Lucene search

K
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2009-5023
HistoryJun 10, 2014 - 2:55 p.m.

CVE-2009-5023

2014-06-1014:55:08
Debian Security Bug Tracker
security-tracker.debian.org
6

4.7 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:N/I:C/A:N

0.0004 Low

EPSS

Percentile

5.1%

The (1) dshield.conf, (2) mail-buffered.conf, (3) mynetwatchman.conf, and (4) mynetwatchman.conf actions in action.d/ in Fail2ban before 0.8.5 allows local users to write to arbitrary files via a symlink attack on temporary files with predictable names, as demonstrated by /tmp/fail2ban-mail.txt.

4.7 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:N/I:C/A:N

0.0004 Low

EPSS

Percentile

5.1%