Executive Summary

Informations
Name MDVSA-2009:072 First vendor Publication 2009-03-10
Vendor Mandriva Last vendor Modification 2009-03-10
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Some vulnerabilities were discovered and corrected in perl-MDK-Common:

The functions used to write strings into shell like configuration files by Mandriva tools were not taking care of some special characters. This could lead to some bugs (like wireless keys containing certain characters not working), and privilege escalation. This update fixes that issue by ensuring proper protection of strings.

The updated packages have been patched to correct these issues.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2009:072

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 6
Os 4

OpenVAS Exploits

Date Description
2009-03-13 Name : Mandrake Security Advisory MDVSA-2009:072 (perl-MDK-Common)
File : nvt/mdksa_2009_072.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
52989 perl-MDK-Common on Mandriva Linux Configuration File Modification Unspecified...

Nessus® Vulnerability Scanner

Date Description
2009-04-23 Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2009-072.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:40:07
  • Multiple Updates