CVE-2009-1962
Published Jun 8, 2009
Last updated 7 years ago
Overview
- Description
- Xfig, possibly 3.2.5, allows local users to read and write arbitrary files via a symlink attack on the (1) xfig-eps[PID], (2) xfig-pic[PID].pix, (3) xfig-pic[PID].err, (4) xfig-pcx[PID].pix, (5) xfig-xfigrc[PID], (6) xfig[PID], (7) xfig-print[PID], (8) xfig-export[PID].err, (9) xfig-batch[PID], (10) xfig-exp[PID], or (11) xfig-spell.[PID] temporary files, where [PID] is a process ID.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.4
- Impact score
- 6.4
- Exploitability score
- 3.4
- Vector string
- AV:L/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-59
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xfig:xfig:3.2.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BD269541-F1A0-4FFD-BFB6-423BC806D076"
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:alpha:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F5114DA3-FBB9-47C4-857B-3212404DAD4E"
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:amd64:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4D5F5A52-285E-4E7E-83B8-508079DBCEAE"
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:arm:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "674BE2D9-009B-46C5-A071-CB10368B8D48"
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:hppa:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "703486E5-906B-4BDB-A046-28D4D73E3F03"
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:ia-32:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ABB5AC0D-2358-4C8E-99B5-2CE0A678F549"
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:ia-64:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "38B37184-BA88-44F1-AC9E-8B60C2419111"
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:m68k:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0D8C9247-3E18-4DD9-AF5B-B2996C76443F"
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:mips:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0EEA2CDD-7FCD-461E-90FC-CDB3C3992A32"
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:mipsel:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D7B877A8-5318-402E-8AE1-753E7419060F"
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:powerpc:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A3938420-087D-4D92-A2F8-EAE54D9837EC"
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:s\\/390:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0331E302-352E-457D-BF75-3C12AD5E206E"
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:sparc:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "10F42CF8-FB98-4AFC-96C5-FD7D442B0FA3"
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:alpha:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CF03E406-5B00-4C49-9705-45DCDB4008DC"
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:amd64:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7020CA7E-FB01-4F6D-9BA7-A0D88980C21E"
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:arm:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "234806CB-272F-4EFA-9FBB-C031A9C3D71C"
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:armel:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2A76BD7E-C96E-4279-A55A-5DC5EDB49A1C"
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:hppa:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "636EE19C-B240-463C-A283-F4E78D99717E"
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:ia-32:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "421F6F87-777E-411F-9F68-1CA0D6F70451"
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:ia-64:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "29D886A2-920A-4FA6-9499-E0C25A178783"
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:m68k:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "04376A10-26EB-400E-B2A1-F5C594A026DF"
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:mips:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D9595A0F-BF18-4C50-B7FD-61685A83D8C3"
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:mipsel:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "47A7B824-7355-4F51-9316-B1EB3D9EB9AC"
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:powerpc:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2E6CFC20-96B6-46B2-9DD7-024E0775757A"
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:s\\/390:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9403840E-C30B-44F1-A115-BA0A00520EA0"
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:sparc:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1D65FD67-8F21-4BEE-BD29-FDF69B9A437B"
}
],
"operator": "OR"
}
]
}
]