Lucene search
HistoryOct 03, 2022 - 4:23 p.m.
CVE-2009-1526
cve-2009-1526
vulnerability
directadmin
symlink attack
local users
file overwrite
temporary directory
nvd
6.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
6.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
16.2%
JBMC Software DirectAdmin before 1.334 allows local users to create or overwrite any file via a symlink attack on an arbitrary file in a certain temporary directory, related to a request for this temporary file in the PATH_INFO to the CMD_DB script during a backup action.
Affected configurations
Node
jbmc-softwaredirectadminRange≤1.333
ORjbmc-softwaredirectadminMatch0.95
ORjbmc-softwaredirectadminMatch1
ORjbmc-softwaredirectadminMatch1.1
ORjbmc-softwaredirectadminMatch1.01
ORjbmc-softwaredirectadminMatch1.02
ORjbmc-softwaredirectadminMatch1.2
ORjbmc-softwaredirectadminMatch1.3
ORjbmc-softwaredirectadminMatch1.03
ORjbmc-softwaredirectadminMatch1.04
ORjbmc-softwaredirectadminMatch1.05
ORjbmc-softwaredirectadminMatch1.06
ORjbmc-softwaredirectadminMatch1.07
ORjbmc-softwaredirectadminMatch1.08
ORjbmc-softwaredirectadminMatch1.09
ORjbmc-softwaredirectadminMatch1.11
ORjbmc-softwaredirectadminMatch1.12
ORjbmc-softwaredirectadminMatch1.13
ORjbmc-softwaredirectadminMatch1.14
ORjbmc-softwaredirectadminMatch1.15
ORjbmc-softwaredirectadminMatch1.16
ORjbmc-softwaredirectadminMatch1.17
ORjbmc-softwaredirectadminMatch1.18
ORjbmc-softwaredirectadminMatch1.19
ORjbmc-softwaredirectadminMatch1.21
ORjbmc-softwaredirectadminMatch1.22
ORjbmc-softwaredirectadminMatch1.23
ORjbmc-softwaredirectadminMatch1.24
ORjbmc-softwaredirectadminMatch1.25
ORjbmc-softwaredirectadminMatch1.26
ORjbmc-softwaredirectadminMatch1.27
ORjbmc-softwaredirectadminMatch1.28
ORjbmc-softwaredirectadminMatch1.29
ORjbmc-softwaredirectadminMatch1.31
ORjbmc-softwaredirectadminMatch1.32
ORjbmc-softwaredirectadminMatch1.33
ORjbmc-softwaredirectadminMatch1.081
ORjbmc-softwaredirectadminMatch1.111
ORjbmc-softwaredirectadminMatch1.121
ORjbmc-softwaredirectadminMatch1.151
ORjbmc-softwaredirectadminMatch1.152
ORjbmc-softwaredirectadminMatch1.161
ORjbmc-softwaredirectadminMatch1.171
ORjbmc-softwaredirectadminMatch1.172
ORjbmc-softwaredirectadminMatch1.173
ORjbmc-softwaredirectadminMatch1.174
ORjbmc-softwaredirectadminMatch1.181
ORjbmc-softwaredirectadminMatch1.192
ORjbmc-softwaredirectadminMatch1.193
ORjbmc-softwaredirectadminMatch1.195
ORjbmc-softwaredirectadminMatch1.196
ORjbmc-softwaredirectadminMatch1.201
ORjbmc-softwaredirectadminMatch1.202
ORjbmc-softwaredirectadminMatch1.203
ORjbmc-softwaredirectadminMatch1.204
ORjbmc-softwaredirectadminMatch1.205
ORjbmc-softwaredirectadminMatch1.206
ORjbmc-softwaredirectadminMatch1.207
ORjbmc-softwaredirectadminMatch1.211
ORjbmc-softwaredirectadminMatch1.212
ORjbmc-softwaredirectadminMatch1.213
ORjbmc-softwaredirectadminMatch1.221
ORjbmc-softwaredirectadminMatch1.222
ORjbmc-softwaredirectadminMatch1.223
ORjbmc-softwaredirectadminMatch1.224
ORjbmc-softwaredirectadminMatch1.225
ORjbmc-softwaredirectadminMatch1.226
ORjbmc-softwaredirectadminMatch1.231
ORjbmc-softwaredirectadminMatch1.232
ORjbmc-softwaredirectadminMatch1.233
ORjbmc-softwaredirectadminMatch1.234
ORjbmc-softwaredirectadminMatch1.235
ORjbmc-softwaredirectadminMatch1.241
ORjbmc-softwaredirectadminMatch1.242
ORjbmc-softwaredirectadminMatch1.243
ORjbmc-softwaredirectadminMatch1.244
ORjbmc-softwaredirectadminMatch1.251
ORjbmc-softwaredirectadminMatch1.252
ORjbmc-softwaredirectadminMatch1.253
ORjbmc-softwaredirectadminMatch1.254
ORjbmc-softwaredirectadminMatch1.255
ORjbmc-softwaredirectadminMatch1.261
ORjbmc-softwaredirectadminMatch1.262
ORjbmc-softwaredirectadminMatch1.263
ORjbmc-softwaredirectadminMatch1.264
ORjbmc-softwaredirectadminMatch1.265
ORjbmc-softwaredirectadminMatch1.266
ORjbmc-softwaredirectadminMatch1.273
ORjbmc-softwaredirectadminMatch1.274
ORjbmc-softwaredirectadminMatch1.275
ORjbmc-softwaredirectadminMatch1.281
ORjbmc-softwaredirectadminMatch1.282
ORjbmc-softwaredirectadminMatch1.285
ORjbmc-softwaredirectadminMatch1.286
ORjbmc-softwaredirectadminMatch1.291
ORjbmc-softwaredirectadminMatch1.292
ORjbmc-softwaredirectadminMatch1.293
ORjbmc-softwaredirectadminMatch1.294
ORjbmc-softwaredirectadminMatch1.295
ORjbmc-softwaredirectadminMatch1.296
ORjbmc-softwaredirectadminMatch1.297
ORjbmc-softwaredirectadminMatch1.301
ORjbmc-softwaredirectadminMatch1.302
ORjbmc-softwaredirectadminMatch1.311
ORjbmc-softwaredirectadminMatch1.312
ORjbmc-softwaredirectadminMatch1.313
ORjbmc-softwaredirectadminMatch1.314
ORjbmc-softwaredirectadminMatch1.315
ORjbmc-softwaredirectadminMatch1.321
ORjbmc-softwaredirectadminMatch1.322
ORjbmc-softwaredirectadminMatch1.323
ORjbmc-softwaredirectadminMatch1.331
ORjbmc-softwaredirectadminMatch1.332
ORjbmc-softwaredirectadminMatch1.1741
ORjbmc-softwaredirectadminMatch1.1941
Related
cvelist
cvelist
CVE-2009-1526
2022-10-03 16:23:57
prion
prion
Design/Logic Flaw
2009-05-05 20:30:00
nvd
nvd
CVE-2009-1526
2009-05-05 20:30:00
6.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
6.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
16.2%
Related for CVE-2009-1526