CVE-2009-0912Improper Input Validation in Linux

CWE-20Improper Input Validation4 documents4 sources
Severity
7.2HIGHNVD
EPSS
0.1%
top 84.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mandriva LinuxMandriva Linux Corporate ServerMandriva Multi Network Firewall
Timeline
PublishedMar 16
Latest updateMay 2

Description

perl-MDK-Common 1.1.11 and 1.1.24, 1.2.9 through 1.2.14, and possibly other versions, in Mandriva Linux does not properly handle strings when writing them to configuration files, which allows attackers to gain privileges via "special characters" in unspecified vectors.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages3 packages

NVDmandriva/linux2008.0, 2008.1, 2009.0+2

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-45w4-h5x7-85w7: perl-MDK-Common 12022-05-02
CVEList
CVE-2009-0912: perl-MDK-Common 12009-03-16

💥Exploits & PoCs

1
Exploit-DB
Blender 2.34/2.35a/2.4/2.49b - '.blend' Command Injection2009-11-05
CVE-2009-0912 — Improper Input Validation in Linux | cvebase