CVE-2009-0416

Common Vulnerabilities and Exposures

CVE-2009-0416 at MITRE

Details

The SSL certificate setup program (genSslCert.sh) in Standards Based Linux Instrumentation for Manageability (SBLIM) sblim-sfcb 1.3.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /var/tmp/key.pem, (2) /var/tmp/cert.pem, and (3) /var/tmp/ssl.cnf temporary files.

Novell Bugzilla entry: 470203,472887

SUSE Security Advisories:

SUSE-SR:2009:004, published Tue, 17 Feb 2009 10:00:00 +0000
SUSE-SR:2009:004 , published Tue, 17 Feb 2009 10:00:00 +0000

Product(s)	Fixed package version(s)	References
openSUSE 11.0	`sblim-sfcb-debuginfo >= 1.3.0-6.2` `sblim-sfcb-debugsource >= 1.3.0-6.2`	SAT Patch Nr: 505
openSUSE 11.0	`sblim-sfcb >= 1.3.0-6.2`	SAT Patch Nr: 505
openSUSE 11.1	`sblim-sfcb-debuginfo >= 1.3.2-9.12.1` `sblim-sfcb-debugsource >= 1.3.2-9.12.1`	SAT Patch Nr: 505
openSUSE 11.1	`sblim-sfcb >= 1.3.2-9.12.1`	SAT Patch Nr: 505