6.9

CVE-2009-1893

The configtest function in the Red Hat dhcpd init script for DHCP 3.0.1 in Red Hat Enterprise Linux (RHEL) 3 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file, related to the "dhcpd -t" command.

Data is provided by the National Vulnerability Database (NVD)
RedhatEnterprise Linux Version3.0
RedhatEnterprise Linux Version3.0 Editionas
RedhatEnterprise Linux Version3.0 Editiones
RedhatEnterprise Linux Version3.0 Editionws
IscDhcp Version3.0.1 Updaterc1
IscDhcp Version3.0.1 Updaterc10
IscDhcp Version3.0.1 Updaterc11
IscDhcp Version3.0.1 Updaterc12
IscDhcp Version3.0.1 Updaterc13
IscDhcp Version3.0.1 Updaterc14
IscDhcp Version3.0.1 Updaterc2
IscDhcp Version3.0.1 Updaterc5
IscDhcp Version3.0.1 Updaterc6
IscDhcp Version3.0.1 Updaterc7
IscDhcp Version3.0.1 Updaterc8
IscDhcp Version3.0.1 Updaterc9
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.08% 0.205
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.9 3.4 10
AV:L/AC:M/Au:N/C:C/I:C/A:C
CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.