Vulnerability CVE-2009-0416: Information

Description

The SSL certificate setup program (genSslCert.sh) in Standards Based Linux Instrumentation for Manageability (SBLIM) sblim-sfcb 1.3.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /var/tmp/key.pem, (2) /var/tmp/cert.pem, and (3) /var/tmp/ssl.cnf temporary files.

URL: https://nvd.nist.gov/vuln/detail/CVE-2009-0416

Published: Feb. 4, 2009

Modified: Feb. 20, 2009

Error type identifier: CWE-59

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
kernel-image-std-debug	sisyphus	4.14.85-alt1	6.1.91-alt1	ALT-PU-2018-2754-1	217182	Fixed
kernel-image-std-debug	c9f2	4.14.85-alt1	4.19.102-alt1	ALT-PU-2018-2754-1	217182	Fixed
kernel-image-std-def	sisyphus	4.14.85-alt1	6.1.91-alt1	ALT-PU-2018-2755-1	217183	Fixed
kernel-image-std-def	p10	4.14.85-alt1	5.10.216-alt1	ALT-PU-2018-2755-1	217183	Fixed
kernel-image-std-def	p9	4.14.85-alt1	5.4.275-alt1	ALT-PU-2018-2755-1	217183	Fixed
kernel-image-std-def	p8	4.9.143-alt0.M80P.1	4.9.337-alt0.M80P.1	ALT-PU-2018-2807-1	217409	Fixed
kernel-image-std-def	c9f2	4.14.85-alt1	5.10.214-alt0.c9f.2	ALT-PU-2018-2755-1	217183	Fixed
kernel-image-std-def	c7	4.4.183-alt0.M70C.1	4.4.277-alt0.M70C.1	ALT-PU-2019-2175-1	233233	Fixed
kernel-image-std-pae	c9f2	4.14.86-alt1	4.19.72-alt1	ALT-PU-2018-2814-1	217123	Fixed
kernel-image-un-def	p8	4.14.87-alt0.M80P.1	4.19.310-alt0.M80P.1	ALT-PU-2018-2832-1	217631	Fixed
kernel-image-un-def	c7	4.9.277-alt0.M70C.1	4.9.277-alt0.M70C.1	ALT-PU-2021-3032-1	281292	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
33583
[oss-security] 20090203 CVE Request: sblim-sfcb genSslCert.sh temp race
http://sourceforge.net/tracker/index.php?func=detail&aid=2561165&group_id=128809&atid=712784
51783
33795
SUSE-SR:2009:004

Affected configurations:
1. Configuration 1
  cpe:2.3:a:standards_based_linux_instrumentation:sblim-sfcb:1.3.2:*:*:*:*:*:*:*

Version: v24.5.1

Vulnerability CVE-2009-0416: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1