CVE-2009-0035 - OpenCVE

alsa-utils 1.0.19 and later versions allows local users to overwrite arbitrary files via a symlink attack via the /usr/bin/alsa-info and /usr/bin/alsa-info.sh scripts.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:N/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Alsa-project	Alsa

Configuration 1 [-]

cpe:2.3:a:alsa-project:alsa:*:*:*:*:*:*:*:*

References

Link	Resource
https://access.redhat.com/security/cve/cve-2009-0035	Exploit Patch Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-0035	Issue Tracking Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2009-0035	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2019-11-09T02:02:21

Updated: 2019-11-09T02:02:21

Reserved: 2008-12-15T00:00:00

Link: CVE-2009-0035

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-11-09T03:15:10.167

Modified: 2020-11-16T20:46:13.680

Link: CVE-2009-0035

JSON object: View

Redhat Information

No data.

CWE

CWE-59

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:alsa-project:alsa:*:*:*:*:*:*:*:*", "matchCriteriaId": "589CE251-CE9C-4CE8-8E51-F5A42AEE59D5", "versionEndExcluding": "1.0.20", "versionStartIncluding": "1.0.19", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "alsa-utils 1.0.19 and later versions allows local users to overwrite arbitrary files via a symlink attack via the /usr/bin/alsa-info and /usr/bin/alsa-info.sh scripts."}, {"lang": "es", "value": "alsa-utils versiones 1.0.19 y posteriores, permiten a usuarios locales sobrescribir archivos arbitrarios mediante un ataque de tipo symlink por medio de los scripts /usr/bin/alsa-info y /usr/bin/alsa-info.sh."}], "id": "CVE-2009-0035", "lastModified": "2020-11-16T20:46:13.680", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-11-09T03:15:10.167", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://access.redhat.com/security/cve/cve-2009-0035"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-0035"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2009-0035"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}