Vulnerability CVE-2009-0912
Published: 2009-03-16   Modified: 2012-02-13

Description:
perl-MDK-Common 1.1.11 and 1.1.24, 1.2.9 through 1.2.14, and possibly other versions, in Mandriva Linux does not properly handle strings when writing them to configuration files, which allows attackers to gain privileges via "special characters" in unspecified vectors.

Type:

CWE-20

 (Improper Input Validation)

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Mandriva -> Multi network firewall 
Mandriva -> Linux 
Mandriva -> Linux corporate server 

 References:
http://www.securityfocus.com/bid/34089
http://xforce.iss.net/xforce/xfdb/49220
http://www.vupen.com/english/advisories/2009/0688
http://www.mandriva.com/security/advisories?name=MDVSA-2009:072
Copyright 2024, cxsecurity.com

 

Back to Top