CVE-2009-0032

Published Jan 27, 2009

Last updated 8 years ago

CVSS info 6.9

Overview

Description: CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) 3.0 and 4.0, and Multi Network Firewall (MNF) 2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.9
Impact score: 10
Exploitability score: 3.4
Vector string: AV:L/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-59

Hype score: Not currently trending

Vendor comments

Red HatNot vulnerable. Red Hat does not ship the vulnerable backend that causes this flaw.

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "772C32A8-A958-47B3-855D-116B0A7E9E5D"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mandriva:corporate_server:3.0:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "694A745A-7CE4-460E-9637-5689ED6CCC95"
          },
          {
            "criteria": "cpe:2.3:o:mandriva:corporate_server:3.0:*:x86_64:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7D0156D0-33E6-48DE-80B9-75CBA1EB4D61"
          },
          {
            "criteria": "cpe:2.3:o:mandriva:corporate_server:4.0:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "35578C7D-7F96-420A-B60E-2940F7E43E28"
          },
          {
            "criteria": "cpe:2.3:o:mandriva:corporate_server:4.0:*:x86_64:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "18FE4BDE-1B2F-4DC5-AC33-A4A938762C04"
          },
          {
            "criteria": "cpe:2.3:o:mandriva:linux:2008.0:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "107F6BEE-C3CB-460A-B574-16D031D823AE"
          },
          {
            "criteria": "cpe:2.3:o:mandriva:linux:2008.0:*:x86_64:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B9B78F34-9775-4851-A489-30CEBE3BEE34"
          },
          {
            "criteria": "cpe:2.3:o:mandriva:linux:2008.1:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9E024B17-9AEE-40AD-9EDC-3BC0FBB53BE3"
          },
          {
            "criteria": "cpe:2.3:o:mandriva:linux:2008.1:*:x86_64:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FEC2E723-BC31-4E05-BF8E-FE460C32DD93"
          },
          {
            "criteria": "cpe:2.3:o:mandriva:linux:2009.0:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7F90D927-CBCD-4432-9C04-A5F040D8F337"
          },
          {
            "criteria": "cpe:2.3:o:mandriva:multi_network_firewall:2.0:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5E3891CA-CBFC-45FD-967E-03B3AF3CF1DC"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Vendor comments

Configurations

References