CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2009-0416
https://notcve.org/view.php?id=CVE-2009-0416
The SSL certificate setup program (genSslCert.sh) in Standards Based Linux Instrumentation for Manageability (SBLIM) sblim-sfcb 1.3.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /var/tmp/key.pem, (2) /var/tmp/cert.pem, and (3) /var/tmp/ssl.cnf temporary files. El programa de instalación de certificados SSL (genSslCert.sh) en Standards Based Linux Instrumentation for Manageability (SBLIM)sblim-sfcb v1.3.2 permite a usuarios locales sobrescribir ficheros de su elección a través de un ataque de enlace simbólico sobre los ficheros temporales 1) /var/tmp/key.pem, (2) /var/tmp/cert.pem, and (3) /var/tmp/ssl.cnf • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://osvdb.org/51783 http://secunia.com/advisories/33795 http://sourceforge.net/forum/forum.php?forum_id=874261 http://sourceforge.net/tracker/index.php?func=detail&aid=2561165&group_id=128809&atid=712784 http://www.securityfocus.com/bid/33583 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2005-3145
https://notcve.org/view.php?id=CVE-2005-3145
httpAdapter.c in sblim-sfcb before 0.9.2 allows remote attackers to cause a denial of service (resource consumption) by connecting to sblim-sfcb but not sending any data. • http://secunia.com/advisories/16975 http://sourceforge.net/project/shownotes.php?release_id=359700 •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2005-3144
https://notcve.org/view.php?id=CVE-2005-3144
httpAdapter.c in sblim-sfcb before 0.9.2 allows remote attackers to cause a denial of service via long HTTP headers. • http://secunia.com/advisories/16975 http://sourceforge.net/project/shownotes.php?release_id=359700 http://www.securityfocus.com/bid/14972 •