FKIE_CVE-2009-3894

Vulnerability from fkie_nvd - Published: 2009-11-29 13:07 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple untrusted search path vulnerabilities in dstat before 0.7.0 allow local users to gain privileges via a Trojan horse Python module in (1) the current working directory or (2) a certain subdirectory of the current working directory.
References
secalert@redhat.comhttp://bugs.gentoo.org/show_bug.cgi?id=293497
secalert@redhat.comhttp://osvdb.org/60511
secalert@redhat.comhttp://secunia.com/advisories/37445
secalert@redhat.comhttp://secunia.com/advisories/37457
secalert@redhat.comhttp://security.gentoo.org/glsa/glsa-200911-04.xml
secalert@redhat.comhttp://svn.rpmforge.net/svn/trunk/tools/dstat/ChangeLog
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2009:341
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2009-1619.html
secalert@redhat.comhttp://www.securityfocus.com/bid/37131Patch
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=538459
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8969
af854a3a-2127-422b-91ae-364da2661108http://bugs.gentoo.org/show_bug.cgi?id=293497
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/60511
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37445
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37457
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200911-04.xml
af854a3a-2127-422b-91ae-364da2661108http://svn.rpmforge.net/svn/trunk/tools/dstat/ChangeLog
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2009:341
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2009-1619.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/37131Patch
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=538459
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8969
Impacted products
Vendor Product Version
dag.wieers dstat *
dag.wieers dstat 0.1
dag.wieers dstat 0.2
dag.wieers dstat 0.3
dag.wieers dstat 0.4
dag.wieers dstat 0.5
dag.wieers dstat 0.5.2
dag.wieers dstat 0.5.3
dag.wieers dstat 0.5.4
dag.wieers dstat 0.5.5
dag.wieers dstat 0.5.6
dag.wieers dstat 0.5.7
dag.wieers dstat 0.5.8
dag.wieers dstat 0.5.9
dag.wieers dstat 0.5.10
dag.wieers dstat 0.6.0
dag.wieers dstat 0.6.1
dag.wieers dstat 0.6.2
dag.wieers dstat 0.6.3
dag.wieers dstat 0.6.4
dag.wieers dstat 0.6.5
dag.wieers dstat 0.6.6
dag.wieers dstat 0.6.7
dag.wieers dstat 0.6.8
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:dag.wieers:dstat:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8839DD5-F985-4276-AE13-1B1C15A8A742",
              "versionEndIncluding": "0.6.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dag.wieers:dstat:0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE378E62-581D-43AE-B4D9-CF08E9E8B5EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dag.wieers:dstat:0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F189ACBF-4038-4E0E-B2D4-1FBD312B8D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dag.wieers:dstat:0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F93B62A-7A4E-48EA-96BC-AE557D86FCE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dag.wieers:dstat:0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "56964973-73C4-4BF4-8BE4-6E12E82B4FA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dag.wieers:dstat:0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C38978EB-D9AC-4118-8B08-B578933F3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dag.wieers:dstat:0.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9357C30-514B-4860-85C4-3DB5F86F7758",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dag.wieers:dstat:0.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A67F161-89CB-4FCD-833D-211A1BA37DA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dag.wieers:dstat:0.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AEDFEF7-08C0-405F-9761-88EF4BFDDC6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dag.wieers:dstat:0.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C034CAF4-E495-4ABA-A2FA-358EA2790DEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dag.wieers:dstat:0.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D567F7D2-B1DB-4B24-9A8F-E973C06F7CF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dag.wieers:dstat:0.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "09A92E27-1122-45D2-93A8-D3AE4E59C3A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dag.wieers:dstat:0.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA4C2451-F640-41E9-B509-3A82508753F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dag.wieers:dstat:0.5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "E24E19D4-5A74-49A9-AE71-0F83CC492D5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dag.wieers:dstat:0.5.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1B25B40-347B-475E-A8D3-9030B8FE7FD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dag.wieers:dstat:0.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF057EE5-F82C-442E-8350-2EC37E39EF1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dag.wieers:dstat:0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEAE0611-BC0C-4E08-9E09-F4B76E24975E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dag.wieers:dstat:0.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8EF9448-619E-4636-80EB-3C81307579B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dag.wieers:dstat:0.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "52723AD9-85C9-45D7-8617-23627CDE6FF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dag.wieers:dstat:0.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5909F7DA-7A7E-4F2E-B6B5-B534C5B822D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dag.wieers:dstat:0.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "41D533D4-8102-4837-BA64-575848E18E7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dag.wieers:dstat:0.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B145671-3BFA-480E-89EC-F04C53C15E21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dag.wieers:dstat:0.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "392EEB7E-C501-4C04-BE99-1DA5D022AE7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dag.wieers:dstat:0.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F18ACBF7-68F3-473F-8D26-4D5B23D2D60F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple untrusted search path vulnerabilities in dstat before 0.7.0 allow local users to gain privileges via a Trojan horse Python module in (1) the current working directory or (2) a certain subdirectory of the current working directory."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de b\u00fasqueda en ruta no confiable en dstat anterior a v0.7.0 permite a usuarios locales obtener privilegios a trav\u00e9s de un troyano en el m\u00f3dulo Python en (1) el directorio actual de trabajo o (2) cierto subdirectorio del directorio actual de trabajo."
    }
  ],
  "id": "CVE-2009-3894",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-11-29T13:07:52.063",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=293497"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://osvdb.org/60511"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/37445"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/37457"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://security.gentoo.org/glsa/glsa-200911-04.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://svn.rpmforge.net/svn/trunk/tools/dstat/ChangeLog"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:341"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1619.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/37131"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=538459"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8969"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=293497"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/60511"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37445"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37457"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200911-04.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://svn.rpmforge.net/svn/trunk/tools/dstat/ChangeLog"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:341"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1619.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/37131"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=538459"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8969"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.