All the vulnerabilites related to avaya - aura_application_enablement_services
cve-2006-1058
Vulnerability from cvelistv5
Published
2006-04-04 10:00
Modified
2024-08-07 16:56
Severity ?
EPSS score ?
Summary
BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/25098 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/17330 | vdb-entry, x_refsource_BID | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9483 | vdb-entry, signature, x_refsource_OVAL | |
| http://secunia.com/advisories/19477 | third-party-advisory, x_refsource_SECUNIA | |
| http://bugs.busybox.net/view.php?id=604 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/25848 | third-party-advisory, x_refsource_SECUNIA | |
| http://support.avaya.com/elmodocs2/security/ASA-2007-250.htm | x_refsource_CONFIRM | |
| http://www.redhat.com/support/errata/RHSA-2007-0244.html | vendor-advisory, x_refsource_REDHAT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/25569 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:56:15.493Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25098"
},
{
"name": "17330",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17330"
},
{
"name": "oval:org.mitre.oval:def:9483",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9483"
},
{
"name": "19477",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19477"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.busybox.net/view.php?id=604"
},
{
"name": "25848",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25848"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-250.htm"
},
{
"name": "RHSA-2007:0244",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0244.html"
},
{
"name": "busybox-passwd-weak-security(25569)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25569"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "25098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25098"
},
{
"name": "17330",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17330"
},
{
"name": "oval:org.mitre.oval:def:9483",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9483"
},
{
"name": "19477",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19477"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.busybox.net/view.php?id=604"
},
{
"name": "25848",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25848"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-250.htm"
},
{
"name": "RHSA-2007:0244",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0244.html"
},
{
"name": "busybox-passwd-weak-security(25569)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25569"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-1058",
"datePublished": "2006-04-04T10:00:00",
"dateReserved": "2006-03-07T00:00:00",
"dateUpdated": "2024-08-07T16:56:15.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5285
Vulnerability from cvelistv5
Published
2019-11-15 15:44
Modified
2024-08-06 00:53
Severity ?
EPSS score ?
Summary
A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/94349 | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html | x_refsource_MISC | |
| https://security.gentoo.org/glsa/201701-46 | x_refsource_MISC | |
| http://rhn.redhat.com/errata/RHSA-2016-2779.html | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html | x_refsource_MISC | |
| http://www.ubuntu.com/usn/USN-3163-1 | x_refsource_MISC | |
| https://bto.bluecoat.com/security-advisory/sa137 | x_refsource_MISC | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1306103 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Mozilla | Network Security Services |
Version: 3.24 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:53:48.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94349"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-46"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3163-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa137"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1306103"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Network Security Services",
"vendor": "Mozilla",
"versions": [
{
"status": "affected",
"version": "3.24"
}
]
}
],
"datePublic": "2016-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-09T19:53:19",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/94349"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gentoo.org/glsa/201701-46"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ubuntu.com/usn/USN-3163-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bto.bluecoat.com/security-advisory/sa137"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1306103"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-5285",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Network Security Services",
"version": {
"version_data": [
{
"version_value": "3.24"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html"
},
{
"name": "http://www.securityfocus.com/bid/94349",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/94349"
},
{
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html"
},
{
"name": "https://security.gentoo.org/glsa/201701-46",
"refsource": "MISC",
"url": "https://security.gentoo.org/glsa/201701-46"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2016-2779.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
},
{
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html"
},
{
"name": "http://www.ubuntu.com/usn/USN-3163-1",
"refsource": "MISC",
"url": "http://www.ubuntu.com/usn/USN-3163-1"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa137",
"refsource": "MISC",
"url": "https://bto.bluecoat.com/security-advisory/sa137"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1306103",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1306103"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2016-5285",
"datePublished": "2019-11-15T15:44:05",
"dateReserved": "2016-06-03T00:00:00",
"dateUpdated": "2024-08-06T00:53:48.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2975
Vulnerability from cvelistv5
Published
2022-10-06 00:00
Modified
2024-08-03 00:52
Severity ?
