CVE-2009-0032

EPSS 0.03%
Published 27.01.2009 20:30:00
Last modified 09.04.2025 00:30:58
Source secalert@redhat.com
Teams watchlist Login
Open Login

CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) 3.0 and 4.0, and Multi Network Firewall (MNF) 2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file.

Affected products Warnungen 0 Metrics 2 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Apple ≫ Cups

   Mandriva ≫ Corporate Server Version3.0
   Mandriva ≫ Corporate Server Version3.0 Editionx86_64
   Mandriva ≫ Corporate Server Version4.0
   Mandriva ≫ Corporate Server Version4.0 Editionx86_64
   Mandriva ≫ Linux Version2008.0
   Mandriva ≫ Linux Version2008.0 Editionx86_64
   Mandriva ≫ Linux Version2008.1
   Mandriva ≫ Linux Version2008.1 Editionx86_64
   Mandriva ≫ Linux Version2009.0
   Mandriva ≫ Multi Network Firewall Version2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.059

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.9	3.4	10	AV:L/AC:M/Au:N/C:C/I:C/A:C

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

http://www.mandriva.com/security/advisories?name=MDVSA-2009:028

http://www.mandriva.com/security/advisories?name=MDVSA-2009:029

Vendor Advisory

http://securitytracker.com/id?1021637

http://www.mandriva.com/security/advisories?name=MDVSA-2009:027

Vendor Advisory

http://www.securityfocus.com/bid/33418

https://exchange.xforce.ibmcloud.com/vulnerabilities/48210

https://nvd.nist.gov/vuln/detail/CVE-2009-0032

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-0032

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-0032

EUVD