3-30E4-4FA2-8431-AC592966F4B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandriva:linux_corporate_server:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F2E9E33-9EF8-4D35-AC4F-CC371682EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandriva:linux_corporate_server:3.0:-:x86_64:*:*:*:*:*",
              "matchCriteriaId": "264BA60D-3B77-424B-907D-0B168C831787",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandriva:linux_corporate_server:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C6579A7-D98C-406F-B621-7E111EF875B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandriva:linux_corporate_server:4.0:-:x86_64:*:*:*:*:*",
              "matchCriteriaId": "7CE263F7-5E3E-4007-AEDE-E6BDE42B3081",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "perl-MDK-Common 1.1.11 and 1.1.24, 1.2.9 through 1.2.14, and possibly other versions, in Mandriva Linux does not properly handle strings when writing them to configuration files, which allows attackers to gain privileges via \"special characters\" in unspecified vectors."
    },
    {
      "lang": "es",
      "value": "perl-MDK-Common v1.1.11 y v1.1.24, v1.2.9 hasta v1.2.14, y posiblemente otras versiones, en Mandriva Linux no maneja correctamente las cadenas de caracteres cuando las a\u00f1ade a ficheros de configuraci\u00f3n, permitiendo a atacantes remotos obtener privilegios mediante \"caracteres especiales\" en vectores no especificados."
    }
  ],
  "id": "CVE-2009-0912",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-03-16T17:30:00.390",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:072"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/34089"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0688"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49220"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:072"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/34089"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0688"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49220"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2009-0912 (GCVE-0-2009-0912)

Vulnerability from cvelistv5

Published

2009-03-16 17:00