Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1144

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2009-1144
Last Modified 16 Apr 2009 01:38:31
Published 09 Apr 2009 11:08:35
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2009-1144

Summary

Untrusted search path vulnerability in the Gentoo package of Xpdf before 3.02-r2 allows local users to gain privileges via a Trojan horse xpdfrc file in the current working directory, related to an unset SYSTEM_XPDFRC macro in a Gentoo build process that uses the poppler library.

Vulnerable Systems

Application

  • Foolabs Xpdf 0.2

  • Foolabs Xpdf 0.3

  • Foolabs Xpdf 0.4

  • Foolabs Xpdf 0.5

  • Foolabs Xpdf 0.5a

  • Foolabs Xpdf 0.6

  • Foolabs Xpdf 0.7

  • Foolabs Xpdf 0.7a

  • Foolabs Xpdf 0.80

  • Foolabs Xpdf 0.90

  • Foolabs Xpdf 0.91

  • Foolabs Xpdf 0.91a

  • Foolabs Xpdf 0.91b

  • Foolabs Xpdf 0.91c

  • Foolabs Xpdf 0.92a

  • Foolabs Xpdf 0.92b

  • Foolabs Xpdf 0.92c

  • Foolabs Xpdf 0.92d

  • Foolabs Xpdf 0.92e

  • Foolabs Xpdf 0.93

  • Foolabs Xpdf 0.93a

  • Foolabs Xpdf 0.93b

  • Foolabs Xpdf 0.93c

  • Foolabs Xpdf 1.00

  • Foolabs Xpdf 1.00a

  • Foolabs Xpdf 1.01

  • Foolabs Xpdf 2.00

  • Foolabs Xpdf 2.01

  • Foolabs Xpdf 2.02

  • Foolabs Xpdf 2.03

  • Foolabs Xpdf 3.00

  • Foolabs Xpdf 3.02


References

BID - 34401

GENTOO - GLSA-200904-07

SECUNIA - 34610

OSVDB - 53529

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=242930

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=200023


Last Updated: 27 May 2016 10:50:28