CVE-2009-0667

2009-07-0917:30:00

Debian Security Bug Tracker

security-tracker.debian.org

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.1%

JSON

Untrusted search path vulnerability in Agent/Backend.pm in Ocsinventory-Agent before 0.0.9.3, and 1.x before 1.0.1, in OCS Inventory allows local users to gain privileges via a Trojan horse Perl module in an arbitrary directory.

OSVersionArchitecturePackageVersionFilename
Debian12allocsinventory-agent< 1:0.0.9.2repack1-5ocsinventory-agent_1:0.0.9.2repack1-5_all.deb
Debian11allocsinventory-agent< 1:0.0.9.2repack1-5ocsinventory-agent_1:0.0.9.2repack1-5_all.deb
Debian999allocsinventory-agent< 1:0.0.9.2repack1-5ocsinventory-agent_1:0.0.9.2repack1-5_all.deb
Debian13allocsinventory-agent< 1:0.0.9.2repack1-5ocsinventory-agent_1:0.0.9.2repack1-5_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	ocsinventory-agent	< 1:0.0.9.2repack1-5	ocsinventory-agent_1:0.0.9.2repack1-5_all.deb
Debian	11	all	ocsinventory-agent	< 1:0.0.9.2repack1-5	ocsinventory-agent_1:0.0.9.2repack1-5_all.deb
Debian	999	all	ocsinventory-agent	< 1:0.0.9.2repack1-5	ocsinventory-agent_1:0.0.9.2repack1-5_all.deb
Debian	13	all	ocsinventory-agent	< 1:0.0.9.2repack1-5	ocsinventory-agent_1:0.0.9.2repack1-5_all.deb