CVE-2009-0912

EUVD-2009-0909
perl-MDK-Common 1.1.11 and 1.1.24, 1.2.9 through 1.2.14, and possibly other versions, in Mandriva Linux does not properly handle strings when writing them to configuration files, which allows attackers to gain privileges via "special characters" in unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
Affected Products (NVD)
VendorProductVersion
mandrivamulti_network_firewall
2.0
mandrivalinux
2008.0
mandrivalinux
2008.0
mandrivalinux
2008.1
mandrivalinux
2008.1
mandrivalinux
2009.0
mandrivalinux
2009.0
mandrivalinux_corporate_server
3.0
mandrivalinux_corporate_server
3.0
mandrivalinux_corporate_server
4.0
mandrivalinux_corporate_server
4.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.mandriva.com/security/advisories?name=MDVSA-2009:072
http://www.securityfocus.com/bid/34089
http://www.vupen.com/english/advisories/2009/0688
https://exchange.xforce.ibmcloud.com/vulnerabilities/49220
http://www.mandriva.com/security/advisories?name=MDVSA-2009:072
http://www.securityfocus.com/bid/34089
http://www.vupen.com/english/advisories/2009/0688
https://exchange.xforce.ibmcloud.com/vulnerabilities/49220