Sign in
CVE-2009-5023
CVE-2009-5023
Description
The (1) dshield.conf, (2) mail-buffered.conf, (3) mynetwatchman.conf, and (4) mynetwatchman.conf actions in action.d/ in Fail2ban before 0.8.5 allows local users to write to arbitrary files via a symlink attack on temporary files with predictable names, as demonstrated by /tmp/fail2ban-mail.txt.
Impact
CVSS v2 : 4.7 MEDIUM
Type
CWE-59
Attack Vector
CVSSv2 Vector : AV:L/AC:M/Au:N/C:N/I:C/A:N
Quick links
CVE
,
NVD
,
CERT
,
Metasploit
,
Exploit-db
,
Fulldisc
,
Bugtraq
,
Microsoft
,
Red Hat
,
Debian
, GitHub
code
/
issues
,
Google
References
http://secunia.com/advisories/58841
http://security.gentoo.org/glsa/glsa-201406-03.xml
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=544232
https://github.com/fail2ban/fail2ban/blob/sdist/0.8.5/ChangeLog
FAQ
Terms of service
Privacy policy
