Lucene search

[email protected]NVD:CVE-2009-1526

HistoryMay 05, 2009 - 8:30 p.m.

CVE-2009-1526

2009-05-0520:30:00

CWE-59

[email protected]

web.nvd.nist.gov

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.9%

JSON

JBMC Software DirectAdmin before 1.334 allows local users to create or overwrite any file via a symlink attack on an arbitrary file in a certain temporary directory, related to a request for this temporary file in the PATH_INFO to the CMD_DB script during a backup action.

Affected configurations

NVD

Node

jbmc-softwaredirectadminRange≤1.333

jbmc-softwaredirectadminMatch0.95

jbmc-softwaredirectadminMatch1

jbmc-softwaredirectadminMatch1.1

jbmc-softwaredirectadminMatch1.01

jbmc-softwaredirectadminMatch1.02

jbmc-softwaredirectadminMatch1.2

jbmc-softwaredirectadminMatch1.3

jbmc-softwaredirectadminMatch1.03

jbmc-softwaredirectadminMatch1.04

jbmc-softwaredirectadminMatch1.05

jbmc-softwaredirectadminMatch1.06

jbmc-softwaredirectadminMatch1.07

jbmc-softwaredirectadminMatch1.08

jbmc-softwaredirectadminMatch1.09

jbmc-softwaredirectadminMatch1.11

jbmc-softwaredirectadminMatch1.12

jbmc-softwaredirectadminMatch1.13

jbmc-softwaredirectadminMatch1.14

jbmc-softwaredirectadminMatch1.15

jbmc-softwaredirectadminMatch1.16

jbmc-softwaredirectadminMatch1.17

jbmc-softwaredirectadminMatch1.18

jbmc-softwaredirectadminMatch1.19

jbmc-softwaredirectadminMatch1.21

jbmc-softwaredirectadminMatch1.22

jbmc-softwaredirectadminMatch1.23

jbmc-softwaredirectadminMatch1.24

jbmc-softwaredirectadminMatch1.25

jbmc-softwaredirectadminMatch1.26

jbmc-softwaredirectadminMatch1.27

jbmc-softwaredirectadminMatch1.28

jbmc-softwaredirectadminMatch1.29

jbmc-softwaredirectadminMatch1.31

jbmc-softwaredirectadminMatch1.32

jbmc-softwaredirectadminMatch1.33

jbmc-softwaredirectadminMatch1.081

jbmc-softwaredirectadminMatch1.111

jbmc-softwaredirectadminMatch1.121

jbmc-softwaredirectadminMatch1.151

jbmc-softwaredirectadminMatch1.152

jbmc-softwaredirectadminMatch1.161

jbmc-softwaredirectadminMatch1.171

jbmc-softwaredirectadminMatch1.172

jbmc-softwaredirectadminMatch1.173

jbmc-softwaredirectadminMatch1.174

jbmc-softwaredirectadminMatch1.181

jbmc-softwaredirectadminMatch1.192

jbmc-softwaredirectadminMatch1.193

jbmc-softwaredirectadminMatch1.195

jbmc-softwaredirectadminMatch1.196

jbmc-softwaredirectadminMatch1.201

jbmc-softwaredirectadminMatch1.202

jbmc-softwaredirectadminMatch1.203

jbmc-softwaredirectadminMatch1.204

jbmc-softwaredirectadminMatch1.205

jbmc-softwaredirectadminMatch1.206

jbmc-softwaredirectadminMatch1.207

jbmc-softwaredirectadminMatch1.211

jbmc-softwaredirectadminMatch1.212

jbmc-softwaredirectadminMatch1.213

jbmc-softwaredirectadminMatch1.221

jbmc-softwaredirectadminMatch1.222

jbmc-softwaredirectadminMatch1.223

jbmc-softwaredirectadminMatch1.224

jbmc-softwaredirectadminMatch1.225

jbmc-softwaredirectadminMatch1.226

jbmc-softwaredirectadminMatch1.231

jbmc-softwaredirectadminMatch1.232

jbmc-softwaredirectadminMatch1.233

jbmc-softwaredirectadminMatch1.234

jbmc-softwaredirectadminMatch1.235

jbmc-softwaredirectadminMatch1.241

jbmc-softwaredirectadminMatch1.242

jbmc-softwaredirectadminMatch1.243

jbmc-softwaredirectadminMatch1.244

jbmc-softwaredirectadminMatch1.251

jbmc-softwaredirectadminMatch1.252

jbmc-softwaredirectadminMatch1.253

jbmc-softwaredirectadminMatch1.254

jbmc-softwaredirectadminMatch1.255

jbmc-softwaredirectadminMatch1.261

jbmc-softwaredirectadminMatch1.262

jbmc-softwaredirectadminMatch1.263

jbmc-softwaredirectadminMatch1.264

jbmc-softwaredirectadminMatch1.265

jbmc-softwaredirectadminMatch1.266

jbmc-softwaredirectadminMatch1.273

jbmc-softwaredirectadminMatch1.274

jbmc-softwaredirectadminMatch1.275

jbmc-softwaredirectadminMatch1.281

jbmc-softwaredirectadminMatch1.282

jbmc-softwaredirectadminMatch1.285

jbmc-softwaredirectadminMatch1.286

jbmc-softwaredirectadminMatch1.291

jbmc-softwaredirectadminMatch1.292

jbmc-softwaredirectadminMatch1.293

jbmc-softwaredirectadminMatch1.294

jbmc-softwaredirectadminMatch1.295

jbmc-softwaredirectadminMatch1.296

jbmc-softwaredirectadminMatch1.297

jbmc-softwaredirectadminMatch1.301

jbmc-softwaredirectadminMatch1.302

jbmc-softwaredirectadminMatch1.311

jbmc-softwaredirectadminMatch1.312

jbmc-softwaredirectadminMatch1.313

jbmc-softwaredirectadminMatch1.314

jbmc-softwaredirectadminMatch1.315

jbmc-softwaredirectadminMatch1.321

jbmc-softwaredirectadminMatch1.322

jbmc-softwaredirectadminMatch1.323

jbmc-softwaredirectadminMatch1.331

jbmc-softwaredirectadminMatch1.332

jbmc-softwaredirectadminMatch1.1741

jbmc-softwaredirectadminMatch1.1941

References

archives.neohapsis.com/archives/fulldisclosure/2009-04/0228.html

osvdb.org/54014

secunia.com/advisories/34861

www.directadmin.com/features.php?id=968

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.9%

JSON

Related for NVD:CVE-2009-1526

cve1 cvelist1 prion1