fkie_nvd - fkie_cve-2009-1893

fkie_cve-2009-1893

Vulnerability from fkie_nvd

Published

2009-07-17 16:30

Modified

2025-04-09 00:30

Severity ?

Summary

The configtest function in the Red Hat dhcpd init script for DHCP 3.0.1 in Red Hat Enterprise Linux (RHEL) 3 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file, related to the "dhcpd -t" command.

References

URL	Tags
secalert@redhat.com	http://secunia.com/advisories/35831	Vendor Advisory
secalert@redhat.com	http://securitytracker.com/id?1022554
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2009-1154.html	Vendor Advisory
secalert@redhat.com	http://www.securityfocus.com/bid/35670
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=510024
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/51718
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11597
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6440
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35831	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1022554
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2009-1154.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/35670
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=510024
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/51718
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11597
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6440

Impacted products

Vendor	Product	Version
redhat	enterprise_linux	3.0
redhat	enterprise_linux	3.0
redhat	enterprise_linux	3.0
redhat	enterprise_linux	3.0
isc	dhcp	3.0.1
isc	dhcp	3.0.1
isc	dhcp	3.0.1
isc	dhcp	3.0.1
isc	dhcp	3.0.1
isc	dhcp	3.0.1
isc	dhcp	3.0.1
isc	dhcp	3.0.1
isc	dhcp	3.0.1
isc	dhcp	3.0.1
isc	dhcp	3.0.1
isc	dhcp	3.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "40D8DAE0-8E75-435C-9BD6-FAEED2ACB47C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:as:*:*:*:*:*",
              "matchCriteriaId": "327FEE54-79EC-4B5E-B838-F3C61FCDF48E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:es:*:*:*:*:*",
              "matchCriteriaId": "056C1C15-D110-4309-A9A6-41BD753FE4F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:ws:*:*:*:*:*",
              "matchCriteriaId": "08392974-5AC1-4B12-893F-3F733EF05F80",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1E94449B-6FB0-4E4D-9D92-144A1C474761",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc10:*:*:*:*:*:*",
              "matchCriteriaId": "6824B249-D222-4F29-8C29-E92071F12621",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc11:*:*:*:*:*:*",
              "matchCriteriaId": "2F7A3F32-C297-4331-9B8D-1CF8F3D32315",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc12:*:*:*:*:*:*",
              "matchCriteriaId": "B4959ABA-9F2E-4003-9566-DBE3177AE233",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc13:*:*:*:*:*:*",
              "matchCriteriaId": "0CE2A3CA-EFB6-4547-BED8-CAC39156F10B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc14:*:*:*:*:*:*",
              "matchCriteriaId": "5DE205EE-F708-4E4A-A861-EBF6D3C062F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BD8EBBF0-A61B-4FF0-B055-9BA2A21617A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "B3141202-993D-4E80-9EAD-ACA6C1343D6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "6E0768D1-37D3-4C17-A3A9-94EA237392AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc7:*:*:*:*:*:*",
              "matchCriteriaId": "F167B922-DD9E-4DD1-BB8F-B232711BACCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc8:*:*:*:*:*:*",
              "matchCriteriaId": "4E23602E-FFA1-49E2-BF4C-BC5D074517B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc9:*:*:*:*:*:*",
              "matchCriteriaId": "8DA200FE-D261-4532-AC63-1208611AFE46",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The configtest function in the Red Hat dhcpd init script for DHCP 3.0.1 in Red Hat Enterprise Linux (RHEL) 3 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file, related to the \"dhcpd -t\" command."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n configtest en la secuencia de comandos de inicio del DHCPD en Red Hat para DHCP 3.0.1 en Red Hat Enterprise Linux (RHEL) 3 permite a usuarios locales sobrescribir ficheros de su elecci\u00f3n a trav\u00e9s de un ataque de enlace simb\u00f3lico sobre un fichero temporal no especificado, relativo al comando \"dhcpd -t\"."
    }
  ],
  "id": "CVE-2009-1893",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-07-17T16:30:00.890",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35831"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securitytracker.com/id?1022554"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1154.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/35670"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=510024"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51718"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11597"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6440"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35831"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1022554"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1154.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/35670"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=510024"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51718"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11597"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6440"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2009-1893 (GCVE-0-2009-1893)

Vulnerability from cvelistv5

Published

2009-07-17 16:00