Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2015-AVI-431
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QFabric 3100 Director versions 12.x",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "ScreenOS",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "CTPView 7.0R3",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Juniper Junos OS",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2009-2905",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2905"
},
{
"name": "CVE-2011-2483",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2483"
},
{
"name": "CVE-2013-1667",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1667"
},
{
"name": "CVE-2012-3417",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3417"
},
{
"name": "CVE-2014-0063",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0063"
},
{
"name": "CVE-2015-5600",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5600"
},
{
"name": "CVE-2014-3566",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3566"
},
{
"name": "CVE-2014-8867",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8867"
},
{
"name": "CVE-2015-1793",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1793"
},
{
"name": "CVE-2015-1791",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1791"
},
{
"name": "CVE-2009-3490",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3490"
},
{
"name": "CVE-2012-0866",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0866"
},
{
"name": "CVE-2010-3433",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3433"
},
{
"name": "CVE-2012-5526",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5526"
},
{
"name": "CVE-2010-1447",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1447"
},
{
"name": "CVE-2014-0061",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0061"
},
{
"name": "CVE-2009-0115",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0115"
},
{
"name": "CVE-2007-6067",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6067"
},
{
"name": "CVE-2010-0826",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0826"
},
{
"name": "CVE-2014-8159",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8159"
},
{
"name": "CVE-2010-0211",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0211"
},
{
"name": "CVE-2013-4242",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4242"
},
{
"name": "CVE-2015-1158",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1158"
},
{
"name": "CVE-2015-2808",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2808"
},
{
"name": "CVE-2010-4352",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4352"
},
{
"name": "CVE-2015-7749",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7749"
},
{
"name": "CVE-2011-1720",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1720"
},
{
"name": "CVE-2010-1168",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1168"
},
{
"name": "CVE-2009-1189",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1189"
},
{
"name": "CVE-2014-6450",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6450"
},
{
"name": "CVE-2015-1789",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1789"
},
{
"name": "CVE-2008-2937",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2937"
},
{
"name": "CVE-2012-2697",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2697"
},
{
"name": "CVE-2013-2566",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2566"
},
{
"name": "CVE-2011-1081",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1081"
},
{
"name": "CVE-2009-1632",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1632"
},
{
"name": "CVE-2012-3488",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3488"
},
{
"name": "CVE-2015-5361",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5361"
},
{
"name": "CVE-2013-6435",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6435"
},
{
"name": "CVE-2010-2761",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2761"
},
{
"name": "CVE-2012-5195",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5195"
},
{
"name": "CVE-2015-1788",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1788"
},
{
"name": "CVE-2014-6449",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6449"
},
{
"name": "CVE-2015-1792",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1792"
},
{
"name": "CVE-2014-6451",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6451"
},
{
"name": "CVE-2012-6329",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6329"
},
{
"name": "CVE-2014-4345",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4345"
},
{
"name": "CVE-2008-5302",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5302"
},
{
"name": "CVE-2013-6629",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6629"
},
{
"name": "CVE-2014-2285",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2285"
},
{
"name": "CVE-2013-4449",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4449"
},
{
"name": "CVE-2012-0868",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0868"
},
{
"name": "CVE-2007-4476",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4476"
},
{
"name": "CVE-2010-4410",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4410"
},
{
"name": "CVE-2008-5161",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5161"
},
{
"name": "CVE-2015-7752",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7752"
},
{
"name": "CVE-2010-0407",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0407"
},
{
"name": "CVE-2014-0064",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0064"
},
{
"name": "CVE-2014-0065",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0065"
},
{
"name": "CVE-2007-4772",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4772"
},
{
"name": "CVE-2013-0292",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0292"
},
{
"name": "CVE-2012-6151",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6151"
},
{
"name": "CVE-2008-5303",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5303"
},
{
"name": "CVE-2015-1159",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1159"
},
{
"name": "CVE-2011-2200",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2200"
},
{
"name": "CVE-2015-7748",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7748"
},
{
"name": "CVE-2015-7750",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7750"
},
{
"name": "CVE-2015-7751",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7751"
},
{
"name": "CVE-2011-0411",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0411"
},
{
"name": "CVE-2008-3834",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3834"
},
{
"name": "CVE-2010-0624",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0624"
},
{
"name": "CVE-2014-0062",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0062"
},
{
"name": "CVE-2011-1025",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1025"
},
{
"name": "CVE-2014-6448",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6448"
},
{
"name": "CVE-2011-3597",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3597"
},
{
"name": "CVE-2010-0212",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0212"
},
{
"name": "CVE-2009-1185",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1185"
},
{
"name": "CVE-2009-4901",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4901"
},
{
"name": "CVE-2010-1172",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1172"
},
{
"name": "CVE-2010-4530",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4530"
},
{
"name": "CVE-2011-1024",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1024"
},
{
"name": "CVE-2014-3660",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3660"
},
{
"name": "CVE-2014-0060",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0060"
},
{
"name": "CVE-1999-0524",
"url": "https://www.cve.org/CVERecord?id=CVE-1999-0524"
},
{
"name": "CVE-2010-4015",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4015"
},
{
"name": "CVE-2011-0002",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0002"
},
{
"name": "CVE-2009-1574",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1574"
},
{
"name": "CVE-2009-3736",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3736"
},
{
"name": "CVE-2015-1790",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1790"
},
{
"name": "CVE-2012-2143",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2143"
},
{
"name": "CVE-2014-0066",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0066"
},
{
"name": "CVE-2010-0001",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0001"
}
],
"links": [],
"reference": "CERTFR-2015-AVI-431",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-10-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eJuniper\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10694 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10694\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10700 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10700\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10703 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10703\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10708 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10708\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10705 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10706 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10706\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10695 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10695\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10699 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10699\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10697 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10697\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10707 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10707\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10702 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10702\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10704 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10704\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10696 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10696\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10701 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10701\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
CVE-2009-1185 (GCVE-0-2009-1185)
Vulnerability from cvelistv5 – Published: 2009-04-17 14:00 – Updated: 2024-08-07 05:04
