CVE-2009-1962

Published Jun 8, 2009

Last updated 8 years ago

CVSS info 4.4

Overview

Description: Xfig, possibly 3.2.5, allows local users to read and write arbitrary files via a symlink attack on the (1) xfig-eps[PID], (2) xfig-pic[PID].pix, (3) xfig-pic[PID].err, (4) xfig-pcx[PID].pix, (5) xfig-xfigrc[PID], (6) xfig[PID], (7) xfig-print[PID], (8) xfig-export[PID].err, (9) xfig-batch[PID], (10) xfig-exp[PID], or (11) xfig-spell.[PID] temporary files, where [PID] is a process ID.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.4
Impact score: 6.4
Exploitability score: 3.4
Vector string: AV:L/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-59

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:xfig:xfig:3.2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD269541-F1A0-4FFD-BFB6-423BC806D076"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:alpha:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F5114DA3-FBB9-47C4-857B-3212404DAD4E"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:amd64:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D5F5A52-285E-4E7E-83B8-508079DBCEAE"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:arm:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "674BE2D9-009B-46C5-A071-CB10368B8D48"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:hppa:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "703486E5-906B-4BDB-A046-28D4D73E3F03"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:ia-32:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ABB5AC0D-2358-4C8E-99B5-2CE0A678F549"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:ia-64:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "38B37184-BA88-44F1-AC9E-8B60C2419111"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:m68k:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D8C9247-3E18-4DD9-AF5B-B2996C76443F"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:mips:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0EEA2CDD-7FCD-461E-90FC-CDB3C3992A32"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:mipsel:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D7B877A8-5318-402E-8AE1-753E7419060F"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:powerpc:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3938420-087D-4D92-A2F8-EAE54D9837EC"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:s\\/390:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0331E302-352E-457D-BF75-3C12AD5E206E"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:sparc:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "10F42CF8-FB98-4AFC-96C5-FD7D442B0FA3"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:alpha:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CF03E406-5B00-4C49-9705-45DCDB4008DC"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:amd64:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7020CA7E-FB01-4F6D-9BA7-A0D88980C21E"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:arm:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "234806CB-272F-4EFA-9FBB-C031A9C3D71C"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:armel:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2A76BD7E-C96E-4279-A55A-5DC5EDB49A1C"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:hppa:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "636EE19C-B240-463C-A283-F4E78D99717E"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:ia-32:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "421F6F87-777E-411F-9F68-1CA0D6F70451"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:ia-64:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "29D886A2-920A-4FA6-9499-E0C25A178783"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:m68k:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "04376A10-26EB-400E-B2A1-F5C594A026DF"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:mips:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D9595A0F-BF18-4C50-B7FD-61685A83D8C3"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:mipsel:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "47A7B824-7355-4F51-9316-B1EB3D9EB9AC"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:powerpc:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2E6CFC20-96B6-46B2-9DD7-024E0775757A"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:s\\/390:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9403840E-C30B-44F1-A115-BA0A00520EA0"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:sparc:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D65FD67-8F21-4BEE-BD29-FDF69B9A437B"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References