CVE-2009-0416

medium

Description

The SSL certificate setup program (genSslCert.sh) in Standards Based Linux Instrumentation for Manageability (SBLIM) sblim-sfcb 1.3.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /var/tmp/key.pem, (2) /var/tmp/cert.pem, and (3) /var/tmp/ssl.cnf temporary files.

References

http://www.securityfocus.com/bid/33583

http://sourceforge.net/tracker/index.php?func=detail&aid=2561165&group_id=128809&atid=712784

http://sourceforge.net/forum/forum.php?forum_id=874261

http://secunia.com/advisories/33795

http://osvdb.org/51783

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

Details

Source: Mitre, NVD

Published: 2009-02-03

Updated: 2009-02-20

Risk Information

CVSS v2

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Severity: Medium