VLAI
EPSS
Summary
udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
39 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/502752/100… | mailing-listx_refsource_BUGTRAQ |
| http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0063 | x_refsource_MISC |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://secunia.com/advisories/34801 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/35766 | third-party-advisoryx_refsource_SECUNIA |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://slackware.com/security/viewer.php?l=slackw… | vendor-advisoryx_refsource_SLACKWARE |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://www.debian.org/security/2009/dsa-1772 | vendor-advisoryx_refsource_DEBIAN |
| http://www.gentoo.org/security/en/glsa/glsa-20090… | vendor-advisoryx_refsource_GENTOO |
| http://www.vupen.com/english/advisories/2009/1865 | vdb-entryx_refsource_VUPEN |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.securityfocus.com/bid/34536 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id?1022067 | vdb-entryx_refsource_SECTRACK |
| http://git.kernel.org/?p=linux/hotplug/udev.git%3… | x_refsource_CONFIRM |
| http://www.redhat.com/support/errata/RHSA-2009-04… | vendor-advisoryx_refsource_REDHAT |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://secunia.com/advisories/34776 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/34731 | third-party-advisoryx_refsource_SECUNIA |
| http://lists.vmware.com/pipermail/security-announ… | mailing-listx_refsource_MLIST |
| http://secunia.com/advisories/34753 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/34785 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/34787 | third-party-advisoryx_refsource_SECUNIA |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| https://launchpad.net/bugs/cve/2009-1185 | x_refsource_MISC |
| http://www.vupen.com/english/advisories/2009/1053 | vdb-entryx_refsource_VUPEN |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.ubuntu.com/usn/usn-758-1 | vendor-advisoryx_refsource_UBUNTU |
| http://git.kernel.org/?p=linux/hotplug/udev.git%3… | x_refsource_CONFIRM |
| http://kb.juniper.net/InfoCenter/index?page=conte… | x_refsource_CONFIRM |
| http://secunia.com/advisories/34771 | third-party-advisoryx_refsource_SECUNIA |
| http://kb.juniper.net/InfoCenter/index?page=conte… | x_refsource_CONFIRM |
| http://www.securityfocus.com/archive/1/504849/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/34750 | third-party-advisoryx_refsource_SECUNIA |
| http://wiki.rpath.com/Advisories:rPSA-2009-0063 | x_refsource_CONFIRM |
| http://www.vmware.com/security/advisories/VMSA-20… | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=495051 | x_refsource_CONFIRM |
| https://www.exploit-db.com/exploits/8572 | exploitx_refsource_EXPLOIT-DB |
Date Public
2009-04-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.238Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20090417 rPSA-2009-0063-1 udev",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502752/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0063"
},
{
"name": "oval:org.mitre.oval:def:5975",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5975"
},
{
"name": "34801",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34801"
},
{
"name": "35766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35766"
},
{
"name": "SUSE-SA:2009:020",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00006.html"
},
{
"name": "MDVSA-2009:104",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:104"
},
{
"name": "SSA:2009-111-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.446399"
},
{
"name": "FEDORA-2009-3712",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00462.html"
},
{
"name": "DSA-1772",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1772"
},
{
"name": "GLSA-200904-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200904-18.xml"
},
{
"name": "ADV-2009-1865",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1865"
},
{
"name": "oval:org.mitre.oval:def:10925",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10925"
},
{
"name": "34536",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34536"
},
{
"name": "1022067",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022067"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/hotplug/udev.git%3Ba=commitdiff%3Bh=e2b362d9f23d4c63018709ab5f81a02f72b91e75"
},
{
"name": "RHSA-2009:0427",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0427.html"
},
{
"name": "MDVSA-2009:103",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:103"
},
{
"name": "34776",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34776"
},
{
"name": "34731",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34731"
},
{
"name": "[Security-announce] 20090710 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000060.html"
},
{
"name": "34753",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34753"
},
{
"name": "34785",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34785"
},
{
"name": "34787",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34787"
},
{
"name": "FEDORA-2009-3711",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00463.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.net/bugs/cve/2009-1185"
},
{
"name": "ADV-2009-1053",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1053"
},
{
"name": "SUSE-SA:2009:025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00012.html"
},
{
"name": "USN-758-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-758-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/hotplug/udev.git%3Ba=commitdiff%3Bh=e86a923d508c2aed371cdd958ce82489cf2ab615"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691"
},
{
"name": "34771",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34771"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "20090711 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504849/100/0/threaded"
},
{
"name": "34750",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34750"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0063"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=495051"
},
{
"name": "8572",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/8572"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20090417 rPSA-2009-0063-1 udev",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502752/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0063"
},
{
"name": "oval:org.mitre.oval:def:5975",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5975"
},
{
"name": "34801",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34801"
},
{
"name": "35766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35766"
},
{
"name": "SUSE-SA:2009:020",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00006.html"
},
{
"name": "MDVSA-2009:104",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:104"
},
{
"name": "SSA:2009-111-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.446399"
},
{
"name": "FEDORA-2009-3712",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00462.html"
},
{
"name": "DSA-1772",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1772"
},
{
"name": "GLSA-200904-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200904-18.xml"
},
{
"name": "ADV-2009-1865",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1865"
},
{
"name": "oval:org.mitre.oval:def:10925",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10925"
},
{
"name": "34536",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34536"
},
{
"name": "1022067",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022067"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/hotplug/udev.git%3Ba=commitdiff%3Bh=e2b362d9f23d4c63018709ab5f81a02f72b91e75"
},
{
"name": "RHSA-2009:0427",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0427.html"
},
{
"name": "MDVSA-2009:103",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:103"
},
{
"name": "34776",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34776"
},
{
"name": "34731",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34731"
},
{
"name": "[Security-announce] 20090710 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000060.html"
},
{
"name": "34753",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34753"
},
{
"name": "34785",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34785"
},
{
"name": "34787",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34787"
},
{
"name": "FEDORA-2009-3711",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00463.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.net/bugs/cve/2009-1185"
},
{
"name": "ADV-2009-1053",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1053"
},
{
"name": "SUSE-SA:2009:025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00012.html"
},
{
"name": "USN-758-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-758-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/hotplug/udev.git%3Ba=commitdiff%3Bh=e86a923d508c2aed371cdd958ce82489cf2ab615"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691"
},
{
"name": "34771",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34771"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "20090711 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504849/100/0/threaded"
},
{
"name": "34750",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34750"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0063"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=495051"
},
{
"name": "8572",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/8572"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-1185",
"datePublished": "2009-04-17T14:00:00.000Z",
"dateReserved": "2009-03-31T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:04:49.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1189 (GCVE-0-2009-1189)
Vulnerability from cvelistv5 – Published: 2009-04-27 17:43 – Updated: 2024-08-07 05:04
VLAI
EPSS
Summary
The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
14 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2009/0… | mailing-listx_refsource_MLIST |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://bugs.freedesktop.org/show_bug.cgi?id=17803 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/31602 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/38794 | third-party-advisoryx_refsource_SECUNIA |
| http://lists.vmware.com/pipermail/security-announ… | mailing-listx_refsource_MLIST |
