CVE-2009-0667 - Untrusted search path vulnerability in Agent/Backend.pm in Ocsinventory-Agent before 0.0.9.3, and 1.

CVE-2009-0667

Summary

Untrusted search path vulnerability in Agent/Backend.pm in Ocsinventory-Agent before 0.0.9.3, and 1.x before 1.0.1, in OCS Inventory allows local users to gain privileges via a Trojan horse Perl module in an arbitrary directory.

References

Vulnerable Configurations

cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:*:*:*:*:*:*:*
cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:*:*:*:*:*:*:*
cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:beta:*:*:*:*:*:*
cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:beta:*:*:*:*:*:*
cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:rc2:*:*:*:*:*:*
cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:rc2:*:*:*:*:*:*
cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:rc3:*:*:*:*:*:*
cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:rc3:*:*:*:*:*:*
cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:rc3-1:*:*:*:*:*:*
cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:rc3-1:*:*:*:*:*:*
cpe:2.3:a:ocsinventory-ng:ocsinventory-agent:*:*:*:*:*:*:*:*
cpe:2.3:a:ocsinventory-ng:ocsinventory-agent:*:*:*:*:*:*:*:*
cpe:2.3:a:ocsinventory-ng:ocsinventory-agent:0.05:*:*:*:*:*:*:*
cpe:2.3:a:ocsinventory-ng:ocsinventory-agent:0.05:*:*:*:*:*:*:*
cpe:2.3:a:ocsinventory-ng:ocsinventory-agent:0.08:*:*:*:*:*:*:*
cpe:2.3:a:ocsinventory-ng:ocsinventory-agent:0.08:*:*:*:*:*:*:*
cpe:2.3:a:ocsinventory-ng:ocsinventory-agent:0.09:*:*:*:*:*:*:*
cpe:2.3:a:ocsinventory-ng:ocsinventory-agent:0.09:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 10-07-2009 - 04:00)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	35593
confirm	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506416 http://nana.rulezlan.org/~goneri/ocsinventory-agent/Ocsinventory-Agent-0.0.9.3.tar.gz http://security.debian.org/pool/updates/main/o/ocsinventory-agent/ocsinventory-agent_0.0.9.2repack1-4lenny1.diff.gz http://www.ocsinventory-ng.org/index.php?mact=News,cntnt01,detail,0&cntnt01articleid=144
debian	DSA-1828
osvdb	55718
secunia	35727 35768
vupen	ADV-2009-1809

Last major update

10-07-2009 - 04:00

Published

09-07-2009 - 17:30

Last modified

10-07-2009 - 04:00