CVE-2009-0912

Mandriva Multi Network Firewall - Privilege Escalation via Configuration File String Handling

Title source: llm
STIX 2.1

Description

perl-MDK-Common 1.1.11 and 1.1.24, 1.2.9 through 1.2.14, and possibly other versions, in Mandriva Linux does not properly handle strings when writing them to configuration files, which allows attackers to gain privileges via "special characters" in unspecified vectors.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/49220
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/34089
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:072
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/0688

Scores

EPSS 0.0037
EPSS Percentile 29.6%

Details

CWE
CWE-20
Status published
Products (6)
mandriva/linux 2008.0 (2 CPE variants)
mandriva/linux 2008.1 (2 CPE variants)
mandriva/linux 2009.0 (2 CPE variants)
mandriva/linux_corporate_server 3.0 (2 CPE variants)
mandriva/linux_corporate_server 4.0 (2 CPE variants)
mandriva/multi_network_firewall 2.0
Published Mar 16, 2009
Tracked Since Feb 18, 2026