CVE-2009-1144

Untrusted search path vulnerability in the Gentoo package of Xpdf before 3.02-r2 allows local users to gain privileges via a Trojan horse xpdfrc file in the current working directory, related to an unset SYSTEM_XPDFRC macro in a Gentoo build process that uses the poppler library.

CVSS v2.0 6.9 MEDIUM

6.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://bugs.gentoo.org/show_bug.cgi?id=200023	Vendor Advisory
http://bugs.gentoo.org/show_bug.cgi?id=242930	Vendor Advisory
http://osvdb.org/53529
http://secunia.com/advisories/34610	Vendor Advisory
http://security.gentoo.org/glsa/glsa-200904-07.xml
http://www.securityfocus.com/bid/34401
http://bugs.gentoo.org/show_bug.cgi?id=200023	Vendor Advisory
http://bugs.gentoo.org/show_bug.cgi?id=242930	Vendor Advisory
http://osvdb.org/53529
http://secunia.com/advisories/34610	Vendor Advisory
http://security.gentoo.org/glsa/glsa-200904-07.xml
http://www.securityfocus.com/bid/34401

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:foolabs:xpdf:0.5a:::::::*
	cpe:2.3:a:foolabs:xpdf:0.7a:::::::*
	cpe:2.3:a:foolabs:xpdf:0.91a:::::::*
	cpe:2.3:a:foolabs:xpdf:0.91b:::::::*
	cpe:2.3:a:foolabs:xpdf:0.91c:::::::*
	cpe:2.3:a:foolabs:xpdf:0.92a:::::::*
	cpe:2.3:a:foolabs:xpdf:0.92b:::::::*
	cpe:2.3:a:foolabs:xpdf:0.92c:::::::*
	cpe:2.3:a:foolabs:xpdf:0.92d:::::::*
	cpe:2.3:a:foolabs:xpdf:0.92e:::::::*
	cpe:2.3:a:foolabs:xpdf:0.93a:::::::*
	cpe:2.3:a:foolabs:xpdf:0.93b:::::::*
	cpe:2.3:a:foolabs:xpdf:0.93c:::::::*
	cpe:2.3:a:foolabs:xpdf:1.00a:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader::::::::
	cpe:2.3:a:glyphandcog:xpdfreader:0.2:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:0.3:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:0.4:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:0.5:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:0.6:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:0.7:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:0.80:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:0.90:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:0.91:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:0.93:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:1.00:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:1.01:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:2.00:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:2.01:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:2.02:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:2.03:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:3.00:::::::*

cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:01

Type	Values Removed	Values Added
References	~~() http://bugs.gentoo.org/show_bug.cgi?id=200023 - Vendor Advisory~~	() http://bugs.gentoo.org/show_bug.cgi?id=200023 - Vendor Advisory
References	~~() http://bugs.gentoo.org/show_bug.cgi?id=242930 - Vendor Advisory~~	() http://bugs.gentoo.org/show_bug.cgi?id=242930 - Vendor Advisory
References	~~() http://osvdb.org/53529 -~~	() http://osvdb.org/53529 -
References	~~() http://secunia.com/advisories/34610 - Vendor Advisory~~	() http://secunia.com/advisories/34610 - Vendor Advisory
References	~~() http://security.gentoo.org/glsa/glsa-200904-07.xml -~~	() http://security.gentoo.org/glsa/glsa-200904-07.xml -
References	~~() http://www.securityfocus.com/bid/34401 -~~	() http://www.securityfocus.com/bid/34401 -

Information

Published : 2009-04-09 15:08

Updated : 2024-11-21 01:01

NVD link : CVE-2009-1144

Mitre link : CVE-2009-1144

CVE.ORG link : CVE-2009-1144

JSON object : View

Products Affected

foolabs

xpdf

glyphandcog

xpdfreader

gentoo

gentoo_linux

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

6.9 /10