| https://usn.ubuntu.com/799-1/ | vendor-advisoryx_refsource_UBUNTU |
| http://secunia.com/advisories/35810 | third-party-advisoryx_refsource_SECUNIA |
| http://www.freedesktop.org/wiki/Software/dbus#hea… | x_refsource_CONFIRM |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| https://rhn.redhat.com/errata/RHSA-2010-0095.html | vendor-advisoryx_refsource_REDHAT |
| http://kb.juniper.net/InfoCenter/index?page=conte… | x_refsource_CONFIRM |
| http://secunia.com/advisories/32127 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2010/0528 | vdb-entryx_refsource_VUPEN |
Date Public
2009-04-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20090416 CVE-2009-1189: invalid fix for CVE-2008-3834 (dbus)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/04/16/13"
},
{
"name": "dbus-dbusmarshalvalidate-spoofing(50385)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50385"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.freedesktop.org/show_bug.cgi?id=17803"
},
{
"name": "31602",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31602"
},
{
"name": "38794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38794"
},
{
"name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"name": "USN-799-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/799-1/"
},
{
"name": "35810",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35810"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a"
},
{
"name": "oval:org.mitre.oval:def:10308",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10308"
},
{
"name": "RHSA-2010:0095",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "32127",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32127"
},
{
"name": "ADV-2010-0528",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0528"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20090416 CVE-2009-1189: invalid fix for CVE-2008-3834 (dbus)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/04/16/13"
},
{
"name": "dbus-dbusmarshalvalidate-spoofing(50385)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50385"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.freedesktop.org/show_bug.cgi?id=17803"
},
{
"name": "31602",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31602"
},
{
"name": "38794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38794"
},
{
"name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"name": "USN-799-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/799-1/"
},
{
"name": "35810",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35810"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a"
},
{
"name": "oval:org.mitre.oval:def:10308",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10308"
},
{
"name": "RHSA-2010:0095",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "32127",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32127"
},
{
"name": "ADV-2010-0528",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0528"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-1189",
"datePublished": "2009-04-27T17:43:00.000Z",
"dateReserved": "2009-03-31T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:04:49.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1574 (GCVE-0-2009-1574)
Vulnerability from cvelistv5 – Published: 2009-05-06 17:00 – Updated: 2024-08-07 05:20
VLAI
EPSS
Summary
racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
28 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.ubuntu.com/usn/USN-785-1 | vendor-advisoryx_refsource_UBUNTU |
| http://sourceforge.net/project/shownotes.php?grou… | x_refsource_CONFIRM |
| http://secunia.com/advisories/35159 | third-party-advisoryx_refsource_SECUNIA |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://www.openwall.com/lists/oss-security/2009/04/29/6 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/34765 | vdb-entryx_refsource_BID |
| http://www.redhat.com/support/errata/RHSA-2009-10… | vendor-advisoryx_refsource_REDHAT |
| http://secunia.com/advisories/35113 | third-party-advisoryx_refsource_SECUNIA |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://secunia.com/advisories/35404 | third-party-advisoryx_refsource_SECUNIA |
| http://www.openwall.com/lists/oss-security/2009/05/04/3 | mailing-listx_refsource_MLIST |
| http://secunia.com/advisories/35212 | third-party-advisoryx_refsource_SECUNIA |
| https://bugzilla.redhat.com/show_bug.cgi?id=497990 | x_refsource_CONFIRM |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://security.gentoo.org/glsa/glsa-200905-03.xml | vendor-advisoryx_refsource_GENTOO |
| http://secunia.com/advisories/35685 | third-party-advisoryx_refsource_SECUNIA |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://support.apple.com/kb/HT4298 | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2009/3184 | vdb-entryx_refsource_VUPEN |
| http://kb.juniper.net/InfoCenter/index?page=conte… | x_refsource_CONFIRM |
| http://secunia.com/advisories/35153 | third-party-advisoryx_refsource_SECUNIA |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://www.debian.org/security/2009/dsa-1804 | vendor-advisoryx_refsource_DEBIAN |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://support.apple.com/kb/HT3937 | x_refsource_CONFIRM |
Date Public
2009-04-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:20:33.659Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ipsectools-isakmpfrag-dos(50412)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50412"
},
{
"name": "USN-785-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-785-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=74601\u0026release_id=677611"
},
{
"name": "35159",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35159"
},
{
"name": "FEDORA-2009-4394",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00789.html"
},
{
"name": "[oss-security] 20090429 ipsec-tools 0.7.2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/04/29/6"
},
{
"name": "34765",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34765"
},
{
"name": "RHSA-2009:1036",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1036.html"
},
{
"name": "35113",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35113"
},
{
"name": "oval:org.mitre.oval:def:9624",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9624"
},
{
"name": "35404",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35404"
},
{
"name": "[oss-security] 20090504 Re: ipsec-tools 0.7.2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/05/04/3"
},
{
"name": "35212",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35212"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=497990"
},
{
"name": "APPLE-SA-2010-12-16-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html"
},
{
"name": "GLSA-200905-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200905-03.xml"
},
{
"name": "35685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35685"
},
{
"name": "FEDORA-2009-4298",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00746.html"
},
{
"name": "SUSE-SR:2009:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4298"
},
{
"name": "ADV-2009-3184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "35153",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35153"
},
{
"name": "FEDORA-2009-4291",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00725.html"
},
{
"name": "APPLE-SA-2009-11-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "DSA-1804",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1804"
},
{
"name": "MDVSA-2009:112",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:112"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3937"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ipsectools-isakmpfrag-dos(50412)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50412"
},
{
"name": "USN-785-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-785-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=74601\u0026release_id=677611"
},
{
"name": "35159",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35159"
},
{
"name": "FEDORA-2009-4394",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00789.html"
},
{
"name": "[oss-security] 20090429 ipsec-tools 0.7.2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/04/29/6"
},
{
"name": "34765",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34765"
},
{
"name": "RHSA-2009:1036",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1036.html"
},
{
"name": "35113",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35113"
},
{
"name": "oval:org.mitre.oval:def:9624",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9624"
},
{
"name": "35404",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35404"
},
{
"name": "[oss-security] 20090504 Re: ipsec-tools 0.7.2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/05/04/3"
},
{
"name": "35212",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35212"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=497990"
},
{
"name": "APPLE-SA-2010-12-16-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html"
},
{
"name": "GLSA-200905-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200905-03.xml"
},
{
"name": "35685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35685"
},
{
"name": "FEDORA-2009-4298",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00746.html"
},
{
"name": "SUSE-SR:2009:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4298"
},
{
"name": "ADV-2009-3184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "35153",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35153"
},
{
"name": "FEDORA-2009-4291",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00725.html"
},
{
"name": "APPLE-SA-2009-11-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "DSA-1804",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1804"
},
{
"name": "MDVSA-2009:112",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:112"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3937"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1574",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ipsectools-isakmpfrag-dos(50412)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50412"
},
{
"name": "USN-785-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-785-1"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=74601\u0026release_id=677611",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=74601\u0026release_id=677611"
},
{
"name": "35159",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35159"
},
{
