Vulnerabilites related to mandriva - multi_network_firewall
cve-2009-0032
Vulnerability from cvelistv5
Published
2009-01-27 20:00
Modified
2024-08-07 04:17
Severity ?
Summary
CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) 3.0 and 4.0, and Multi Network Firewall (MNF) 2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file.
References
http://securitytracker.com/id?1021637vdb-entry, x_refsource_SECTRACK
http://www.mandriva.com/security/advisories?name=MDVSA-2009:027vendor-advisory, x_refsource_MANDRIVA
https://exchange.xforce.ibmcloud.com/vulnerabilities/48210vdb-entry, x_refsource_XF
http://www.mandriva.com/security/advisories?name=MDVSA-2009:029vendor-advisory, x_refsource_MANDRIVA
http://www.mandriva.com/security/advisories?name=MDVSA-2009:028vendor-advisory, x_refsource_MANDRIVA
http://www.securityfocus.com/bid/33418vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:17:10.226Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1021637",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1021637"
          },
          {
            "name": "MDVSA-2009:027",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:027"
          },
          {
            "name": "cups-pdflog-symlink(48210)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48210"
          },
          {
            "name": "MDVSA-2009:029",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:029"
          },
          {
            "name": "MDVSA-2009:028",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:028"
          },
          {
            "name": "33418",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/33418"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-01-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) 3.0 and 4.0, and Multi Network Firewall (MNF) 2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "1021637",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1021637"
        },
        {
          "name": "MDVSA-2009:027",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:027"
        },
        {
          "name": "cups-pdflog-symlink(48210)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48210"
        },
        {
          "name": "MDVSA-2009:029",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:029"
        },
        {
          "name": "MDVSA-2009:028",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:028"
        },
        {
          "name": "33418",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/33418"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2009-0032",
    "datePublished": "2009-01-27T20:00:00",
    "dateReserved": "2008-12-15T00:00:00",
    "dateUpdated": "2024-08-07T04:17:10.226Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-0912
Vulnerability from cvelistv5
Published
2009-03-16 17:00
Modified
2024-08-07 04:57
Severity ?
Summary
perl-MDK-Common 1.1.11 and 1.1.24, 1.2.9 through 1.2.14, and possibly other versions, in Mandriva Linux does not properly handle strings when writing them to configuration files, which allows attackers to gain privileges via "special characters" in unspecified vectors.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/49220vdb-entry, x_refsource_XF
http://www.securityfocus.com/bid/34089vdb-entry, x_refsource_BID
http://www.mandriva.com/security/advisories?name=MDVSA-2009:072vendor-advisory, x_refsource_MANDRIVA
http://www.vupen.com/english/advisories/2009/0688vdb-entry, x_refsource_VUPEN
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:57:16.327Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "perlmdkcommon-unspecified-priv-escalation(49220)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49220"
          },
          {
            "name": "34089",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/34089"
          },
          {
            "name": "MDVSA-2009:072",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:072"
          },
          {
            "name": "ADV-2009-0688",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0688"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-03-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "perl-MDK-Common 1.1.11 and 1.1.24, 1.2.9 through 1.2.14, and possibly other versions, in Mandriva Linux does not properly handle strings when writing them to configuration files, which allows attackers to gain privileges via \"special characters\" in unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "perlmdkcommon-unspecified-priv-escalation(49220)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49220"
        },
        {
          "name": "34089",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/34089"
        },
        {
          "name": "MDVSA-2009:072",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:072"
        },
        {
          "name": "ADV-2009-0688",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0688"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-0912",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "perl-MDK-Common 1.1.11 and 1.1.24, 1.2.9 through 1.2.14, and possibly other versions, in Mandriva Linux does not properly handle strings when writing them to configuration files, which allows attackers to gain privileges via \"special characters\" in unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "perlmdkcommon-unspecified-priv-escalation(49220)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49220"
            },
            {
              "name": "34089",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/34089"
            },
            {
              "name": "MDVSA-2009:072",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:072"
            },
            {
              "name": "ADV-2009-0688",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/0688"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-0912",
    "datePublished": "2009-03-16T17:00:00",
    "dateReserved": "2009-03-16T00:00:00",
    "dateUpdated": "2024-08-07T04:57:16.327Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2009-03-16 17:30
Modified
2024-11-21 01:01
Severity ?
Summary
perl-MDK-Common 1.1.11 and 1.1.24, 1.2.9 through 1.2.14, and possibly other versions, in Mandriva Linux does not properly handle strings when writing them to configuration files, which allows attackers to gain privileges via "special characters" in unspecified vectors.
