Vulnerability Details : CVE-2009-3894
Multiple untrusted search path vulnerabilities in dstat before 0.7.0 allow local users to gain privileges via a Trojan horse Python module in (1) the current working directory or (2) a certain subdirectory of the current working directory.
Exploit prediction scoring system (EPSS) score for CVE-2009-3894
Probability of exploitation activity in the next 30 days: 0.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 24 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2009-3894
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
4.4
|
MEDIUM | AV:L/AC:M/Au:N/C:P/I:P/A:P |
3.4
|
6.4
|
NIST |
References for CVE-2009-3894
-
http://svn.rpmforge.net/svn/trunk/tools/dstat/ChangeLog
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8969
- http://bugs.gentoo.org/show_bug.cgi?id=293497
-
https://bugzilla.redhat.com/show_bug.cgi?id=538459
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:341
-
http://security.gentoo.org/glsa/glsa-200911-04.xml
-
http://www.redhat.com/support/errata/RHSA-2009-1619.html
-
http://www.securityfocus.com/bid/37131
Patch
Products affected by CVE-2009-3894
- cpe:2.3:a:dag.wieers:dstat:*:*:*:*:*:*:*:*
- cpe:2.3:a:dag.wieers:dstat:0.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:dag.wieers:dstat:0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:dag.wieers:dstat:0.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:dag.wieers:dstat:0.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:dag.wieers:dstat:0.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:dag.wieers:dstat:0.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:dag.wieers:dstat:0.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:dag.wieers:dstat:0.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:dag.wieers:dstat:0.5.10:*:*:*:*:*:*:*
- cpe:2.3:a:dag.wieers:dstat:0.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:dag.wieers:dstat:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:dag.wieers:dstat:0.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:dag.wieers:dstat:0.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:dag.wieers:dstat:0.5.9:*:*:*:*:*:*:*
- cpe:2.3:a:dag.wieers:dstat:0.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:dag.wieers:dstat:0.4:*:*:*:*:*:*:*
- cpe:2.3:a:dag.wieers:dstat:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:dag.wieers:dstat:0.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:dag.wieers:dstat:0.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:dag.wieers:dstat:0.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:dag.wieers:dstat:0.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:dag.wieers:dstat:0.2:*:*:*:*:*:*:*
- cpe:2.3:a:dag.wieers:dstat:0.1:*:*:*:*:*:*:*