CVE-2009-0667

Published: Jul 9, 2009Modified: Apr 23, 2026

7.2

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 3.9 / Impact: 10.0

Source: NVD

Description

Untrusted search path vulnerability in Agent/Backend.pm in Ocsinventory-Agent before 0.0.9.3, and 1.x before 1.0.1, in OCS Inventory allows local users to gain privileges via a Trojan horse Perl module in an arbitrary directory.

Affected (10)

Products: Ocsinventory Ng: Ocs Inventory Ng, Ocsinventory Agent

Ocsinventory Ng

2 products

Ocs Inventory Ng

Ocsinventory Agent

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Ocsinventory Ng Ocs Inventory Ng	Version 1.0
Ocsinventory Ng Ocs Inventory Ng	Version 1.0 beta
Ocsinventory Ng Ocs Inventory Ng	Version 1.0 rc1
Ocsinventory Ng Ocs Inventory Ng	Version 1.0 rc2
Ocsinventory Ng Ocs Inventory Ng	Version 1.0 rc3-1
Ocsinventory Ng Ocs Inventory Ng	Version 1.0 rc3
Ocsinventory Ng Ocsinventory Agent	Up to 0.0.9.2
Ocsinventory Ng Ocsinventory Agent	Version 0.05
Ocsinventory Ng Ocsinventory Agent	Version 0.08
Ocsinventory Ng Ocsinventory Agent	Version 0.09

References (20)

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506416

Source: cve@mitre.org

Patch

http://nana.rulezlan.org/~goneri/ocsinventory-agent/Ocsinventory-Agent-0.0.9.3.tar.gz

Source: cve@mitre.org

Patch

http://osvdb.org/55718

Source: cve@mitre.org

http://secunia.com/advisories/35727

Source: cve@mitre.org

http://secunia.com/advisories/35768

Source: cve@mitre.org

http://security.debian.org/pool/updates/main/o/ocsinventory-agent/ocsinventory-agent_0.0.9.2repack1-4lenny1.diff.gz

Source: cve@mitre.org

Patch

http://www.debian.org/security/2009/dsa-1828

Source: cve@mitre.org

Patch

http://www.ocsinventory-ng.org/index.php?mact=News%2Ccntnt01%2Cdetail%2C0&cntnt01articleid=144

Source: cve@mitre.org

http://www.securityfocus.com/bid/35593

Source: cve@mitre.org

Patch

http://www.vupen.com/english/advisories/2009/1809

Source: cve@mitre.org

PatchVendor Advisory

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506416

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://nana.rulezlan.org/~goneri/ocsinventory-agent/Ocsinventory-Agent-0.0.9.3.tar.gz

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://osvdb.org/55718

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/35727

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/35768

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.debian.org/pool/updates/main/o/ocsinventory-agent/ocsinventory-agent_0.0.9.2repack1-4lenny1.diff.gz

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.debian.org/security/2009/dsa-1828

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.ocsinventory-ng.org/index.php?mact=News%2Ccntnt01%2Cdetail%2C0&cntnt01articleid=144

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/35593

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.vupen.com/english/advisories/2009/1809

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.