CVE-2009-1893

CVSS v2.0

6.9

Medium

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Red Hat dhcpd version 3.0.1 in Red Hat Enterprise Linux (RHEL) 3

Description: The issue allows local users to overwrite arbitrary files via a symlink attack on a temporary file, related to the dhcpd init script's configtest function and the "dhcpd -t" command.

Recommendations: For Red Hat dhcpd version 3.0.1 in Red Hat Enterprise Linux (RHEL) 3, consider restricting access to the configtest function in the dhcpd init script to prevent local users from overwriting arbitrary files until a fix is available.

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

CVE-2009-1893

RHSA-2009:1154

Affected Products

Red Hat

Dhcpd

CVE-2009-1893

Weakness Enumeration

Related Identifiers

Affected Products

References · 9