Vulnerability Description
perl-MDK-Common 1.1.11 and 1.1.24, 1.2.9 through 1.2.14, and possibly other versions, in Mandriva Linux does not properly handle strings when writing them to configuration files, which allows attackers to gain privileges via "special characters" in unspecified vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mandriva | Multi Network Firewall | 2.0 |
| Mandriva | Linux | 2008.0 |
| Mandriva | Linux Corporate Server | 3.0 |
Related Weaknesses (CWE)
References
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:072Vendor Advisory
- http://www.securityfocus.com/bid/34089Patch
- http://www.vupen.com/english/advisories/2009/0688Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49220
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:072Vendor Advisory
- http://www.securityfocus.com/bid/34089Patch
- http://www.vupen.com/english/advisories/2009/0688Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49220
FAQ
What is CVE-2009-0912?
CVE-2009-0912 is a vulnerability with a CVSS score of 7.2 (HIGH). perl-MDK-Common 1.1.11 and 1.1.24, 1.2.9 through 1.2.14, and possibly other versions, in Mandriva Linux does not properly handle strings when writing them to configuration files, which allows attacker...
How severe is CVE-2009-0912?
CVE-2009-0912 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-0912?
Check the references section above for vendor advisories and patch information. Affected products include: Mandriva Multi Network Firewall, Mandriva Linux, Mandriva Linux Corporate Server.