"name": "FEDORA-2009-4394",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00789.html"
},
{
"name": "[oss-security] 20090429 ipsec-tools 0.7.2",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/04/29/6"
},
{
"name": "34765",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34765"
},
{
"name": "RHSA-2009:1036",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1036.html"
},
{
"name": "35113",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35113"
},
{
"name": "oval:org.mitre.oval:def:9624",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9624"
},
{
"name": "35404",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35404"
},
{
"name": "[oss-security] 20090504 Re: ipsec-tools 0.7.2",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/05/04/3"
},
{
"name": "35212",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35212"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=497990",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=497990"
},
{
"name": "APPLE-SA-2010-12-16-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html"
},
{
"name": "GLSA-200905-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200905-03.xml"
},
{
"name": "35685",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35685"
},
{
"name": "FEDORA-2009-4298",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00746.html"
},
{
"name": "SUSE-SR:2009:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "http://support.apple.com/kb/HT4298",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4298"
},
{
"name": "ADV-2009-3184",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "35153",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35153"
},
{
"name": "FEDORA-2009-4291",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00725.html"
},
{
"name": "APPLE-SA-2009-11-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "DSA-1804",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1804"
},
{
"name": "MDVSA-2009:112",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:112"
},
{
"name": "http://support.apple.com/kb/HT3937",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3937"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1574",
"datePublished": "2009-05-06T17:00:00.000Z",
"dateReserved": "2009-05-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:20:33.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1632 (GCVE-0-2009-1632)
Vulnerability from cvelistv5 – Published: 2009-05-14 17:00 – Updated: 2024-08-07 05:20
VLAI
EPSS
Summary
Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) signature verification during user authentication with X.509 certificates, related to the eay_check_x509sign function in src/racoon/crypto_openssl.c; and (2) the NAT-Traversal (aka NAT-T) keepalive implementation, related to src/racoon/nattraversal.c.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
26 references
| URL | Tags |
|---|---|
| http://www.ubuntu.com/usn/USN-785-1 | vendor-advisoryx_refsource_UBUNTU |
| http://sourceforge.net/project/shownotes.php?grou… | x_refsource_CONFIRM |
| http://secunia.com/advisories/35159 | third-party-advisoryx_refsource_SECUNIA |
| http://marc.info/?l=oss-security&m=124101704828036&w=2 | mailing-listx_refsource_MLIST |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/di… | x_refsource_CONFIRM |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.securityfocus.com/bid/34765 | vdb-entryx_refsource_BID |
| http://www.redhat.com/support/errata/RHSA-2009-10… | vendor-advisoryx_refsource_REDHAT |
| http://secunia.com/advisories/35404 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/35212 | third-party-advisoryx_refsource_SECUNIA |
| http://security.gentoo.org/glsa/glsa-200905-03.xml | vendor-advisoryx_refsource_GENTOO |
| http://secunia.com/advisories/35685 | third-party-advisoryx_refsource_SECUNIA |
| http://www.openwall.com/lists/oss-security/2009/05/12/3 | mailing-listx_refsource_MLIST |
| https://trac.ipsec-tools.net/ticket/303 | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.vupen.com/english/advisories/2009/3184 | vdb-entryx_refsource_VUPEN |
| http://kb.juniper.net/InfoCenter/index?page=conte… | x_refsource_CONFIRM |
| http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/di… | x_refsource_CONFIRM |
| http://secunia.com/advisories/35153 | third-party-advisoryx_refsource_SECUNIA |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://sourceforge.net/mailarchive/forum.php?thre… | mailing-listx_refsource_MLIST |
| http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/di… | x_refsource_CONFIRM |
| http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/di… | x_refsource_CONFIRM |
| http://www.debian.org/security/2009/dsa-1804 | vendor-advisoryx_refsource_DEBIAN |
| http://support.apple.com/kb/HT3937 | x_refsource_CONFIRM |
Date Public
2009-05-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:20:34.877Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-785-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-785-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=74601\u0026release_id=677611"
},
{
"name": "35159",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35159"
},
{
"name": "[oss-security] 20090429 ipsec-tools 0.7.2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=124101704828036\u0026w=2"
},
{
"name": "MDVSA-2009:114",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:114"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c"
},
{
"name": "oval:org.mitre.oval:def:10581",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10581"
},
{
"name": "34765",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34765"
},
{
"name": "RHSA-2009:1036",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1036.html"
},
{
"name": "35404",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35404"
},
{
"name": "35212",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35212"
},
{
"name": "GLSA-200905-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200905-03.xml"
},
{
"name": "35685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35685"
},
{
"name": "[oss-security] 20090512 Re: ipsec-tools 0.7.2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/05/12/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://trac.ipsec-tools.net/ticket/303"
},
{
"name": "SUSE-SR:2009:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "ADV-2009-3184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/nattraversal.c"
},
{
"name": "35153",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35153"
},
{
"name": "APPLE-SA-2009-11-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "[ipsec-tools-announce] 20090422 Ipsec-tools 0.7.2 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=20090422151825.GB46988%40zeninc.net\u0026forum_name=ipsec-tools-announce"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/nattraversal.c.diff?r1=1.6\u0026r2=1.6.6.1\u0026f=h"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c.diff?r1=1.11.6.4\u0026r2=1.11.6.5\u0026f=h"
},
{
"name": "DSA-1804",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1804"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3937"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) signature verification during user authentication with X.509 certificates, related to the eay_check_x509sign function in src/racoon/crypto_openssl.c; and (2) the NAT-Traversal (aka NAT-T) keepalive implementation, related to src/racoon/nattraversal.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-785-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-785-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=74601\u0026release_id=677611"
},
{
"name": "35159",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35159"
},
{
"name": "[oss-security] 20090429 ipsec-tools 0.7.2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=124101704828036\u0026w=2"
},
{
"name": "MDVSA-2009:114",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:114"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c"
},
{
"name": "oval:org.mitre.oval:def:10581",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10581"
},
{
"name": "34765",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34765"
},
{
"name": "RHSA-2009:1036",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1036.html"
},
{
"name": "35404",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35404"
},
{
"name": "35212",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35212"
},
{
"name": "GLSA-200905-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200905-03.xml"
},
{
"name": "35685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35685"
},
{
"name": "[oss-security] 20090512 Re: ipsec-tools 0.7.2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/05/12/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://trac.ipsec-tools.net/ticket/303"
},
{
"name": "SUSE-SR:2009:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "ADV-2009-3184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/nattraversal.c"
},
{
"name": "35153",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35153"
},
{
"name": "APPLE-SA-2009-11-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "[ipsec-tools-announce] 20090422 Ipsec-tools 0.7.2 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=20090422151825.GB46988%40zeninc.net\u0026forum_name=ipsec-tools-announce"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/nattraversal.c.diff?r1=1.6\u0026r2=1.6.6.1\u0026f=h"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c.diff?r1=1.11.6.4\u0026r2=1.11.6.5\u0026f=h"
},
{
"name": "DSA-1804",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1804"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3937"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1632",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) signature verification during user authentication with X.509 certificates, related to the eay_check_x509sign function in src/racoon/crypto_openssl.c; and (2) the NAT-Traversal (aka NAT-T) keepalive implementation, related to src/racoon/nattraversal.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-785-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-785-1"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=74601\u0026release_id=677611",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=74601\u0026release_id=677611"
},
{
"name": "35159",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35159"
},
{
"name": "[oss-security] 20090429 ipsec-tools 0.7.2",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=124101704828036\u0026w=2"
