CVE-2009-1297 - Vulnerability Details - OpenCVE

iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Novell	Suse Linux
Opensuse	Opensuse

Configuration 1 [-]

OR	cpe:2.3:o:novell:suse_linux:10:sp2:enterprise:::::*
	cpe:2.3:o:novell:suse_linux:11:-:enterprise:::::*
	cpe:2.3:o:opensuse:opensuse:10.3:::::::*
	cpe:2.3:o:opensuse:opensuse:11.1:::::::*

No data.

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
http://www.mandriva.com/security/advisories?name=MDVSA-2013:109
https://nvd.nist.gov/vuln/detail/CVE-2009-1297
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0241
https://www.cve.org/CVERecord?id=CVE-2009-1297

History

No history.

MITRE

Status: PUBLISHED

Assigner: canonical

Published: 2009-10-23T18:00:00

Updated: 2024-08-07T05:04:49.435Z

Reserved: 2009-04-15T00:00:00

Link: CVE-2009-1297

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2009-10-23T18:30:00.267

Modified: 2025-04-09T00:30:58.490

Link: CVE-2009-1297

Redhat

Severity : Moderate

Publid Date: 2009-08-11T00:00:00Z

Links: CVE-2009-1297 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-10-13T00:00:00", "descriptions": [{"lang": "en", "value": "iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-01-11T01:57:00", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical"}, "references": [{"name": "MDVSA-2013:109", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:109"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0241"}, {"name": "SUSE-SR:2009:016", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@ubuntu.com", "ID": "CVE-2009-1297", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "MDVSA-2013:109", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:109"}, {"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0241", "refsource": "CONFIRM", "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0241"}, {"name": "SUSE-SR:2009:016", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T05:04:49.435Z"}, "title": "CVE Program Container", "references": [{"name": "MDVSA-2013:109", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:109"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0241"}, {"name": "SUSE-SR:2009:016", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"}]}]}, "cveMetadata": {"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2009-1297", "datePublished": "2009-10-23T18:00:00", "dateReserved": "2009-04-15T00:00:00", "dateUpdated": "2024-08-07T05:04:49.435Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:novell:suse_linux:10:sp2:enterprise:*:*:*:*:*", "matchCriteriaId": "3DC820C5-6283-4EB7-A5C7-B28EFEFC3926", "vulnerable": true}, {"criteria": "cpe:2.3:o:novell:suse_linux:11:-:enterprise:*:*:*:*:*", "matchCriteriaId": "BB545D91-1C4C-4692-B01A-B8DAE4A958BE", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*", "matchCriteriaId": "C35B68DF-1440-4587-8458-9C5F4D1E43F3", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*", "matchCriteriaId": "FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name."}, {"lang": "es", "value": "iscsi_discovery en open-iscsi en SUSE openSUSE versi\u00f3n 10.3 hasta la 11.1 y SUSE Linux Enterprise (SLE) versi\u00f3n 10 SP2 y 11, y otros sistemas operativos, permite a los usuarios locales sobrescribir archivos arbitrarios por medio de un ataque de enlace simb\u00f3lico (symlink) en un archivo temporal no especificado que tiene un nombre predecible."}], "id": "CVE-2009-1297", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-10-23T18:30:00.267", "references": [{"source": "security@ubuntu.com", "tags": ["Vendor Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"}, {"source": "security@ubuntu.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:109"}, {"source": "security@ubuntu.com", "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0241"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:109"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0241"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}