CVE-2009-1893

Published Jul 17, 2009

Last updated 2 years ago

Overview

Description: The configtest function in the Red Hat dhcpd init script for DHCP 3.0.1 in Red Hat Enterprise Linux (RHEL) 3 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file, related to the "dhcpd -t" command.
Source: secalert@redhat.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.9
Impact score: 10
Exploitability score: 3.4
Vector string: AV:L/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-59

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "40D8DAE0-8E75-435C-9BD6-FAEED2ACB47C"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:as:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "327FEE54-79EC-4B5E-B838-F3C61FCDF48E"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:es:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "056C1C15-D110-4309-A9A6-41BD753FE4F2"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:ws:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "08392974-5AC1-4B12-893F-3F733EF05F80"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1E94449B-6FB0-4E4D-9D92-144A1C474761"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6824B249-D222-4F29-8C29-E92071F12621"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F7A3F32-C297-4331-9B8D-1CF8F3D32315"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc12:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B4959ABA-9F2E-4003-9566-DBE3177AE233"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc13:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0CE2A3CA-EFB6-4547-BED8-CAC39156F10B"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc14:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5DE205EE-F708-4E4A-A861-EBF6D3C062F7"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD8EBBF0-A61B-4FF0-B055-9BA2A21617A4"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B3141202-993D-4E80-9EAD-ACA6C1343D6E"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E0768D1-37D3-4C17-A3A9-94EA237392AB"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F167B922-DD9E-4DD1-BB8F-B232711BACCD"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E23602E-FFA1-49E2-BF4C-BC5D074517B4"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8DA200FE-D261-4532-AC63-1208611AFE46"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References