CVE-2009-0912

perl-MDK-Common 1.1.11 and 1.1.24, 1.2.9 through 1.2.14, and possibly other versions, in Mandriva Linux does not properly handle strings when writing them to configuration files, which allows attackers to gain privileges via "special characters" in unspecified vectors.

Published: Mar 16, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-0912
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
mandriva / linux	2008.1	2008.1.x
mandriva / linux	2008.0	2008.0.x
mandriva / linux_corporate_server	3.0	3.0.x
mandriva / multi_network_firewall	2.0	2.0.x
mandriva / linux_corporate_server	4.0	4.0.x
mandriva / linux	2009.0	2009.0.x

http://www.mandriva.com/security/advisories?name=MDVSA-2009:072
http://www.securityfocus.com/bid/34089
http://www.vupen.com/english/advisories/2009/0688
https://exchange.xforce.ibmcloud.com/vulnerabilities/49220

Vulnerability Database

289,599

CVE-2009-0912