CVE-2009-1526

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2009-1526
JBMC Software DirectAdmin before 1.334 allows local users to create or overwrite any file via a symlink attack on an arbitrary file in a certain temporary directory, related to a request for this temporary file in the PATH_INFO to the CMD_DB script during a backup action.

6.9 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0228.html
http://osvdb.org/54014
http://secunia.com/advisories/34861 Vendor Advisory
http://www.directadmin.com/features.php?id=968 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:jbmc-software:directadmin:*:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:0.95:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.1:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.01:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.02:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.2:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.3:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.03:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.04:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.05:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.06:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.07:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.08:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.09:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.11:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.12:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.13:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.14:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.15:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.16:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.17:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.18:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.19:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.21:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.22:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.23:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.24:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.25:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.26:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.27:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.28:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.29:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.31:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.32:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.33:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.081:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.111:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.121:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.151:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.152:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.161:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.171:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.172:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.173:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.174:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.181:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.192:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.193:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.195:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.196:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.201:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.202:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.203:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.204:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.205:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.206:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.207:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.211:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.212:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.213:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.221:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.222:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.223:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.224:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.225:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.226:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.231:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.232:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.233:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.234:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.235:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.241:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.242:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.243:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.244:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.251:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.252:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.253:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.254:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.255:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.261:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.262:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.263:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.264:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.265:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.266:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.273:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.274:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.275:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.281:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.282:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.285:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.286:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.291:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.292:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.293:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.294:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.295:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.296:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.297:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.301:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.302:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.311:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.312:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.313:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.314:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.315:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.321:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.322:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.323:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.331:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.332:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.1741:*:*:*:*:*:*:*
cpe:2.3:a:jbmc-software:directadmin:1.1941:*:*:*:*:*:*:*
History

No history.

Information

Published : 2009-05-05 20:30

Updated : 2010-03-29 04:00

NVD link : CVE-2009-1526

Mitre link : CVE-2009-1526

CVE.ORG link : CVE-2009-1526

JSON object : View

Products Affected

jbmc-software

  • directadmin
CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')