EPSS score ?
Summary
A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1.0.0 through 10.1.0.1. Versions prior to 8.0.0.0 are end of manufacturing support and were not evaluated.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Avaya | Avaya Aura Application Enablement Services |
Version: 10.1.x < Version: 8.x < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:59.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.avaya.com/css/public/documents/101083688"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Avaya Aura Application Enablement Services",
"vendor": "Avaya",
"versions": [
{
"lessThanOrEqual": "10.1.0.1",
"status": "affected",
"version": "10.1.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.1.3.4",
"status": "affected",
"version": "8.x",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1.0.0 through 10.1.0.1. Versions prior to 8.0.0.0 are end of manufacturing support and were not evaluated."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-11T00:00:00",
"orgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
"shortName": "avaya"
},
"references": [
{
"url": "https://download.avaya.com/css/public/documents/101083688"
}
],
"source": {
"advisory": "ASA-2022-123",
"defect": [
"AES-28952",
"AES-28953",
"AES-28954"
],
"discovery": "EXTERNAL"
},
"title": "Avaya Aura Application Enablement Services weak permissions in web application",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
"assignerShortName": "avaya",
"cveId": "CVE-2022-2975",
"datePublished": "2022-10-06T00:00:00",
"dateReserved": "2022-08-23T00:00:00",
"dateUpdated": "2024-08-03T00:52:59.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3939
Vulnerability from cvelistv5
Published
2009-11-16 19:00
Modified
2024-08-07 06:45
Severity ?
EPSS score ?
Summary
The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:45:50.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38276",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38276"
},
{
"name": "SUSE-SA:2009:061",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html"
},
{
"name": "USN-864-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-864-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=526068"
},
{
"name": "SUSE-SA:2010:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html"
},
{
"name": "38779",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38779"
},
{
"name": "37019",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37019"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/css/P8/documents/100073666"
},
{
"name": "SUSE-SA:2010:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
},
{
"name": "37909",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37909"
},
{
"name": "SUSE-SA:2010:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html"
},
{
"name": "SUSE-SA:2009:064",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html"
},
{
"name": "DSA-1996",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-1996"
},
{
"name": "[oss-security] 20091113 CVE request: kernel: bad permissions on megaraid_sas sysfs files",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/13/1"
},
{
"name": "oval:org.mitre.oval:def:10310",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10310"
},
{
"name": "RHSA-2010:0095",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"name": "SUSE-SA:2010:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html"
},
{
"name": "60201",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/60201"
},
{
"name": "RHSA-2010:0046",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0046.html"
},
{
"name": "oval:org.mitre.oval:def:7540",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7540"
},
{
"name": "SUSE-SA:2010:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html"
},
{
"name": "38017",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38017"
},
{
"name": "38492",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38492"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38276",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38276"
},
{
"name": "SUSE-SA:2009:061",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html"
},
{
"name": "USN-864-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-864-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=526068"
},
{
"name": "SUSE-SA:2010:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html"
},
{
"name": "38779",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38779"
},
{
"name": "37019",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37019"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/css/P8/documents/100073666"
},
{
"name": "SUSE-SA:2010:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
},
{
"name": "37909",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37909"
},
{
"name": "SUSE-SA:2010:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html"
},
{
"name": "SUSE-SA:2009:064",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html"
},
{
"name": "DSA-1996",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-1996"
},
{
"name": "[oss-security] 20091113 CVE request: kernel: bad permissions on megaraid_sas sysfs files",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/13/1"
},
{
"name": "oval:org.mitre.oval:def:10310",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10310"
},
{
