CVE-2009-0390

Enomaly Elastic Computing Platform <2.1.1 - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0390. PoCs published by Sam Johnston.

AI-analyzed exploit summary The document describes multiple vulnerabilities in Enomaly ECP/Enomalism before version 2.2.1, specifically focusing on insecure temporary file handling in enomalism2.sh. It details bypass techniques for root ownership checks and process checks, along with potential impacts such as arbitrary file overwrites and denial of service.

Description

Argument injection vulnerability in Enomaly Elastic Computing Platform (ECP), formerly Enomalism, before 2.1.1 allows local users to send signals to arbitrary processes by populating the /tmp/enomalism2.pid file with command-line arguments for the kill program.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Sam Johnston · textlocalmultiple
https://www.exploit-db.com/exploits/8067

The document describes multiple vulnerabilities in Enomaly ECP/Enomalism before version 2.2.1, specifically focusing on insecure temporary file handling in enomalism2.sh. It details bypass techniques for root ownership checks and process checks, along with potential impacts such as arbitrary file overwrites and denial of service.

Classification
Writeup 100%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Enomaly ECP/Enomalism < 2.2.1
No auth needed
Prerequisites: Local access to the system · Ability to create symlinks in /tmp
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/500573/100/0/threaded

Scores

EPSS 0.0037
EPSS Percentile 58.9%

Details

CWE
CWE-94
Status published
Products (2)
enomaly/elastic_computing_platform 2.1 beta_2
enomaly/elastic_computing_platform < 2.1
Published Feb 02, 2009
Tracked Since Feb 18, 2026