CVE-2009-1295

{"id": "CVE-2009-1295", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 1.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-04-30T20:30:00.390", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html", "source": "security@ubuntu.com"}, {"url": "http://secunia.com/advisories/34947", "source": "security@ubuntu.com"}, {"url": "http://secunia.com/advisories/34952", "source": "security@ubuntu.com"}, {"url": "http://secunia.com/advisories/35065", "source": "security@ubuntu.com"}, {"url": "http://www.securityfocus.com/bid/34776", "source": "security@ubuntu.com"}, {"url": "http://www.ubuntu.com/usn/usn-768-1", "tags": ["Vendor Advisory"], "source": "security@ubuntu.com"}, {"url": "https://bugs.launchpad.net/bugs/357024", "tags": ["Exploit"], "source": "security@ubuntu.com"}, {"url": "https://launchpad.net/bugs/cve/2009-1295", "source": "security@ubuntu.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-16"}]}], "descriptions": [{"lang": "en", "value": "Apport before 0.108.4 on Ubuntu 8.04 LTS, before 0.119.2 on Ubuntu 8.10, and before 1.0-0ubuntu5.2 on Ubuntu 9.04 does not properly remove files from the application's crash-report directory, which allows local users to delete arbitrary files via unspecified vectors."}, {"lang": "es", "value": "Apport anterior a v0.108.4 en Ubuntu v8.04 LTS, antes de v0.119.2 en Ubuntu v8.10, y antes de v1.0-0ubuntu5.2 en Ubuntu v9.04 no elimina adecuadamente los archivos del directorio crash-report,lo cual permite a los usuarios locales borrar archivos a su elecci\u00f3n a trav\u00e9s de vectores no especificados."}], "lastModified": "2009-05-15T05:29:04.843", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apport:apport:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE304688-05F0-4F7F-8664-E729B6FA5090", "versionEndIncluding": "0.1.0.8.1"}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu:8.0.4_lts:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9245826-44D6-432D-9447-025FD02431D1"}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu:8.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8893D670-FF80-4297-8EF8-83C6CB165604"}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu:9.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24066D17-EE95-4E06-9FAC-DA9B2227195F"}], "operator": "OR"}]}], "sourceIdentifier": "security@ubuntu.com"}