CVE-2009-1526 - Vulnerability Details

JBMC Software DirectAdmin before 1.334 allows local users to create or overwrite any file via a symlink attack on an arbitrary file in a certain temporary directory, related to a request for this temporary file in the PATH_INFO to the CMD_DB script during a backup action.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Jbmc-software	Directadmin

Configuration 1 [-]

OR	cpe:2.3:a:jbmc-software:directadmin::::::::
	cpe:2.3:a:jbmc-software:directadmin:0.95:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.1:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.01:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.02:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.2:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.3:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.03:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.04:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.05:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.06:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.07:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.08:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.09:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.11:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.12:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.13:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.14:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.15:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.16:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.17:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.18:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.19:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.21:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.22:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.23:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.24:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.25:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.26:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.27:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.28:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.29:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.31:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.32:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.33:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.081:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.111:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.121:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.151:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.152:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.161:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.171:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.172:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.173:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.174:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.181:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.192:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.193:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.195:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.196:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.201:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.202:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.203:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.204:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.205:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.206:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.207:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.211:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.212:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.213:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.221:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.222:::::::*
	cpe:2.3:a:jbmc-software:directadmin:1.223:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.224:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.225:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.226:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.231:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.232:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.233:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.234:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.235:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.241:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.242:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.243:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.244:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.251:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.252:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.253:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.254:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.255:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.261:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.262:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.263:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.264:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.265:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.266:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.273:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.274:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.275:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.281:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.282:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.285:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.286:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.291:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.292:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.293:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.294:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.295:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.296:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.297:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.301:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.302:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.311:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.312:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.313:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.314:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.315:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.321:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.322:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.323:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.331:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.332:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.1741:::::::*
cpe:2.3:a:jbmc-software:directadmin:1.1941:::::::*

No data.

References

Link	Providers
http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0228.html
http://osvdb.org/54014
http://secunia.com/advisories/34861
http://www.directadmin.com/features.php?id=968

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-05-05T20:00:00Z

Updated: 2024-09-16T20:17:02.921Z

Reserved: 2009-05-05T00:00:00Z

Link: CVE-2009-1526

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2009-05-05T20:30:00.297

Modified: 2025-04-09T00:30:58.490

Link: CVE-2009-1526

Redhat

No data.

Metrics

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object