"name": "RHSA-2010:0095",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"name": "SUSE-SA:2010:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html"
},
{
"name": "60201",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/60201"
},
{
"name": "RHSA-2010:0046",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0046.html"
},
{
"name": "oval:org.mitre.oval:def:7540",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7540"
},
{
"name": "SUSE-SA:2010:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html"
},
{
"name": "38017",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38017"
},
{
"name": "38492",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38492"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38276",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38276"
},
{
"name": "SUSE-SA:2009:061",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html"
},
{
"name": "USN-864-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-864-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=526068",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=526068"
},
{
"name": "SUSE-SA:2010:001",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html"
},
{
"name": "38779",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38779"
},
{
"name": "37019",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37019"
},
{
"name": "http://support.avaya.com/css/P8/documents/100073666",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100073666"
},
{
"name": "SUSE-SA:2010:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
},
{
"name": "37909",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37909"
},
{
"name": "SUSE-SA:2010:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html"
},
{
"name": "SUSE-SA:2009:064",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html"
},
{
"name": "DSA-1996",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-1996"
},
{
"name": "[oss-security] 20091113 CVE request: kernel: bad permissions on megaraid_sas sysfs files",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/11/13/1"
},
{
"name": "oval:org.mitre.oval:def:10310",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10310"
},
{
"name": "RHSA-2010:0095",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"name": "SUSE-SA:2010:005",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html"
},
{
"name": "60201",
"refsource": "OSVDB",
"url": "http://osvdb.org/60201"
},
{
"name": "RHSA-2010:0046",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0046.html"
},
{
"name": "oval:org.mitre.oval:def:7540",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7540"
},
{
"name": "SUSE-SA:2010:010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html"
},
{
"name": "38017",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38017"
},
{
"name": "38492",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38492"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3939",
"datePublished": "2009-11-16T19:00:00",
"dateReserved": "2009-11-16T00:00:00",
"dateUpdated": "2024-08-07T06:45:50.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2019-11-15 16:15
Modified
2024-11-21 02:53
Severity ?
Summary
A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:nss:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC43A23-2511-42A3-BA33-C6BABE962FB1",
"versionEndExcluding": "3.26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
"matchCriteriaId": "CB6476C7-03F2-4939-AB85-69AA524516D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:aura_application_enablement_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D638A011-7DFF-4369-95DB-EE977A9B34DD",
"versionEndIncluding": "6.3.3",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_application_enablement_services:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00127FED-CA13-44FA-89D5-068A3BFD1782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_application_server_5300:3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "3FD52516-C173-4F55-A4F1-11E1623E0430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "3BAF15A8-A2D8-487E-960F-EB10524A49B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp10:*:*:*:*:*:*",
"matchCriteriaId": "8EE8624E-3F8F-4AC0-9BC9-5DBF2A3BBA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp10.1:*:*:*:*:*:*",
"matchCriteriaId": "3C30F303-BA9F-4934-A358-4EA4C04EB948",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp11:*:*:*:*:*:*",
"matchCriteriaId": "D9F3ABDF-6A28-492E-8F6B-53192E7D1917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp11.1:*:*:*:*:*:*",
"matchCriteriaId": "5B984320-0031-4CEF-BDE5-5A5E274DEE11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp12:*:*:*:*:*:*",
"matchCriteriaId": "DE3EDB11-5831-403F-B6BB-3A84C0943487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp12.1:*:*:*:*:*:*",
"matchCriteriaId": "FD108976-1E55-47F6-806B-2F61661CA128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp12.2:*:*:*:*:*:*",
"matchCriteriaId": "A789ADCD-3BAF-4EE3-8342-AFBEF026F71B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp12.3:*:*:*:*:*:*",
"matchCriteriaId": "CADCC5A5-8BE4-41FD-BC8D-81607159998B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp12.5:*:*:*:*:*:*",
