CVE-2009-0912
Mandriva Multi Network Firewall - Privilege Escalation via Configuration File String Handling
Title source: llmDescription
perl-MDK-Common 1.1.11 and 1.1.24, 1.2.9 through 1.2.14, and possibly other versions, in Mandriva Linux does not properly handle strings when writing them to configuration files, which allows attackers to gain privileges via "special characters" in unspecified vectors.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/49220
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/34089
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:072
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/0688
Scores
EPSS
0.0037
EPSS Percentile
29.6%
Details
CWE
CWE-20
Status
published
Products (6)
mandriva/linux
2008.0 (2 CPE variants)
mandriva/linux
2008.1 (2 CPE variants)
mandriva/linux
2009.0 (2 CPE variants)
mandriva/linux_corporate_server
3.0 (2 CPE variants)
mandriva/linux_corporate_server
4.0 (2 CPE variants)
mandriva/multi_network_firewall
2.0
Published
Mar 16, 2009
Tracked Since
Feb 18, 2026