[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-1893Date: (C)2009-07-17   (M)2023-12-22


The configtest function in the Red Hat dhcpd init script for DHCP 3.0.1 in Red Hat Enterprise Linux (RHEL) 3 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file, related to the "dhcpd -t" command.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.9
Exploit Score: 3.4
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1022554
BID-35670
SECUNIA-35831
RHSA-2009:1154
dhcp-dhcpdt-symlink(51718)
https://bugzilla.redhat.com/show_bug.cgi?id=510024
oval:org.mitre.oval:def:11597
oval:org.mitre.oval:def:6440

CWE    1
CWE-59
OVAL    3
oval:org.secpod.oval:def:200464
oval:org.secpod.oval:def:500613
oval:org.secpod.oval:def:200247

© SecPod Technologies