"matchCriteriaId": "0D0E4D1B-CA60-4219-ACD7-97BE0B8E10D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "18C2C82C-E595-4323-88A7-CE5D23E9F6E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "164809B0-EB36-470E-B9B2-75D5B2754600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp7:*:*:*:*:*:*",
"matchCriteriaId": "2E2F66A4-FB3A-49BB-AD18-5630A057907B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_communication_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB1E43C1-EF6C-423B-A5D0-32E852E4C358",
"versionEndIncluding": "6.3.117.0",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_communication_manager:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "2C2E06A0-09B4-40C9-8A62-0EE0BFE1DECA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_communication_manager:7.0:sp:*:*:*:*:*:*",
"matchCriteriaId": "615496B7-5D31-46F5-8795-37ADD595C886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_communication_manager:7.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "53379B70-20CC-4827-AE6A-A1DFA11B3733",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_communication_manager_messagint:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "03D34DA0-C975-4A13-BD7E-575CCAE390BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_communication_manager_messagint:7.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D635CBA4-B881-4113-BA27-6D0EE1CF6E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:breeze_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B33AAA6-8BFD-4398-8DC4-1F7C3B94FDF4",
"versionEndIncluding": "3.2",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:call_management_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6DC0A0C-0FC6-439D-B865-634726034705",
"versionEndIncluding": "18.0.0.2",
"versionStartIncluding": "18.0.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:call_management_system:17.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E328FD0E-115F-4092-AE1E-C22B72350B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:call_management_system:17.0:r3:*:*:*:*:*:*",
"matchCriteriaId": "349543A5-1FD9-46B4-8EAB-52E524A8DF0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:call_management_system:17.0:r4:*:*:*:*:*:*",
"matchCriteriaId": "8D6AA6F0-7AF5-4CC0-8202-65BA15086BF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:call_management_system:17.0:r5:*:*:*:*:*:*",
"matchCriteriaId": "A96492BE-C5FC-4936-9B1A-E4675ABB9D79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:call_management_system:17.0:r6:*:*:*:*:*:*",
"matchCriteriaId": "373F0F03-AC30-4D50-B2F5-30DAEF52C8B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:iq:5.2.x:*:*:*:*:*:*:*",
"matchCriteriaId": "5C6923AF-6862-4D6C-985A-CF8BF5C3D868",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:avaya:cs1000e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F339C1D-A2C2-4885-B1C6-76923B09C18C",
"versionEndIncluding": "7.6",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:avaya:cs1000e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EAB8A1AD-47C2-44F9-9C84-796FE0168E5A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:avaya:cs1000m_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2139CFD-0302-4281-9D9F-70E7D28B8354",
"versionEndIncluding": "7.6",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:avaya:cs1000m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA76EA5-A0AA-4985-9AE5-0C6FA1469E0C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:avaya:cs1000e\\/cs1000m_signaling_server_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53F50E03-897D-45D4-BE6A-3D7B4D0D79F9",
"versionEndIncluding": "7.6",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:avaya:cs1000e\\/cs1000m_signaling_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1690698-8AB7-4129-8935-F08A6D52B559",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:aura_conferencing:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A5B17F8-B06D-4E95-83F8-AA2AAA90677A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_conferencing:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E1A754AC-0023-4A0C-BFFB-6BF7758435B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_conferencing:8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4FC61B45-0975-4ED1-BD28-BB5EE5F3A51D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_conferencing:8.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "838A248E-F9E2-4016-82C5-6AAEA21B5F0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_conferencing:8.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "A1BB9C6F-0171-41E7-A4FF-CDBCE360EDAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_conferencing:8.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "4C0B69F2-7AB0-4E22-98F4-083E26BDA27B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_conferencing:8.0:sp7:*:*:*:*:*:*",
"matchCriteriaId": "5FC7A8E0-5AEF-4FA3-AC1D-63F7F609E781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_conferencing:8.0:sp8:*:*:*:*:*:*",
"matchCriteriaId": "DEFC084B-FCC2-438E-B65D-8B139F995551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_conferencing:8.0:sp9:*:*:*:*:*:*",
"matchCriteriaId": "FDD6F033-9716-42FB-9A2F-B08EDAAE1438",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_experience_portal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3910F71-B4AE-40CC-9EDC-27160869A4FC",
