Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0416

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2009-0416
Last Modified 20 Feb 2009 01:47:30
Published 03 Feb 2009 06:30:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2009-0416

Summary

The SSL certificate setup program (genSslCert.sh) in Standards Based Linux Instrumentation for Manageability (SBLIM) sblim-sfcb 1.3.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /var/tmp/key.pem, (2) /var/tmp/cert.pem, and (3) /var/tmp/ssl.cnf temporary files.

Vulnerable Systems

Application

  • Standards Based Linux Instrumentation Sblim-sfcb 1.3.2


References

BID - 33583

MISC - http://sourceforge.net/tracker/index.php?func=detail&aid=2561165&group_id=128809&atid=712784

MLIST - [oss-security] 20090203 CVE Request: sblim-sfcb genSslCert.sh temp race

SECUNIA - 33795

OSVDB - 51783

SUSE - SUSE-SR:2009:004


Last Updated: 27 May 2016 10:50:14