Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.9
CVSSv2

CVE-2009-1526

Published: 05/05/2009 Updated: 29/03/2010
CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4
VMScore: 695
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Directadmin

Vulnerability Summary

JBMC Software DirectAdmin prior to 1.334 allows local users to create or overwrite any file via a symlink attack on an arbitrary file in a certain temporary directory, related to a request for this temporary file in the PATH_INFO to the CMD_DB script during a backup action.

Vulnerable Product Search on Vulmon Subscribe to Product

jbmc-software directadmin 1.301

jbmc-software directadmin 1.302

jbmc-software directadmin 1.331

jbmc-software directadmin 0.95

jbmc-software directadmin 1.11

jbmc-software directadmin 1.04

jbmc-software directadmin 1.05

jbmc-software directadmin 1.06

jbmc-software directadmin 1.07

jbmc-software directadmin 1.16

jbmc-software directadmin 1.161

jbmc-software directadmin 1.17

jbmc-software directadmin 1.171

jbmc-software directadmin 1.2

jbmc-software directadmin 1.201

jbmc-software directadmin 1.202

jbmc-software directadmin 1.203

jbmc-software directadmin 1.225

jbmc-software directadmin 1.226

jbmc-software directadmin 1.23

jbmc-software directadmin 1.231

jbmc-software directadmin 1.254

jbmc-software directadmin 1.255

jbmc-software directadmin 1.26

jbmc-software directadmin 1.261

jbmc-software directadmin 1.29

jbmc-software directadmin 1.291

jbmc-software directadmin 1.294

jbmc-software directadmin 1.295

jbmc-software directadmin 1.296

jbmc-software directadmin 1.33

jbmc-software directadmin 1.332

jbmc-software directadmin

jbmc-software directadmin 1.281

jbmc-software directadmin 1.292

jbmc-software directadmin 1

jbmc-software directadmin 1.02

jbmc-software directadmin 1.081

jbmc-software directadmin 1.1

jbmc-software directadmin 1.13

jbmc-software directadmin 1.15

jbmc-software directadmin 1.152

jbmc-software directadmin 1.172

jbmc-software directadmin 1.174

jbmc-software directadmin 1.1941

jbmc-software directadmin 1.196

jbmc-software directadmin 1.204

jbmc-software directadmin 1.206

jbmc-software directadmin 1.21

jbmc-software directadmin 1.221

jbmc-software directadmin 1.223

jbmc-software directadmin 1.233

jbmc-software directadmin 1.235

jbmc-software directadmin 1.251

jbmc-software directadmin 1.253

jbmc-software directadmin 1.262

jbmc-software directadmin 1.264

jbmc-software directadmin 1.282

jbmc-software directadmin 1.286

jbmc-software directadmin 1.3

jbmc-software directadmin 1.311

jbmc-software directadmin 1.32

jbmc-software directadmin 1.322

jbmc-software directadmin 1.111

jbmc-software directadmin 1.12

jbmc-software directadmin 1.121

jbmc-software directadmin 1.18

jbmc-software directadmin 1.181

jbmc-software directadmin 1.19

jbmc-software directadmin 1.192

jbmc-software directadmin 1.211

jbmc-software directadmin 1.212

jbmc-software directadmin 1.213

jbmc-software directadmin 1.22

jbmc-software directadmin 1.24

jbmc-software directadmin 1.241

jbmc-software directadmin 1.242

jbmc-software directadmin 1.243

jbmc-software directadmin 1.244

jbmc-software directadmin 1.27

jbmc-software directadmin 1.273

jbmc-software directadmin 1.274

jbmc-software directadmin 1.275

jbmc-software directadmin 1.312

jbmc-software directadmin 1.313

jbmc-software directadmin 1.314

jbmc-software directadmin 1.315

jbmc-software directadmin 1.293

jbmc-software directadmin 1.266

jbmc-software directadmin 1.01

jbmc-software directadmin 1.03

jbmc-software directadmin 1.08

jbmc-software directadmin 1.09

jbmc-software directadmin 1.14

jbmc-software directadmin 1.151

jbmc-software directadmin 1.173

jbmc-software directadmin 1.1741

jbmc-software directadmin 1.193

jbmc-software directadmin 1.195

jbmc-software directadmin 1.205

jbmc-software directadmin 1.207

jbmc-software directadmin 1.222

jbmc-software directadmin 1.224

jbmc-software directadmin 1.232

jbmc-software directadmin 1.234

jbmc-software directadmin 1.25

jbmc-software directadmin 1.252

jbmc-software directadmin 1.263

jbmc-software directadmin 1.265

jbmc-software directadmin 1.28

jbmc-software directadmin 1.285

jbmc-software directadmin 1.297

jbmc-software directadmin 1.31

jbmc-software directadmin 1.321

jbmc-software directadmin 1.323

Exploits

Exploit DB: DirectAdmin 1.33.3 - '/CMD_DB' Backup Action Insecure Temporary File Creation
source: wwwsecurityfocuscom/bid/34676/info DirectAdmin creates temporary files in an insecure manner An attacker with local access could potentially exploit this issue to perform symbolic link attacks to overwrite arbitrary attacker-specified files This could facilitate a complete compromise of the affected computer Versions prior to ...

References

CWE-59http://osvdb.org/54014http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0228.htmlhttp://www.directadmin.com/features.php?id=968http://secunia.com/advisories/34861https://nvd.nist.govhttps://www.exploit-db.com/exploits/32947/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook