CVE-2009-1962

{"id": "CVE-2009-1962", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.4, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-06-08T01:00:00.843", "references": [{"url": "http://secunia.com/advisories/35320", "source": "cve@mitre.org"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:244", "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2009/04/01/6", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/34328", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49600", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-59"}]}], "descriptions": [{"lang": "en", "value": "Xfig, possibly 3.2.5, allows local users to read and write arbitrary files via a symlink attack on the (1) xfig-eps[PID], (2) xfig-pic[PID].pix, (3) xfig-pic[PID].err, (4) xfig-pcx[PID].pix, (5) xfig-xfigrc[PID], (6) xfig[PID], (7) xfig-print[PID], (8) xfig-export[PID].err, (9) xfig-batch[PID], (10) xfig-exp[PID], or (11) xfig-spell.[PID] temporary files, where [PID] is a process ID."}, {"lang": "es", "value": "Xfig en Debian GNU/Linux, posiblemente v3.2.5, permite a usuarios locales leer y escribir archivos de su elecci\u00f3n a trav\u00e9s de un enlace simb\u00f3lico a los ficheros temporales (1) xfig-eps[PID], (2) xfig-pic[PID].pix, (3) xfig-pic[PID].err, (4) xfig-pcx[PID].pix, (5) xfig-xfigrc[PID], (6) xfig[PID], (7) xfig-print[PID], (8) xfig-export[PID].err, (9) xfig-batch[PID], (10) xfig-exp[PID], or (11) xfig-spell.[PID] donde [PID] es el ID (identificador) del proceso."}], "lastModified": "2017-08-17T01:30:35.537", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:xfig:xfig:3.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD269541-F1A0-4FFD-BFB6-423BC806D076"}, {"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:alpha:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5114DA3-FBB9-47C4-857B-3212404DAD4E"}, {"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:amd64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D5F5A52-285E-4E7E-83B8-508079DBCEAE"}, {"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:arm:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "674BE2D9-009B-46C5-A071-CB10368B8D48"}, {"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:hppa:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "703486E5-906B-4BDB-A046-28D4D73E3F03"}, {"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:ia-32:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ABB5AC0D-2358-4C8E-99B5-2CE0A678F549"}, {"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:ia-64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38B37184-BA88-44F1-AC9E-8B60C2419111"}, {"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:m68k:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D8C9247-3E18-4DD9-AF5B-B2996C76443F"}, {"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:mips:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0EEA2CDD-7FCD-461E-90FC-CDB3C3992A32"}, {"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:mipsel:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7B877A8-5318-402E-8AE1-753E7419060F"}, {"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:powerpc:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3938420-087D-4D92-A2F8-EAE54D9837EC"}, {"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:s\\/390:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0331E302-352E-457D-BF75-3C12AD5E206E"}, {"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:sparc:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10F42CF8-FB98-4AFC-96C5-FD7D442B0FA3"}, {"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:alpha:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF03E406-5B00-4C49-9705-45DCDB4008DC"}, {"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:amd64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7020CA7E-FB01-4F6D-9BA7-A0D88980C21E"}, {"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:arm:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "234806CB-272F-4EFA-9FBB-C031A9C3D71C"}, {"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:armel:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A76BD7E-C96E-4279-A55A-5DC5EDB49A1C"}, {"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:hppa:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "636EE19C-B240-463C-A283-F4E78D99717E"}, {"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:ia-32:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "421F6F87-777E-411F-9F68-1CA0D6F70451"}, {"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:ia-64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29D886A2-920A-4FA6-9499-E0C25A178783"}, {"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:m68k:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04376A10-26EB-400E-B2A1-F5C594A026DF"}, {"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:mips:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9595A0F-BF18-4C50-B7FD-61685A83D8C3"}, {"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:mipsel:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47A7B824-7355-4F51-9316-B1EB3D9EB9AC"}, {"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:powerpc:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E6CFC20-96B6-46B2-9DD7-024E0775757A"}, {"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:s\\/390:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9403840E-C30B-44F1-A115-BA0A00520EA0"}, {"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:sparc:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D65FD67-8F21-4BEE-BD29-FDF69B9A437B"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}