Lucene search

[email protected]CVE-2009-1893

HistoryJul 17, 2009 - 4:30 p.m.

CVE-2009-1893

2009-07-1716:30:00

CWE-59

[email protected]

web.nvd.nist.gov

red hat

dhcp

configtest

local users

symlink attack

nvd

7.2 High

AI Score

Confidence

High

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

The configtest function in the Red Hat dhcpd init script for DHCP 3.0.1 in Red Hat Enterprise Linux (RHEL) 3 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file, related to the “dhcpd -t” command.

CPENameOperatorVersion
redhat:enterprise_linuxredhat enterprise linuxeq3.0
isc:dhcpisc dhcpeq3.0.1

CPE	Name	Operator	Version
redhat:enterprise_linux	redhat enterprise linux	eq	3.0
isc:dhcp	isc dhcp	eq	3.0.1

References

secunia.com/advisories/35831

securitytracker.com/id?1022554

www.redhat.com/support/errata/RHSA-2009-1154.html

www.securityfocus.com/bid/35670

bugzilla.redhat.com/show_bug.cgi?id=510024

exchange.xforce.ibmcloud.com/vulnerabilities/51718

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11597

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6440

7.2 High

AI Score

Confidence

High

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

Related for CVE-2009-1893

prion1 openvas6 redhat1 nessus6 centos1 vmware2