CVE-2009-1893

The configtest function in the Red Hat dhcpd init script for DHCP 3.0.1 in Red Hat Enterprise Linux (RHEL) 3 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file, related to the "dhcpd -t" command.

CVSS v2.0 6.9 MEDIUM

6.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/35831	Vendor Advisory
http://securitytracker.com/id?1022554
http://www.redhat.com/support/errata/RHSA-2009-1154.html	Vendor Advisory
http://www.securityfocus.com/bid/35670
https://bugzilla.redhat.com/show_bug.cgi?id=510024
https://exchange.xforce.ibmcloud.com/vulnerabilities/51718
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11597
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6440

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:redhat:enterprise_linux:3.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:3.0::as:::::
	cpe:2.3:o:redhat:enterprise_linux:3.0::es:::::
	cpe:2.3:o:redhat:enterprise_linux:3.0::ws:::::

OR	cpe:2.3:a:isc:dhcp:3.0.1:rc1::::::
	cpe:2.3:a:isc:dhcp:3.0.1:rc10::::::
	cpe:2.3:a:isc:dhcp:3.0.1:rc11::::::
	cpe:2.3:a:isc:dhcp:3.0.1:rc12::::::
	cpe:2.3:a:isc:dhcp:3.0.1:rc13::::::
	cpe:2.3:a:isc:dhcp:3.0.1:rc14::::::
	cpe:2.3:a:isc:dhcp:3.0.1:rc2::::::
	cpe:2.3:a:isc:dhcp:3.0.1:rc5::::::
	cpe:2.3:a:isc:dhcp:3.0.1:rc6::::::
	cpe:2.3:a:isc:dhcp:3.0.1:rc7::::::
	cpe:2.3:a:isc:dhcp:3.0.1:rc8::::::
	cpe:2.3:a:isc:dhcp:3.0.1:rc9::::::

History

No history.

Information

Published : 2009-07-17 16:30

Updated : 2024-02-04 17:33

NVD link : CVE-2009-1893

Mitre link : CVE-2009-1893

CVE.ORG link : CVE-2009-1893

JSON object : View

Products Affected

redhat

enterprise_linux

isc

dhcp

CWE

CWE-59

Improper Link Resolution Before File Access ('Link Following')

{"id": "CVE-2009-1893", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-07-17T16:30:00.890", "references": [{"url": "http://secunia.com/advisories/35831", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://securitytracker.com/id?1022554", "source": "secalert@redhat.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2009-1154.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/35670", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=510024", "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51718", "source": "secalert@redhat.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11597", "source": "secalert@redhat.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6440", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-59"}]}], "descriptions": [{"lang": "en", "value": "The configtest function in the Red Hat dhcpd init script for DHCP 3.0.1 in Red Hat Enterprise Linux (RHEL) 3 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file, related to the \"dhcpd -t\" command."}, {"lang": "es", "value": "La funci\u00f3n configtest en la secuencia de comandos de inicio del DHCPD en Red Hat para DHCP 3.0.1 en Red Hat Enterprise Linux (RHEL) 3 permite a usuarios locales sobrescribir ficheros de su elecci\u00f3n a trav\u00e9s de un ataque de enlace simb\u00f3lico sobre un fichero temporal no especificado, relativo al comando \"dhcpd -t\"."}], "lastModified": "2023-02-13T01:17:31.083", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40D8DAE0-8E75-435C-9BD6-FAEED2ACB47C"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:as:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "327FEE54-79EC-4B5E-B838-F3C61FCDF48E"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:es:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "056C1C15-D110-4309-A9A6-41BD753FE4F2"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:ws:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08392974-5AC1-4B12-893F-3F733EF05F80"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E94449B-6FB0-4E4D-9D92-144A1C474761"}, {"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6824B249-D222-4F29-8C29-E92071F12621"}, {"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F7A3F32-C297-4331-9B8D-1CF8F3D32315"}, {"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc12:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4959ABA-9F2E-4003-9566-DBE3177AE233"}, {"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc13:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0CE2A3CA-EFB6-4547-BED8-CAC39156F10B"}, {"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc14:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5DE205EE-F708-4E4A-A861-EBF6D3C062F7"}, {"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD8EBBF0-A61B-4FF0-B055-9BA2A21617A4"}, {"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3141202-993D-4E80-9EAD-ACA6C1343D6E"}, {"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E0768D1-37D3-4C17-A3A9-94EA237392AB"}, {"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F167B922-DD9E-4DD1-BB8F-B232711BACCD"}, {"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E23602E-FFA1-49E2-BF4C-BC5D074517B4"}, {"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DA200FE-D261-4532-AC63-1208611AFE46"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "secalert@redhat.com"}