"versionEndIncluding": "7.1",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:ip_office:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28DCFA27-23EB-4BBE-A020-F1854E4064A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:ip_office:9.1:-:*:*:*:*:*:*",
"matchCriteriaId": "51C14CE3-651D-4503-9711-088B9CF773A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "9468982C-DB32-490B-9131-9D35E8339467",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp10:*:*:*:*:*:*",
"matchCriteriaId": "4B490A4A-A837-4CC6-8A44-5A7F03D73619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp11:*:*:*:*:*:*",
"matchCriteriaId": "C4A09C00-8D54-4674-A1D9-2F5AAD44CDD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp12:*:*:*:*:*:*",
"matchCriteriaId": "67BFAB48-462F-4E95-9619-7A54E4BDF6F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "E488E9F3-5329-43F1-AC9D-36760B95C91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "CDD19739-0237-4C6F-9B6C-E47C9053F82A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp5:*:*:*:*:*:*",
"matchCriteriaId": "ACC5B2C8-CA4E-4482-8842-52886C5D5397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp6:*:*:*:*:*:*",
"matchCriteriaId": "09060F4E-DDB3-4C45-B628-6357ED0FA008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp7:*:*:*:*:*:*",
"matchCriteriaId": "7C6013D3-4D4C-46F8-82E6-271FB44FD126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp8:*:*:*:*:*:*",
"matchCriteriaId": "B1BED830-57D9-4051-B9D0-4E010AFA7451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp9:*:*:*:*:*:*",
"matchCriteriaId": "110B4593-6CF2-443B-AC7D-7DA98C44058C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:ip_office:10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "0AF32565-F747-4450-841E-B54E2977BA91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:ip_office:10.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "B86F3D17-7408-4721-9921-3EB702018C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:ip_office:10.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "BA3D7B64-7AD6-47D0-846D-A70C2838B653",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:ip_office:10.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "0EF71DB4-1523-4270-B0D8-0D20A2A6EAE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:ip_office:10.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "2E32E623-597A-4931-B7CF-EED6EEBA61DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:ip_office:10.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "47898FEC-4BB7-469F-9020-2D9FB1B2C50E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:ip_office:10.0:sp6:*:*:*:*:*:*",
"matchCriteriaId": "D429B865-B22A-4F9B-922F-D1F817DF1147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:ip_office:10.0:sp7:*:*:*:*:*:*",
"matchCriteriaId": "AE40493E-ED60-4BFC-9E48-D3148E4D0834",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:aura_messaging:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BF272A94-7530-4DA2-9933-87984366BFAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_messaging:6.3.3:-:*:*:*:*:*:*",
"matchCriteriaId": "F428AFF6-9DF7-4B7D-AC2E-8031AEA61F10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_messaging:6.3.3:sp4:*:*:*:*:*:*",
"matchCriteriaId": "7C31ABCE-668E-455A-A3BC-6F42E1E5C973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_messaging:6.3.3:sp5:*:*:*:*:*:*",
"matchCriteriaId": "C370E9B0-72EB-47E2-8FD9-F6A65ABE26E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_messaging:6.3.3:sp6:*:*:*:*:*:*",
"matchCriteriaId": "834D01F3-8266-4202-BB9A-B2805FE4FEDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_session_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1433DE76-61AC-44FD-A5A4-1747F8F2FEF9",
"versionEndIncluding": "6.3.18",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_session_manager:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "AEBC4E93-E283-446B-A928-8B8B51F2C154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_session_manager:7.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E88C0156-15E8-4F2F-8015-8ED421874863",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_session_manager:7.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "BEF48D0A-732F-4C32-A3BB-F0F8A777DC1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_session_manager:7.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "81979E50-603A-4210-9C27-F3B9974DC226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_session_manager:7.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "822B7EBF-C87D-4247-9F7F-10B94A37EEAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_session_manager:7.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "046A0465-FF7B-4F25-8502-FFD3C6D9D375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_system_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B532A02-FF99-4102-AB99-4ED89875E436",
"versionEndIncluding": "6.3.18",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_system_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA21572A-1848-4B45-88EE-FAA3A13E4B47",
"versionEndIncluding": "7.0.1.3",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_utility_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B3D7C4-968C-4F8D-95A6-FC2BF6DC80EA",
"versionEndIncluding": "6.3.14",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_utility_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A5C4CAB-B2B9-4892-8183-31AC1DB17FA5",
"versionEndIncluding": "7.0.1.2",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:meeting_exchange:6.2:-:*:*:*:*:*:*",
"matchCriteriaId": "88AD2F3E-8B67-4FFF-87F0-6624C7026EBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:meeting_exchange:6.2:sp3:*:*:*:*:*:*",
"matchCriteriaId": "153B3C0F-9FF7-4CC6-BA38-157C66E93410",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:message_networking:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6ADC723-586B-4836-9A39-99DFE46E630D",
"versionEndIncluding": "6.3",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:one-x_client_enablement_services:6.2:-:*:*:*:*:*:*",
"matchCriteriaId": "D0EBE856-466D-4F6B-A10A-B1DFCD703189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:one-x_client_enablement_services:6.2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "1CD0A719-AF58-450B-A6D9-D2AEE9DDE409",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:one-x_client_enablement_services:6.2:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A8D3B3F6-EBB2-42DC-8749-EB8C1DF29C95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:one-x_client_enablement_services:6.2:sp5:*:*:*:*:*:*",
"matchCriteriaId": "101133AA-42DF-44E1-A6BC-AA1131EEA2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:proactive_contact:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7DEDCFB-3074-4E52-A2D8-0B78B0DBDF85",
"versionEndIncluding": "5.1.2",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:avaya:session_border_controller_for_enterprise_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "143AC145-18D3-41B4-9E6F-DC16B94854B1",
"versionEndIncluding": "6.3",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:avaya:session_border_controller_for_enterprise_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9492A764-F772-428F-B81D-90B109829F0C",
"versionEndIncluding": "7.1",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:avaya:session_border_controller_for_enterprise:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9EA3E439-6712-4345-A918-A300163CAF94",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:avaya:aura_system_platform_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBD8DDDA-535C-4141-B0E5-2B379FA28AB4",
"versionEndIncluding": "6.4.0",
"versionStartIncluding": "6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:avaya:aura_system_platform:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC5935AB-8E13-4CD5-8CAE-91A9C5786880",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desreferencia de puntero nulo en Mozilla Network Security Services debido a una falta de verificaci\u00f3n NULL en PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, lo que podr\u00eda permitir que un usuario malintencionado remoto cause una Denegaci\u00f3n de servicio."
}
],
"id": "CVE-2016-5285",
"lastModified": "2024-11-21T02:53:59.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-15T16:15:10.110",
"references": [
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html"
},
{
"source": "security@mozilla.org",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.securityfocus.com/bid/94349"
},
{
"source": "security@mozilla.org",
"url": "http://www.ubuntu.com/usn/USN-3163-1"
},
{
"source": "security@mozilla.org",
"url": "https://bto.bluecoat.com/security-advisory/sa137"
},
{
"source": "security@mozilla.org",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1306103"
},
{
"source": "security@mozilla.org",
"url": "https://security.gentoo.org/glsa/201701-46"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/94349"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-3163-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bto.bluecoat.com/security-advisory/sa137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1306103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-46"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-04-04 10:04
Modified
2024-11-21 00:07
Severity ?
Summary
BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| busybox | busybox | 1.1.1 | |
| avaya | aura_application_enablement_services | 4.01 | |
| avaya | aura_application_enablement_services | 4.1 | |
| avaya | aura_sip_enablement_services | * | |
| avaya | message_networking | * | |
| avaya | messaging_storage_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:busybox:busybox:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5408DA3E-9CA1-4768-992C-1732A45C4365",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:aura_application_enablement_services:4.01:*:*:*:*:*:*:*",
"matchCriteriaId": "BA477675-E93D-41F6-A10C-4B6CFBA97C93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_application_enablement_services:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0DBE1432-359B-4250-8381-E24511D24B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_sip_enablement_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CCDF311-E2C3-4AAC-83D1-44938370FBFD",
"versionEndExcluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:message_networking:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8F6982-2F4D-4D78-92C1-97689D59F3A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:messaging_storage_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9AEA45A8-8768-4CB4-8996-91D7F7AEC9F5",
"versionEndExcluding": "4.0",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables."
