Vulnerability Description
The SSL certificate setup program (genSslCert.sh) in Standards Based Linux Instrumentation for Manageability (SBLIM) sblim-sfcb 1.3.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /var/tmp/key.pem, (2) /var/tmp/cert.pem, and (3) /var/tmp/ssl.cnf temporary files.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Standards Based Linux Instrumentation | Sblim-Sfcb | 1.3.2 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
- http://osvdb.org/51783
- http://secunia.com/advisories/33795
- http://sourceforge.net/forum/forum.php?forum_id=874261
- http://sourceforge.net/tracker/index.php?func=detail&aid=2561165&group_id=128809
- http://www.securityfocus.com/bid/33583
- http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
- http://osvdb.org/51783
- http://secunia.com/advisories/33795
- http://sourceforge.net/forum/forum.php?forum_id=874261
- http://sourceforge.net/tracker/index.php?func=detail&aid=2561165&group_id=128809
- http://www.securityfocus.com/bid/33583
FAQ
What is CVE-2009-0416?
CVE-2009-0416 is a vulnerability with a CVSS score of 6.9 (MEDIUM). The SSL certificate setup program (genSslCert.sh) in Standards Based Linux Instrumentation for Manageability (SBLIM) sblim-sfcb 1.3.2 allows local users to overwrite arbitrary files via a symlink atta...
How severe is CVE-2009-0416?
CVE-2009-0416 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-0416?
Check the references section above for vendor advisories and patch information. Affected products include: Standards Based Linux Instrumentation Sblim-Sfcb.