},
{
"name": "MDVSA-2009:114",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:114"
},
{
"name": "http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c",
"refsource": "CONFIRM",
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c"
},
{
"name": "oval:org.mitre.oval:def:10581",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10581"
},
{
"name": "34765",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34765"
},
{
"name": "RHSA-2009:1036",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1036.html"
},
{
"name": "35404",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35404"
},
{
"name": "35212",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35212"
},
{
"name": "GLSA-200905-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200905-03.xml"
},
{
"name": "35685",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35685"
},
{
"name": "[oss-security] 20090512 Re: ipsec-tools 0.7.2",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/05/12/3"
},
{
"name": "https://trac.ipsec-tools.net/ticket/303",
"refsource": "CONFIRM",
"url": "https://trac.ipsec-tools.net/ticket/303"
},
{
"name": "SUSE-SR:2009:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "ADV-2009-3184",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/nattraversal.c",
"refsource": "CONFIRM",
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/nattraversal.c"
},
{
"name": "35153",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35153"
},
{
"name": "APPLE-SA-2009-11-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "[ipsec-tools-announce] 20090422 Ipsec-tools 0.7.2 released",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=20090422151825.GB46988%40zeninc.net\u0026forum_name=ipsec-tools-announce"
},
{
"name": "http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/nattraversal.c.diff?r1=1.6\u0026r2=1.6.6.1\u0026f=h",
"refsource": "CONFIRM",
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/nattraversal.c.diff?r1=1.6\u0026r2=1.6.6.1\u0026f=h"
},
{
"name": "http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c.diff?r1=1.11.6.4\u0026r2=1.11.6.5\u0026f=h",
"refsource": "CONFIRM",
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c.diff?r1=1.11.6.4\u0026r2=1.11.6.5\u0026f=h"
},
{
"name": "DSA-1804",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1804"
},
{
"name": "http://support.apple.com/kb/HT3937",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3937"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1632",
"datePublished": "2009-05-14T17:00:00.000Z",
"dateReserved": "2009-05-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:20:34.877Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2905 (GCVE-0-2009-2905)
Vulnerability from cvelistv5 – Published: 2009-09-29 19:00 – Updated: 2024-08-07 06:07
VLAI
EPSS
Summary
Heap-based buffer overflow in textbox.c in newt 0.51.5, 0.51.6, and 0.52.2 allows local users to cause a denial of service (application crash) or possibly execute arbitrary code via a request to display a crafted text dialog box.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
16 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/38794 | third-party-advisoryx_refsource_SECUNIA |
| http://lists.vmware.com/pipermail/security-announ… | mailing-listx_refsource_MLIST |
| http://www.debian.org/security/2009/dsa-1894 | vendor-advisoryx_refsource_DEBIAN |
| https://bugzilla.redhat.com/show_bug.cgi?id=523955 | x_refsource_CONFIRM |
| https://rhn.redhat.com/errata/RHSA-2009-1463.html | vendor-advisoryx_refsource_REDHAT |
| http://support.avaya.com/css/P8/documents/100067251 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/36515 | vdb-entryx_refsource_BID |
| http://security.debian.org/pool/updates/main/n/ne… | x_refsource_CONFIRM |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://secunia.com/advisories/37922 | third-party-advisoryx_refsource_SECUNIA |
| http://www.ubuntu.com/usn/USN-837-1 | vendor-advisoryx_refsource_UBUNTU |
| http://secunia.com/advisories/38833 | third-party-advisoryx_refsource_SECUNIA |
| http://kb.juniper.net/InfoCenter/index?page=conte… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.vupen.com/english/advisories/2010/0528 | vdb-entryx_refsource_VUPEN |
Date Public
2009-09-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:07:37.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38794"
},
{
"name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"name": "DSA-1894",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1894"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=523955"
},
{
"name": "RHSA-2009:1463",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1463.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/css/P8/documents/100067251"
},
{
"name": "36515",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36515"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.debian.org/pool/updates/main/n/newt/newt_0.52.2-10+etch1.diff.gz"
},
{
"name": "oval:org.mitre.oval:def:8556",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8556"
},
{
"name": "oval:org.mitre.oval:def:9664",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9664"
},
{
"name": "37922",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37922"
},
{
"name": "USN-837-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-837-1"
},
{
"name": "38833",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38833"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "SUSE-SR:2009:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"
},
{
"name": "ADV-2010-0528",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0528"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in textbox.c in newt 0.51.5, 0.51.6, and 0.52.2 allows local users to cause a denial of service (application crash) or possibly execute arbitrary code via a request to display a crafted text dialog box."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "38794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38794"
},
{
"name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"name": "DSA-1894",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1894"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=523955"
},
{
"name": "RHSA-2009:1463",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1463.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/css/P8/documents/100067251"
},
{
"name": "36515",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36515"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.debian.org/pool/updates/main/n/newt/newt_0.52.2-10+etch1.diff.gz"
},
{
"name": "oval:org.mitre.oval:def:8556",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8556"
},
{
"name": "oval:org.mitre.oval:def:9664",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9664"
},
{
"name": "37922",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37922"
},
{
"name": "USN-837-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-837-1"
},
{
"name": "38833",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38833"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "SUSE-SR:2009:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"
},
{
"name": "ADV-2010-0528",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0528"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-2905",
"datePublished": "2009-09-29T19:00:00.000Z",
"dateReserved": "2009-08-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:07:37.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3490 (GCVE-0-2009-3490)
Vulnerability from cvelistv5 – Published: 2009-09-30 15:00 – Updated: 2024-08-07 06:31
VLAI
EPSS
Summary
GNU Wget before 1.12 does not properly handle a '\0' character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://permalink.gmane.org/gmane.comp.web.wget.ge… | mailing-listx_refsource_MLIST |
| http://marc.info/?l=oss-security&m=125369675820512&w=2 | mailing-listx_refsource_MLIST |
| http://www.vupen.com/english/advisories/2009/2498 | vdb-entryx_refsource_VUPEN |
| https://bugzilla.redhat.com/show_bug.cgi?id=520454 | x_refsource_CONFIRM |
| http://addictivecode.org/pipermail/wget-notify/20… | mailing-listx_refsource_MLIST |
| http://kb.juniper.net/InfoCenter/index?page=conte… | x_refsource_CONFIRM |
| http://secunia.com/advisories/36540 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/36205 | vdb-entryx_refsource_BID |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://hg.addictivecode.org/wget/mainline/rev/1ea… | x_refsource_CONFIRM |
| http://marc.info/?l=oss-security&m=125198917018936&w=2 | mailing-listx_refsource_MLIST |
Date Public
2009-08-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:31:09.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[bug-wget] 20090922 Release: GNU Wget 1.12",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://permalink.gmane.org/gmane.comp.web.wget.general/8972"
},
{
"name": "[oss-security] 20090923 Re: More CVE-2009-2408 like issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=125369675820512\u0026w=2"
},
{
"name": "ADV-2009-2498",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2498"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=520454"
},
{
"name": "[wget-notify] 20090805 [bug #27183] Wget likely suffers from the \\0 SSL cert vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://addictivecode.org/pipermail/wget-notify/2009-August/001808.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "36540",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36540"
},
{
"name": "36205",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36205"
},
{
"name": "oval:org.mitre.oval:def:11099",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11099"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.addictivecode.org/wget/mainline/rev/1eab157d3be7"
},
{
"name": "[oss-security] 20090903 More CVE-2009-2408 like issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=125198917018936\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GNU Wget before 1.12 does not properly handle a \u0027\\0\u0027 character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[bug-wget] 20090922 Release: GNU Wget 1.12",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://permalink.gmane.org/gmane.comp.web.wget.general/8972"
},
{
"name": "[oss-security] 20090923 Re: More CVE-2009-2408 like issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=125369675820512\u0026w=2"
},
{