},
{
"lang": "es",
"value": "BusyBox 1.1.1 no utiliza una \"sal\" cuando genera contrase\u00f1as, lo que facilita a usuarios locales adivinar contrase\u00f1as a partir de un fichero de contrase\u00f1as robado usando t\u00e9cnicas como tablas \"rainbow\".\r\n"
}
],
"id": "CVE-2006-1058",
"lastModified": "2024-11-21T00:07:58.810",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2006-04-04T10:04:00.000",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://bugs.busybox.net/view.php?id=604"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19477"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/25098"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/25848"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-250.htm"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0244.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/17330"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25569"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9483"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://bugs.busybox.net/view.php?id=604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19477"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/25098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/25848"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-250.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0244.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/17330"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25569"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9483"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "Red Hat is aware of this issue and is tracking it via the following bug:\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187385\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:\nhttp://www.redhat.com/security/updates/classification/\n\nThis issue does not affect Red Hat Enterprise Linux 2.1 or 3.",
"lastModified": "2006-09-19T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-916"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-11-16 19:30
Modified
2024-11-21 01:08
Severity ?
Summary
The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| redhat | virtualization | 5 | |
| redhat | enterprise_linux_desktop | 5.0 | |
| redhat | enterprise_linux_eus | 5.4 | |
| redhat | enterprise_linux_server | 5.0 | |
| redhat | enterprise_linux_workstation | 5.0 | |
| canonical | ubuntu_linux | 6.06 | |
| canonical | ubuntu_linux | 8.04 | |
| canonical | ubuntu_linux | 8.10 | |
| canonical | ubuntu_linux | 9.04 | |
| canonical | ubuntu_linux | 9.10 | |
| debian | debian_linux | 5.0 | |
| avaya | aura_application_enablement_services | 5.2 | |
| avaya | aura_application_enablement_services | 5.2.1 | |
| avaya | aura_communication_manager | 5.2 | |
| avaya | aura_session_manager | 1.1 | |
| avaya | aura_session_manager | 5.2 | |
| avaya | aura_sip_enablement_services | 5.2 | |
| avaya | aura_system_manager | 5.2 | |
| avaya | aura_system_manager | 6.0 | |
| avaya | aura_system_platform | 1.1 | |
| avaya | voice_portal | 5.0 | |
| opensuse | opensuse | 11.0 | |
| opensuse | opensuse | 11.1 | |
| opensuse | opensuse | 11.2 | |
| suse | linux_enterprise_desktop | 10 | |
| suse | linux_enterprise_desktop | 11 | |
| suse | linux_enterprise_server | 10 | |
| suse | linux_enterprise_server | 11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8373D74A-0480-4E80-9758-1F35F4904C7E",
"versionEndIncluding": "2.6.31.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:virtualization:5:*:*:*:*:*:*:*",
"matchCriteriaId": "C029C71B-EB6F-4A45-B138-FE140E100B2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4DD6917D-FE03-487F-9F2C-A79B5FCFBC5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
"matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*",
"matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:aura_application_enablement_services:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6FE95C9A-4304-48C7-86B9-2E8217DF8872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_application_enablement_services:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B9FD6CD5-6401-48F2-9A12-0C999D9EBF23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_communication_manager:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6567360-D041-4C5A-A9DF-39223E5FF895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_session_manager:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C5F5625-1601-4EFC-B710-58B145F10708",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_session_manager:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CB6AB5D8-6E22-483E-A91E-0880FF9A2C97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_sip_enablement_services:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CA109EBE-560A-498E-A369-D68B09AFD24E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_system_manager:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "44D546F5-2751-41F0-9442-8F1EB904E294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_system_manager:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7C82ABC-54B9-454C-A9F9-2DBFF1D62364",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_system_platform:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76E0FA7D-9F1B-4B1D-8B2D-85D2ED6DC00C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:voice_portal:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D5795B04-82E1-4289-BC45-02AEFA0C28F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B42AB65-443B-4655-BAEA-4EB4A43D9509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3:*:*:*:*:*:*",
"matchCriteriaId": "1E496249-23A8-42FC-A109-634A54B5600F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:-:*:*:*:*:*:*",
"matchCriteriaId": "CC6C1408-671A-4436-A825-12170CFB5C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:*:*:*:*",
"matchCriteriaId": "25CBACD3-AFB7-410D-927F-0C1FF477D396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*",
"matchCriteriaId": "F13F07CC-739B-465C-9184-0E9D708BD4C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file."