References
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2009:072Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/34089Patch
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/0688Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/49220
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2009:072Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/34089Patch
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/0688Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/49220
Impacted products
Vendor Product Version
mandriva multi_network_firewall 2.0
mandriva linux 2008.0
mandriva linux 2008.0
mandriva linux 2008.1
mandriva linux 2008.1
mandriva linux 2009.0
mandriva linux 2009.0
mandriva linux_corporate_server 3.0
mandriva linux_corporate_server 3.0
mandriva linux_corporate_server 4.0
mandriva linux_corporate_server 4.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mandriva:multi_network_firewall:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DCD4AE9-A466-4413-A0C8-5509CBC8DA33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandriva:linux:2008.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "107F6BEE-C3CB-460A-B574-16D031D823AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandriva:linux:2008.0:-:x86_64:*:*:*:*:*",
              "matchCriteriaId": "29197BBD-0C26-41ED-A972-E730216CC742",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandriva:linux:2008.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E024B17-9AEE-40AD-9EDC-3BC0FBB53BE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandriva:linux:2008.1:-:x86_64:*:*:*:*:*",
              "matchCriteriaId": "E6DCA59C-F054-4726-9A63-CF9419F7DC28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandriva:linux:2009.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F90D927-CBCD-4432-9C04-A5F040D8F337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*",
              "matchCriteriaId": "BA4E53C3-30E4-4FA2-8431-AC592966F4B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandriva:linux_corporate_server:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F2E9E33-9EF8-4D35-AC4F-CC371682EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandriva:linux_corporate_server:3.0:-:x86_64:*:*:*:*:*",
              "matchCriteriaId": "264BA60D-3B77-424B-907D-0B168C831787",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandriva:linux_corporate_server:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C6579A7-D98C-406F-B621-7E111EF875B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandriva:linux_corporate_server:4.0:-:x86_64:*:*:*:*:*",
              "matchCriteriaId": "7CE263F7-5E3E-4007-AEDE-E6BDE42B3081",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "perl-MDK-Common 1.1.11 and 1.1.24, 1.2.9 through 1.2.14, and possibly other versions, in Mandriva Linux does not properly handle strings when writing them to configuration files, which allows attackers to gain privileges via \"special characters\" in unspecified vectors."
    },
    {
      "lang": "es",
      "value": "perl-MDK-Common v1.1.11 y v1.1.24, v1.2.9 hasta v1.2.14, y posiblemente otras versiones, en Mandriva Linux no maneja correctamente las cadenas de caracteres cuando las a\u00f1ade a ficheros de configuraci\u00f3n, permitiendo a atacantes remotos obtener privilegios mediante \"caracteres especiales\" en vectores no especificados."
    }
  ],
  "id": "CVE-2009-0912",
  "lastModified": "2024-11-21T01:01:12.343",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-03-16T17:30:00.390",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:072"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/34089"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0688"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49220"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:072"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/34089"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0688"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49220"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2009-01-27 20:30
Modified
2024-11-21 00:58
Severity ?
Summary
CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) 3.0 and 4.0, and Multi Network Firewall (MNF) 2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file.
References
secalert@redhat.comhttp://securitytracker.com/id?1021637
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2009:027Vendor Advisory
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2009:028
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2009:029Vendor Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/33418
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/48210
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1021637
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2009:027Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2009:028
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2009:029Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/33418
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/48210
Impacted products
Vendor Product Version
apple cups *
mandriva corporate_server 3.0
mandriva corporate_server 3.0
mandriva corporate_server 4.0
mandriva corporate_server 4.0
mandriva linux 2008.0
mandriva linux 2008.0
mandriva linux 2008.1
mandriva linux 2008.1
mandriva linux 2009.0
mandriva multi_network_firewall 2.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "772C32A8-A958-47B3-855D-116B0A7E9E5D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mandriva:corporate_server:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "694A745A-7CE4-460E-9637-5689ED6CCC95",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:mandriva:corporate_server:3.0:*:x86_64:*:*:*:*:*",
              "matchCriteriaId": "7D0156D0-33E6-48DE-80B9-75CBA1EB4D61",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:mandriva:corporate_server:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "35578C7D-7F96-420A-B60E-2940F7E43E28",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:mandriva:corporate_server:4.0:*:x86_64:*:*:*:*:*",
              "matchCriteriaId": "18FE4BDE-1B2F-4DC5-AC33-A4A938762C04",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:mandriva:linux:2008.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "107F6BEE-C3CB-460A-B574-16D031D823AE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:mandriva:linux:2008.0:*:x86_64:*:*:*:*:*",
              "matchCriteriaId": "B9B78F34-9775-4851-A489-30CEBE3BEE34",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:mandriva:linux:2008.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E024B17-9AEE-40AD-9EDC-3BC0FBB53BE3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:mandriva:linux:2008.1:*:x86_64:*:*:*:*:*",
              "matchCriteriaId": "FEC2E723-BC31-4E05-BF8E-FE460C32DD93",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:mandriva:linux:2009.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F90D927-CBCD-4432-9C04-A5F040D8F337",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:mandriva:multi_network_firewall:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E3891CA-CBFC-45FD-967E-03B3AF3CF1DC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) 3.0 and 4.0, and Multi Network Firewall (MNF) 2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file."
    },
    {
      "lang": "es",
      "value": "CUPS sobre  Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) v3.0 y v4.0, y Multi Network Firewall (MNF) v2.0, permite a usuarios locales sobrescribir archivos de su elecci\u00f3n a trav\u00e9s de un ataque de enlace simb\u00f3lico sobre el archivo temporal /tmp/pdf.log."
    }
  ],
  "id": "CVE-2009-0032",
  "lastModified": "2024-11-21T00:58:54.667",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-01-27T20:30:00.377",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://securitytracker.com/id?1021637"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:027"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:028"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:029"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/33418"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48210"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1021637"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:027"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:028"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:029"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/33418"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48210"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vendorComments": [
    {
      "comment": "Not vulnerable. Red Hat does not ship the vulnerable backend that causes this flaw.",
      "lastModified": "2009-01-27T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}