CVE-2009-0032 - Vulnerability Details - OpenCVE

CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) 3.0 and 4.0, and Multi Network Firewall (MNF) 2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Cups
Mandriva	Corporate Server Linux Multi Network Firewall

Configuration 1 [-]

AND

cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:mandriva:corporate_server:3.0:::::::*
	cpe:2.3:o:mandriva:corporate_server:3.0::x86_64:::::
	cpe:2.3:o:mandriva:corporate_server:4.0:::::::*
	cpe:2.3:o:mandriva:corporate_server:4.0::x86_64:::::
	cpe:2.3:o:mandriva:linux:2008.0:::::::*
	cpe:2.3:o:mandriva:linux:2008.0::x86_64:::::
	cpe:2.3:o:mandriva:linux:2008.1:::::::*
	cpe:2.3:o:mandriva:linux:2008.1::x86_64:::::
	cpe:2.3:o:mandriva:linux:2009.0:::::::*
	cpe:2.3:o:mandriva:multi_network_firewall:2.0:::::::*

No data.

References

Link	Providers
http://securitytracker.com/id?1021637
http://www.mandriva.com/security/advisories?name=MDVSA-2009:027
http://www.mandriva.com/security/advisories?name=MDVSA-2009:028
http://www.mandriva.com/security/advisories?name=MDVSA-2009:029
http://www.securityfocus.com/bid/33418
https://exchange.xforce.ibmcloud.com/vulnerabilities/48210

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2009-01-27T20:00:00

Updated: 2024-08-07T04:17:10.226Z

Reserved: 2008-12-15T00:00:00

Link: CVE-2009-0032

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2009-01-27T20:30:00.377

Modified: 2025-04-09T00:30:58.490

Link: CVE-2009-0032

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-01-24T00:00:00", "descriptions": [{"lang": "en", "value": "CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) 3.0 and 4.0, and Multi Network Firewall (MNF) 2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "1021637", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1021637"}, {"name": "MDVSA-2009:027", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:027"}, {"name": "cups-pdflog-symlink(48210)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48210"}, {"name": "MDVSA-2009:029", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:029"}, {"name": "MDVSA-2009:028", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:028"}, {"name": "33418", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/33418"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T04:17:10.226Z"}, "title": "CVE Program Container", "references": [{"name": "1021637", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1021637"}, {"name": "MDVSA-2009:027", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:027"}, {"name": "cups-pdflog-symlink(48210)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48210"}, {"name": "MDVSA-2009:029", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:029"}, {"name": "MDVSA-2009:028", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:028"}, {"name": "33418", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/33418"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2009-0032", "datePublished": "2009-01-27T20:00:00", "dateReserved": "2008-12-15T00:00:00", "dateUpdated": "2024-08-07T04:17:10.226Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*", "matchCriteriaId": "772C32A8-A958-47B3-855D-116B0A7E9E5D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:mandriva:corporate_server:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "694A745A-7CE4-460E-9637-5689ED6CCC95", "vulnerable": false}, {"criteria": "cpe:2.3:o:mandriva:corporate_server:3.0:*:x86_64:*:*:*:*:*", "matchCriteriaId": "7D0156D0-33E6-48DE-80B9-75CBA1EB4D61", "vulnerable": false}, {"criteria": "cpe:2.3:o:mandriva:corporate_server:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "35578C7D-7F96-420A-B60E-2940F7E43E28", "vulnerable": false}, {"criteria": "cpe:2.3:o:mandriva:corporate_server:4.0:*:x86_64:*:*:*:*:*", "matchCriteriaId": "18FE4BDE-1B2F-4DC5-AC33-A4A938762C04", "vulnerable": false}, {"criteria": "cpe:2.3:o:mandriva:linux:2008.0:*:*:*:*:*:*:*", "matchCriteriaId": "107F6BEE-C3CB-460A-B574-16D031D823AE", "vulnerable": false}, {"criteria": "cpe:2.3:o:mandriva:linux:2008.0:*:x86_64:*:*:*:*:*", "matchCriteriaId": "B9B78F34-9775-4851-A489-30CEBE3BEE34", "vulnerable": false}, {"criteria": "cpe:2.3:o:mandriva:linux:2008.1:*:*:*:*:*:*:*", "matchCriteriaId": "9E024B17-9AEE-40AD-9EDC-3BC0FBB53BE3", "vulnerable": false}, {"criteria": "cpe:2.3:o:mandriva:linux:2008.1:*:x86_64:*:*:*:*:*", "matchCriteriaId": "FEC2E723-BC31-4E05-BF8E-FE460C32DD93", "vulnerable": false}, {"criteria": "cpe:2.3:o:mandriva:linux:2009.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F90D927-CBCD-4432-9C04-A5F040D8F337", "vulnerable": false}, {"criteria": "cpe:2.3:o:mandriva:multi_network_firewall:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "5E3891CA-CBFC-45FD-967E-03B3AF3CF1DC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) 3.0 and 4.0, and Multi Network Firewall (MNF) 2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file."}, {"lang": "es", "value": "CUPS sobre Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) v3.0 y v4.0, y Multi Network Firewall (MNF) v2.0, permite a usuarios locales sobrescribir archivos de su elecci\u00f3n a trav\u00e9s de un ataque de enlace simb\u00f3lico sobre el archivo temporal /tmp/pdf.log."}], "id": "CVE-2009-0032", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-01-27T20:30:00.377", "references": [{"source": "secalert@redhat.com", "url": "http://securitytracker.com/id?1021637"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:027"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:028"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:029"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/33418"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48210"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1021637"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:027"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:028"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:029"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/33418"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48210"}], "sourceIdentifier": "secalert@redhat.com", "vendorComments": [{"comment": "Not vulnerable. Red Hat does not ship the vulnerable backend that causes this flaw.", "lastModified": "2009-01-27T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}