Lucene search

[email protected]CVE-2009-1753

HistoryMay 22, 2009 - 11:53 a.m.

CVE-2009-1753

2009-05-2211:53:48

CWE-59

[email protected]

web.nvd.nist.gov

coccinelle

symlink attack

nvd

cve-2009-1753

3.3 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Coccinelle 0.1.7 allows local users to overwrite arbitrary files via a symlink attack on an unspecified “result file.”

Affected configurations

NVD

Node

emncoccinelleMatch0.1.7

CPENameOperatorVersion
emn:coccinelleemn coccinelleeq0.1.7

CPE	Name	Operator	Version
emn:coccinelle	emn coccinelle	eq	0.1.7

References

packages.debian.org/changelogs/pool/main/c/coccinelle/coccinelle_0.1.7.deb-3/changelog

secunia.com/advisories/35012

secunia.com/advisories/35459

www.openwall.com/lists/oss-security/2009/05/06/2

www.securityfocus.com/bid/34848

www.redhat.com/archives/fedora-package-announce/2009-June/msg00731.html

3.3 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2009-1753

cvelist1 ubuntucve1 nvd1 openvas2 nessus1 debiancve1 fedora1 prion1