CVE-2009-0912: Input Validation

Published Mar 16, 2009

Updated

perl-MDK-Common 1.1.11 and 1.1.24, 1.2.9 through 1.2.14, and possibly other versions, in Mandriva Linux does not properly handle strings when writing them to configuration files, which allows attackers to gain privileges via "special characters" in unspecified vectors.

Affected Software

11 affected components

Mandriva Linux=2008.1

Mandriva Linux=2008.0

Mandriva Linux Corporate Server=3.0

Mandriva Multi Network Firewall=2.0

Mandriva Linux Corporate Server=4.0

Mandriva Linux=2008.0

Mandriva Linux=2008.1

Mandriva Linux Corporate Server=3.0

Mandriva Linux=2009.0

Mandriva Linux Corporate Server=4.0

Remediation

Patch Available

http://www.securityfocus.com/bid/34089

Event History

Mar 16, 2009

CVE Published

via MITRE·05:00 PM

Data Sourced

via MITRE·05:00 PM

Description

Frequently Asked Questions

What is the severity of CVE-2009-0912?

CVE-2009-0912 is considered important as it allows attackers to gain elevated privileges on affected Mandriva Linux systems.

How do I fix CVE-2009-0912?

To fix CVE-2009-0912, users should upgrade to the patched versions of perl-MDK-Common as provided in Mandriva's security advisories.

What versions are affected by CVE-2009-0912?

CVE-2009-0912 affects perl-MDK-Common versions 1.1.11, 1.1.24, and 1.2.9 through 1.2.14, along with potentially other versions.

What type of systems are impacted by CVE-2009-0912?

CVE-2009-0912 impacts Mandriva Linux and Mandriva Linux Corporate Server installations.

Can CVE-2009-0912 lead to unauthorized access?

Yes, CVE-2009-0912 can lead to unauthorized access as it allows attackers to exploit improperly handled strings in configuration files.