CVE-2009-1297
Mandriva Linux Security Advisory 2013-109
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name.
iscsi_discovery en open-iscsi en SUSE openSUSE versión 10.3 hasta la 11.1 y SUSE Linux Enterprise (SLE) versión 10 SP2 y 11, y otros sistemas operativos, permite a los usuarios locales sobrescribir archivos arbitrarios por medio de un ataque de enlace simbólico (symlink) en un archivo temporal no especificado que tiene un nombre predecible.
Colin Watson discovered that iscsi_discovery in Open-iSCSI did not safely create temporary files. A local attacker could exploit this to to overwrite arbitrary files with root privileges.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-04-15 CVE Reserved
- 2009-10-23 CVE Published
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-59: Improper Link Resolution Before File Access ('Link Following')
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0241 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html | 2018-10-30 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2013:109 | 2018-10-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Novell Search vendor "Novell" | Suse Linux Search vendor "Novell" for product "Suse Linux" | 10 Search vendor "Novell" for product "Suse Linux" and version "10" | sp2, enterprise |
Affected
| ||||||
| Novell Search vendor "Novell" | Suse Linux Search vendor "Novell" for product "Suse Linux" | 11 Search vendor "Novell" for product "Suse Linux" and version "11" | enterprise |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 10.3 Search vendor "Opensuse" for product "Opensuse" and version "10.3" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 11.1 Search vendor "Opensuse" for product "Opensuse" and version "11.1" | - |
Affected
| ||||||