"name": "ADV-2009-2498",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2498"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=520454"
},
{
"name": "[wget-notify] 20090805 [bug #27183] Wget likely suffers from the \\0 SSL cert vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://addictivecode.org/pipermail/wget-notify/2009-August/001808.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "36540",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36540"
},
{
"name": "36205",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36205"
},
{
"name": "oval:org.mitre.oval:def:11099",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11099"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.addictivecode.org/wget/mainline/rev/1eab157d3be7"
},
{
"name": "[oss-security] 20090903 More CVE-2009-2408 like issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=125198917018936\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3490",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNU Wget before 1.12 does not properly handle a \u0027\\0\u0027 character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[bug-wget] 20090922 Release: GNU Wget 1.12",
"refsource": "MLIST",
"url": "http://permalink.gmane.org/gmane.comp.web.wget.general/8972"
},
{
"name": "[oss-security] 20090923 Re: More CVE-2009-2408 like issues",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=125369675820512\u0026w=2"
},
{
"name": "ADV-2009-2498",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2498"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=520454",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=520454"
},
{
"name": "[wget-notify] 20090805 [bug #27183] Wget likely suffers from the \\0 SSL cert vulnerability",
"refsource": "MLIST",
"url": "http://addictivecode.org/pipermail/wget-notify/2009-August/001808.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "36540",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36540"
},
{
"name": "36205",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36205"
},
{
"name": "oval:org.mitre.oval:def:11099",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11099"
},
{
"name": "http://hg.addictivecode.org/wget/mainline/rev/1eab157d3be7",
"refsource": "CONFIRM",
"url": "http://hg.addictivecode.org/wget/mainline/rev/1eab157d3be7"
},
{
"name": "[oss-security] 20090903 More CVE-2009-2408 like issues",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=125198917018936\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3490",
"datePublished": "2009-09-30T15:00:00.000Z",
"dateReserved": "2009-09-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:31:09.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3736 (GCVE-0-2009-3736)
Vulnerability from cvelistv5 – Published: 2009-11-27 20:00 – Updated: 2024-08-07 06:38
VLAI
EPSS
Summary
ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
38 references
| URL | Tags |
|---|---|
| http://security.gentoo.org/glsa/glsa-201311-10.xml | vendor-advisoryx_refsource_GENTOO |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://support.avaya.com/css/P8/documents/100074869 | x_refsource_CONFIRM |
| ftp://ftp.gnu.org/gnu/libtool/libtool-2.2.6a-2.2.… | x_refsource_CONFIRM |
| http://secunia.com/advisories/39299 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/38577 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/38617 | third-party-advisoryx_refsource_SECUNIA |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://secunia.com/advisories/37414 | third-party-advisoryx_refsource_SECUNIA |
| https://bugzilla.redhat.com/show_bug.cgi?id=537941 | x_refsource_CONFIRM |
| http://hamlib.svn.sourceforge.net/viewvc/hamlib/t… | x_refsource_CONFIRM |
| http://secunia.com/advisories/55721 | third-party-advisoryx_refsource_SECUNIA |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://secunia.com/advisories/38190 | third-party-advisoryx_refsource_SECUNIA |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://git.savannah.gnu.org/cgit/libtool.git/comm… | x_refsource_CONFIRM |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.redhat.com/support/errata/RHSA-2010-00… | vendor-advisoryx_refsource_REDHAT |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://secunia.com/advisories/43617 | third-party-advisoryx_refsource_SECUNIA |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://lists.gnu.org/archive/html/libtool/2009-11… | mailing-listx_refsource_MLIST |
| http://www.vupen.com/english/advisories/2011/0574 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/37128 | vdb-entryx_refsource_BID |
| http://lists.gnu.org/archive/html/libtool/2009-11… | mailing-listx_refsource_MLIST |
| http://secunia.com/advisories/37489 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/39347 | third-party-advisoryx_refsource_SECUNIA |
| https://rhn.redhat.com/errata/RHSA-2010-0095.html | vendor-advisoryx_refsource_REDHAT |
| http://kb.juniper.net/InfoCenter/index?page=conte… | x_refsource_CONFIRM |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://secunia.com/advisories/38696 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/37997 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/38915 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2009-11-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:38:29.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201311-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201311-10.xml"
},
{
"name": "MDVSA-2010:105",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:105"
},
{
"name": "FEDORA-2010-1872",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035133.html"
},
{
"name": "MDVSA-2010:091",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:091"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/css/P8/documents/100074869"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.gnu.org/gnu/libtool/libtool-2.2.6a-2.2.6b.diff.gz"
},
{
"name": "39299",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39299"
},
{
"name": "38577",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38577"
},
{
"name": "38617",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38617"
},
{
"name": "MDVSA-2010:035",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:035"
},
{
"name": "37414",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37414"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=537941"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hamlib.svn.sourceforge.net/viewvc/hamlib/trunk/libltdl/Makefile.am?revision=2841\u0026view=markup"
},
{
"name": "55721",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55721"
},
{
"name": "FEDORA-2010-1924",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035168.html"
},
{
"name": "38190",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38190"
},
{
"name": "oval:org.mitre.oval:def:6951",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6951"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.savannah.gnu.org/cgit/libtool.git/commit/?h=branch-1-5\u0026id=29b48580df75f0c5baa2962548a4c101ec7ed7ec"
},
{
"name": "FEDORA-2009-12813",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01512.html"
},
{
"name": "FEDORA-2011-1967",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054921.html"
},
{
"name": "RHSA-2010:0039",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0039.html"
},
{
"name": "MDVSA-2009:307",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:307"
},
{
"name": "SUSE-SR:2010:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"
},
{
"name": "FEDORA-2011-1990",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054656.html"
},
{
"name": "43617",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43617"
},
{
"name": "FEDORA-2011-1958",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054915.html"
},
{
"name": "[libtool] 20091116 GNU Libtool 2.2.6b released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/libtool/2009-11/msg00059.html"
},
{
"name": "ADV-2011-0574",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0574"
},
{
"name": "37128",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37128"
},
{
"name": "[libtool] 20091116 Backport of libltdl changes to branch-1-5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/libtool/2009-11/msg00065.html"
},
{
"name": "37489",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37489"
},
{
"name": "39347",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39347"
},
{
"name": "RHSA-2010:0095",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "oval:org.mitre.oval:def:11687",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11687"
},
{
"name": "38696",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38696"
},
{
"name": "37997",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37997"
},
{
"name": "38915",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38915"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "GLSA-201311-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201311-10.xml"
},
{
"name": "MDVSA-2010:105",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:105"
},
{
"name": "FEDORA-2010-1872",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035133.html"
},
{
"name": "MDVSA-2010:091",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:091"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/css/P8/documents/100074869"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.gnu.org/gnu/libtool/libtool-2.2.6a-2.2.6b.diff.gz"
},
{
"name": "39299",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39299"
},
{
"name": "38577",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38577"
},
{
"name": "38617",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38617"
},
{
"name": "MDVSA-2010:035",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:035"
},
{
"name": "37414",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37414"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=537941"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hamlib.svn.sourceforge.net/viewvc/hamlib/trunk/libltdl/Makefile.am?revision=2841\u0026view=markup"
},
{
"name": "55721",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55721"
},
{
"name": "FEDORA-2010-1924",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035168.html"
},
{
"name": "38190",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38190"
},
{
"name": "oval:org.mitre.oval:def:6951",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6951"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.savannah.gnu.org/cgit/libtool.git/commit/?h=branch-1-5\u0026id=29b48580df75f0c5baa2962548a4c101ec7ed7ec"
