{ "document": { "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "description", "text": "perl-MDK-Common 1.1.11 and 1.1.24, 1.2.9 through 1.2.14, and possibly other versions, in Mandriva Linux does not properly handle strings when writing them to configuration files, which allows attackers to gain privileges via \"special characters\" in unspecified vectors.'", "title": "Vulnerability Description" } ], "publisher": { "category": "other", "contact_details": "gdt@cpan.org", "name": "giterlizzi", "namespace": "https://github.com/giterlizzi/" }, "references": [ { "category": "self", "summary": "CPANSA-MDK-Common-2009-0912 JSON", "url": "https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2009/cpansa-mdk-common-2009-0912.json" }, { "category": "external", "summary": "http://www.securityfocus.com/bid/34089", "url": "http://www.securityfocus.com/bid/34089" }, { "category": "external", "summary": "http://www.vupen.com/english/advisories/2009/0688", "url": "http://www.vupen.com/english/advisories/2009/0688" }, { "category": "external", "summary": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:072", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:072" }, { "category": "external", "summary": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49220", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49220" }, { "category": "external", "summary": "CVE-2009-0912 (NVD)", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0912" } ], "title": "MDK-Common vulnerability", "tracking": { "current_release_date": "2009-03-16T00:00:00", "generator": { "engine": { "name": "CSAF Perl Toolkit", "version": "0.26" } }, "id": "CPANSA-MDK-Common-2009-0912", "initial_release_date": "2009-03-16T00:00:00", "revision_history": [ { "date": "2009-03-16T00:00:00", "number": "1", "summary": "First release" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:cpan/=1.1.11", "product": { "name": "MDK-Common equal 1.1.11", "product_id": "CSAFPID-0001" } }, { "category": "product_version_range", "name": "vers:cpan/=1.1.24", "product": { "name": "MDK-Common equal 1.1.24", "product_id": "CSAFPID-0002" } }, { "category": "product_version_range", "name": "vers:cpan/>=1.2.9|<=1.2.14", "product": { "name": "MDK-Common greater than or equal 1.2.9 and less than or equal 1.2.14", "product_id": "CSAFPID-0003" } } ], "category": "product_name", "name": "MDK-Common" } ] }, "vulnerabilities": [ { "cve": "CVE-2009-0912", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "description", "text": "perl-MDK-Common 1.1.11 and 1.1.24, 1.2.9 through 1.2.14, and possibly other versions, in Mandriva Linux does not properly handle strings when writing them to configuration files, which allows attackers to gain privileges via \"special characters\" in unspecified vectors.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003" ] }, "scores": [ { "cvss_v2": { "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003" ] } ] } ] }