CVE-2009-0032

Mandriva Linux Security Advisory 2009-028

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) 3.0 and 4.0, and Multi Network Firewall (MNF) 2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file.

CUPS sobre Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) v3.0 y v4.0, y Multi Network Firewall (MNF) v2.0, permite a usuarios locales sobrescribir archivos de su elección a través de un ataque de enlace simbólico sobre el archivo temporal /tmp/pdf.log.

Security vulnerabilities have been discovered and corrected in CUPS. CUPS before 1.3.8 allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions. CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow. CUPS shipped with Mandriva Linux allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file. The updated packages have been patched to prevent this.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2008-12-15 CVE Reserved
2009-01-25 CVE Published
2024-08-07 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-59: Improper Link Resolution Before File Access ('Link Following')

CAPEC

References (6)

URL	Tag	Source
http://securitytracker.com/id?1021637	Vdb Entry
http://www.securityfocus.com/bid/33418	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/48210	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://www.mandriva.com/security/advisories?name=MDVSA-2009:027	2017-08-08
http://www.mandriva.com/security/advisories?name=MDVSA-2009:028	2017-08-08
http://www.mandriva.com/security/advisories?name=MDVSA-2009:029	2017-08-08

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apple Search vendor "Apple"	Cups Search vendor "Apple" for product "Cups"	*	-	Affected	in	Mandriva Search vendor "Mandriva"	Corporate Server Search vendor "Mandriva" for product "Corporate Server"	3.0 Search vendor "Mandriva" for product "Corporate Server" and version "3.0"	-	Safe
Apple Search vendor "Apple"	Cups Search vendor "Apple" for product "Cups"	*	-	Affected	in	Mandriva Search vendor "Mandriva"	Corporate Server Search vendor "Mandriva" for product "Corporate Server"	3.0 Search vendor "Mandriva" for product "Corporate Server" and version "3.0"	x86_64	Safe
Apple Search vendor "Apple"	Cups Search vendor "Apple" for product "Cups"	*	-	Affected	in	Mandriva Search vendor "Mandriva"	Corporate Server Search vendor "Mandriva" for product "Corporate Server"	4.0 Search vendor "Mandriva" for product "Corporate Server" and version "4.0"	-	Safe
Apple Search vendor "Apple"	Cups Search vendor "Apple" for product "Cups"	*	-	Affected	in	Mandriva Search vendor "Mandriva"	Corporate Server Search vendor "Mandriva" for product "Corporate Server"	4.0 Search vendor "Mandriva" for product "Corporate Server" and version "4.0"	x86_64	Safe
Apple Search vendor "Apple"	Cups Search vendor "Apple" for product "Cups"	*	-	Affected	in	Mandriva Search vendor "Mandriva"	Linux Search vendor "Mandriva" for product "Linux"	2008.0 Search vendor "Mandriva" for product "Linux" and version "2008.0"	-	Safe
Apple Search vendor "Apple"	Cups Search vendor "Apple" for product "Cups"	*	-	Affected	in	Mandriva Search vendor "Mandriva"	Linux Search vendor "Mandriva" for product "Linux"	2008.0 Search vendor "Mandriva" for product "Linux" and version "2008.0"	x86_64	Safe
Apple Search vendor "Apple"	Cups Search vendor "Apple" for product "Cups"	*	-	Affected	in	Mandriva Search vendor "Mandriva"	Linux Search vendor "Mandriva" for product "Linux"	2008.1 Search vendor "Mandriva" for product "Linux" and version "2008.1"	-	Safe
Apple Search vendor "Apple"	Cups Search vendor "Apple" for product "Cups"	*	-	Affected	in	Mandriva Search vendor "Mandriva"	Linux Search vendor "Mandriva" for product "Linux"	2008.1 Search vendor "Mandriva" for product "Linux" and version "2008.1"	x86_64	Safe
Apple Search vendor "Apple"	Cups Search vendor "Apple" for product "Cups"	*	-	Affected	in	Mandriva Search vendor "Mandriva"	Linux Search vendor "Mandriva" for product "Linux"	2009.0 Search vendor "Mandriva" for product "Linux" and version "2009.0"	-	Safe
Apple Search vendor "Apple"	Cups Search vendor "Apple" for product "Cups"	*	-	Affected	in	Mandriva Search vendor "Mandriva"	Multi Network Firewall Search vendor "Mandriva" for product "Multi Network Firewall"	2.0 Search vendor "Mandriva" for product "Multi Network Firewall" and version "2.0"	-	Safe