},
{
"name": "FEDORA-2009-12813",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01512.html"
},
{
"name": "FEDORA-2011-1967",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054921.html"
},
{
"name": "RHSA-2010:0039",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0039.html"
},
{
"name": "MDVSA-2009:307",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:307"
},
{
"name": "SUSE-SR:2010:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"
},
{
"name": "FEDORA-2011-1990",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054656.html"
},
{
"name": "43617",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43617"
},
{
"name": "FEDORA-2011-1958",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054915.html"
},
{
"name": "[libtool] 20091116 GNU Libtool 2.2.6b released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/libtool/2009-11/msg00059.html"
},
{
"name": "ADV-2011-0574",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0574"
},
{
"name": "37128",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37128"
},
{
"name": "[libtool] 20091116 Backport of libltdl changes to branch-1-5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/libtool/2009-11/msg00065.html"
},
{
"name": "37489",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37489"
},
{
"name": "39347",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39347"
},
{
"name": "RHSA-2010:0095",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "oval:org.mitre.oval:def:11687",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11687"
},
{
"name": "38696",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38696"
},
{
"name": "37997",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37997"
},
{
"name": "38915",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38915"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2009-3736",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201311-10",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201311-10.xml"
},
{
"name": "MDVSA-2010:105",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:105"
},
{
"name": "FEDORA-2010-1872",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035133.html"
},
{
"name": "MDVSA-2010:091",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:091"
},
{
"name": "http://support.avaya.com/css/P8/documents/100074869",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100074869"
},
{
"name": "ftp://ftp.gnu.org/gnu/libtool/libtool-2.2.6a-2.2.6b.diff.gz",
"refsource": "CONFIRM",
"url": "ftp://ftp.gnu.org/gnu/libtool/libtool-2.2.6a-2.2.6b.diff.gz"
},
{
"name": "39299",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39299"
},
{
"name": "38577",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38577"
},
{
"name": "38617",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38617"
},
{
"name": "MDVSA-2010:035",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:035"
},
{
"name": "37414",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37414"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=537941",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=537941"
},
{
"name": "http://hamlib.svn.sourceforge.net/viewvc/hamlib/trunk/libltdl/Makefile.am?revision=2841\u0026view=markup",
"refsource": "CONFIRM",
"url": "http://hamlib.svn.sourceforge.net/viewvc/hamlib/trunk/libltdl/Makefile.am?revision=2841\u0026view=markup"
},
{
"name": "55721",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55721"
},
{
"name": "FEDORA-2010-1924",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035168.html"
},
{
"name": "38190",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38190"
},
{
"name": "oval:org.mitre.oval:def:6951",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6951"
},
{
"name": "http://git.savannah.gnu.org/cgit/libtool.git/commit/?h=branch-1-5\u0026id=29b48580df75f0c5baa2962548a4c101ec7ed7ec",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/cgit/libtool.git/commit/?h=branch-1-5\u0026id=29b48580df75f0c5baa2962548a4c101ec7ed7ec"
},
{
"name": "FEDORA-2009-12813",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01512.html"
},
{
"name": "FEDORA-2011-1967",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054921.html"
},
{
"name": "RHSA-2010:0039",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0039.html"
},
{
"name": "MDVSA-2009:307",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:307"
},
{
"name": "SUSE-SR:2010:006",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"
},
{
"name": "FEDORA-2011-1990",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054656.html"
},
{
"name": "43617",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43617"
},
{
"name": "FEDORA-2011-1958",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054915.html"
},
{
"name": "[libtool] 20091116 GNU Libtool 2.2.6b released",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/libtool/2009-11/msg00059.html"
},
{
"name": "ADV-2011-0574",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0574"
},
{
"name": "37128",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37128"
},
{
"name": "[libtool] 20091116 Backport of libltdl changes to branch-1-5",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/libtool/2009-11/msg00065.html"
},
{
"name": "37489",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37489"
},
{
"name": "39347",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39347"
},
{
"name": "RHSA-2010:0095",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "oval:org.mitre.oval:def:11687",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11687"
},
{
"name": "38696",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38696"
},
{
"name": "37997",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37997"
},
{
"name": "38915",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38915"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2009-3736",
"datePublished": "2009-11-27T20:00:00.000Z",
"dateReserved": "2009-10-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:38:29.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4901 (GCVE-0-2009-4901)
Vulnerability from cvelistv5 – Published: 2010-06-18 16:00 – Updated: 2024-08-07 07:17
VLAI
EPSS
Summary
The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/40758 | vdb-entryx_refsource_BID |
| http://www.debian.org/security/2010/dsa-2059 | vendor-advisoryx_refsource_DEBIAN |
| http://svn.debian.org/wsvn/pcsclite/?sc=1&rev=4208 | x_refsource_CONFIRM |
| http://secunia.com/advisories/40239 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/40140 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2010/1427 | vdb-entryx_refsource_VUPEN |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.vupen.com/english/advisories/2010/1508 | vdb-entryx_refsource_VUPEN |
| http://kb.juniper.net/InfoCenter/index?page=conte… | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=596426 | x_refsource_CONFIRM |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
Date Public
2009-05-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:25.900Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "40758",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40758"
},
{
"name": "DSA-2059",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2059"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.debian.org/wsvn/pcsclite/?sc=1\u0026rev=4208"
},
{
"name": "40239",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40239"
},
{
"name": "40140",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40140"
},
{
"name": "ADV-2010-1427",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1427"
},
{
"name": "FEDORA-2010-9995",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042900.html"
},
{
"name": "ADV-2010-1508",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1508"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426"
},
{
"name": "FEDORA-2010-10014",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042921.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "40758",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40758"
},
{
"name": "DSA-2059",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2059"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.debian.org/wsvn/pcsclite/?sc=1\u0026rev=4208"
},
{
"name": "40239",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40239"
},
{
"name": "40140",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40140"
},
{
"name": "ADV-2010-1427",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1427"
},
{
"name": "FEDORA-2010-9995",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042900.html"
},
{
"name": "ADV-2010-1508",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1508"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426"
},
{
"name": "FEDORA-2010-10014",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042921.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40758"
},
{
"name": "DSA-2059",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2059"
},
{
"name": "http://svn.debian.org/wsvn/pcsclite/?sc=1\u0026rev=4208",
"refsource": "CONFIRM",
"url": "http://svn.debian.org/wsvn/pcsclite/?sc=1\u0026rev=4208"
},
{
"name": "40239",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40239"
},
{
"name": "40140",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40140"
},
{
"name": "ADV-2010-1427",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1427"
},
{
"name": "FEDORA-2010-9995",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042900.html"
},
{
"name": "ADV-2010-1508",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1508"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=596426",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426"
},
{
"name": "FEDORA-2010-10014",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042921.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4901",
"datePublished": "2010-06-18T16:00:00.000Z",
"dateReserved": "2010-06-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:17:25.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0001 (GCVE-0-2010-0001)
Vulnerability from cvelistv5 – Published: 2010-01-29 18:00 – Updated: 2024-08-07 00:30
VLAI
EPSS
Summary
Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
31 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/38220 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/40655 | third-party-advisoryx_refsource_SECUNIA |
