New Search

Red Hat dhcpd init Script Symlink Flaw Lets Local Users Gain Elevated Privileges

oval:org.mitre.oval:def:6440

The configtest function in the Red Hat dhcpd init script for DHCP 3.0.1 in Red Hat Enterprise Linux (RHEL) 3 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file related to the "dhcpd -t" command.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • VMWare ESX Server 3.5
  • VMWare ESX Server 3
Class:
vulnerability
Reference(s):
  • CVE-2009-1893
Product(s):