},
{
"lang": "es",
"value": "El fichero poll_mode_io para el controlador megaraid_sas en el kernel de Linux v2.6.31.6 y anteriores tiene permisos de escritura para todos, permitiendo a usuarios locales cambiar el modo de E/S del dispositivo modificando este fichero."
}
],
"id": "CVE-2009-3939",
"lastModified": "2024-11-21T01:08:33.693",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.6,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2009-11-16T19:30:01.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/60201"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/37909"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/38017"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/38276"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/38492"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/38779"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://support.avaya.com/css/P8/documents/100073666"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2010/dsa-1996"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/13/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/37019"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-864-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=526068"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10310"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7540"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0046.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/60201"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/37909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/38017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/38276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/38492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/38779"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.avaya.com/css/P8/documents/100073666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2010/dsa-1996"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/13/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/37019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-864-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=526068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7540"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0046.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "This issue did not affect the version of the Linux kernel as shipped with Red Hat Enterprise Linux 3, as it does not implement the sysfs file system (\u0026quot;/sys/\u0026quot;), through which poll_mode_io file is exposed by the megaraid_sas driver.\n\nIssue was addressed in Red Hat Enterprise Linux 4, 5 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2010-0076.html , https://rhn.redhat.com/errata/RHSA-2010-0046.html and https://rhn.redhat.com/errata/RHSA-2009-1635.html respectively.",
"lastModified": "2010-02-04T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-06 18:15
Modified
2024-11-21 07:02
Severity ?
7.7 (High) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1.0.0 through 10.1.0.1. Versions prior to 8.0.0.0 are end of manufacturing support and were not evaluated.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | aura_application_enablement_services | * | |
| avaya | aura_application_enablement_services | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:aura_application_enablement_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD81EA29-F119-4C77-85EB-6C41A7169BA0",
"versionEndExcluding": "8.1.3.5",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_application_enablement_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D0290D1-DAFA-43B9-A92D-BAACE6A68ACC",
"versionEndExcluding": "10.1.0.2",
"versionStartIncluding": "10.1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1.0.0 through 10.1.0.1. Versions prior to 8.0.0.0 are end of manufacturing support and were not evaluated."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad relacionada con permisos d\u00e9biles en la aplicaci\u00f3n web de Avaya Aura Application Enablement Services, que permit\u00eda que un usuario administrativo modificara las cuentas, conllevando a una ejecuci\u00f3n de c\u00f3digo arbitrario como usuario root. Este problema afecta a versiones 8.0.0.0 a 8.1.3.4 y 10.1.0.0 a 10.1.0.1 de Application Enablement Services. Las versiones anteriores a 8.0.0.0 han finalizado el soporte de fabricaci\u00f3n y no han sido evaluadas"
}
],
"id": "CVE-2022-2975",
"lastModified": "2024-11-21T07:02:00.970",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.1,
"impactScore": 6.0,
"source": "securityalerts@avaya.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-06T18:15:59.447",
"references": [
{
"source": "securityalerts@avaya.com",
"tags": [
"Vendor Advisory"
],
"url": "https://download.avaya.com/css/public/documents/101083688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://download.avaya.com/css/public/documents/101083688"
}
],
"sourceIdentifier": "securityalerts@avaya.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "securityalerts@avaya.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}