| http://support.apple.com/kb/HT4435 | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2010/0185 | vdb-entryx_refsource_VUPEN |
| http://ncompress.sourceforge.net/#status | x_refsource_CONFIRM |
| http://itrc.hp.com/service/cki/docDisplay.do?docI… | vendor-advisoryx_refsource_HP |
| http://www.ubuntu.com/usn/USN-889-1 | vendor-advisoryx_refsource_UBUNTU |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://securitytracker.com/id?1023490 | vdb-entryx_refsource_SECTRACK |
| http://www.vupen.com/english/advisories/2010/1872 | vdb-entryx_refsource_VUPEN |
| https://bugzilla.redhat.com/show_bug.cgi?id=554418 | x_refsource_CONFIRM |
| http://git.savannah.gnu.org/cgit/gzip.git/commit/… | x_refsource_CONFIRM |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://www.debian.org/security/2010/dsa-1974 | vendor-advisoryx_refsource_DEBIAN |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://secunia.com/advisories/40689 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/40551 | third-party-advisoryx_refsource_SECUNIA |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://secunia.com/advisories/38223 | third-party-advisoryx_refsource_SECUNIA |
| http://savannah.gnu.org/forum/forum.php?forum_id=6153 | x_refsource_CONFIRM |
| http://www.debian.org/security/2010/dsa-2074 | vendor-advisoryx_refsource_DEBIAN |
| http://www.vupen.com/english/advisories/2010/1796 | vdb-entryx_refsource_VUPEN |
| http://www.redhat.com/support/errata/RHSA-2010-00… | vendor-advisoryx_refsource_REDHAT |
| https://rhn.redhat.com/errata/RHSA-2010-0095.html | vendor-advisoryx_refsource_REDHAT |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://kb.juniper.net/InfoCenter/index?page=conte… | x_refsource_CONFIRM |
| http://secunia.com/advisories/38225 | third-party-advisoryx_refsource_SECUNIA |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://secunia.com/advisories/38232 | third-party-advisoryx_refsource_SECUNIA |
| http://www.osvdb.org/61869 | vdb-entryx_refsource_OSVDB |
Date Public
2010-01-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:30:47.036Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38220",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38220"
},
{
"name": "40655",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40655"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4435"
},
{
"name": "ADV-2010-0185",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0185"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ncompress.sourceforge.net/#status"
},
{
"name": "SSRT100018",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083"
},
{
"name": "USN-889-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-889-1"
},
{
"name": "oval:org.mitre.oval:def:10546",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10546"
},
{
"name": "1023490",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023490"
},
{
"name": "ADV-2010-1872",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1872"
},
{
"name": "HPSBMA02554",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554418"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=a3db5806d012082b9e25cc36d09f19cd736a468f"
},
{
"name": "APPLE-SA-2010-11-10-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "DSA-1974",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-1974"
},
{
"name": "MDVSA-2010:020",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:020"
},
{
"name": "40689",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40689"
},
{
"name": "40551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40551"
},
{
"name": "oval:org.mitre.oval:def:7511",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7511"
},
{
"name": "38223",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38223"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://savannah.gnu.org/forum/forum.php?forum_id=6153"
},
{
"name": "DSA-2074",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2074"
},
{
"name": "ADV-2010-1796",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1796"
},
{
"name": "RHSA-2010:0061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0061.html"
},
{
"name": "RHSA-2010:0095",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"name": "MDVSA-2010:019",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:019"
},
{
"name": "MDVSA-2011:152",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:152"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "38225",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38225"
},
{
"name": "SUSE-SA:2010:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
},
{
"name": "38232",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38232"
},
{
"name": "61869",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/61869"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "38220",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38220"
},
{
"name": "40655",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40655"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4435"
},
{
"name": "ADV-2010-0185",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0185"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ncompress.sourceforge.net/#status"
},
{
"name": "SSRT100018",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083"
},
{
"name": "USN-889-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-889-1"
},
{
"name": "oval:org.mitre.oval:def:10546",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10546"
},
{
"name": "1023490",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023490"
},
{
"name": "ADV-2010-1872",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1872"
},
{
"name": "HPSBMA02554",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554418"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=a3db5806d012082b9e25cc36d09f19cd736a468f"
},
{
"name": "APPLE-SA-2010-11-10-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "DSA-1974",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-1974"
},
{
"name": "MDVSA-2010:020",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:020"
},
{
"name": "40689",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40689"
},
{
"name": "40551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40551"
},
{
"name": "oval:org.mitre.oval:def:7511",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7511"
},
{
"name": "38223",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38223"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://savannah.gnu.org/forum/forum.php?forum_id=6153"
},
{
"name": "DSA-2074",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2074"
},
{
"name": "ADV-2010-1796",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1796"
},
{
"name": "RHSA-2010:0061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0061.html"
},
{
"name": "RHSA-2010:0095",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"name": "MDVSA-2010:019",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:019"
},
{
"name": "MDVSA-2011:152",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:152"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "38225",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38225"
},
{
"name": "SUSE-SA:2010:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
},
{
"name": "38232",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38232"
},
{
"name": "61869",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/61869"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-0001",
"datePublished": "2010-01-29T18:00:00.000Z",
"dateReserved": "2009-12-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:30:47.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0211 (GCVE-0-2010-0211)
Vulnerability from cvelistv5 – Published: 2010-07-27 22:00 – Updated: 2024-08-07 00:37
VLAI
EPSS
Summary
The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
19 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id?1024221 | vdb-entryx_refsource_SECTRACK |
| http://support.apple.com/kb/HT4435 | x_refsource_CONFIRM |
| http://security.gentoo.org/glsa/glsa-201406-36.xml | vendor-advisoryx_refsource_GENTOO |
| http://www.openldap.org/its/index.cgi/Software%20… | x_refsource_CONFIRM |
| http://www.vmware.com/security/advisories/VMSA-20… | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2010/1858 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/40677 | third-party-advisoryx_refsource_SECUNIA |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://www.vupen.com/english/advisories/2010/1849 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/41770 | vdb-entryx_refsource_BID |
| http://www.redhat.com/support/errata/RHSA-2010-05… | vendor-advisoryx_refsource_REDHAT |
| http://secunia.com/advisories/40687 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/515545/100… | mailing-listx_refsource_BUGTRAQ |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.redhat.com/support/errata/RHSA-2010-05… | vendor-advisoryx_refsource_REDHAT |
| http://kb.juniper.net/InfoCenter/index?page=conte… | x_refsource_CONFIRM |
| http://secunia.com/advisories/40639 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/42787 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2011/0025 | vdb-entryx_refsource_VUPEN |
Date Public
2010-07-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:37:54.224Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1024221",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024221"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4435"
},
{
"name": "GLSA-201406-36",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-36.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6570"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0001.html"
},
{
"name": "ADV-2010-1858",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1858"
},
{
"name": "40677",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40677"
},
{
"name": "APPLE-SA-2010-11-10-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "ADV-2010-1849",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1849"
},
{
"name": "41770",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/41770"
},
{
"name": "RHSA-2010:0542",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0542.html"
},
{
"name": "40687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40687"
},
{
"name": "20110105 VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/515545/100/0/threaded"
},
{
"name": "SUSE-SR:2010:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "RHSA-2010:0543",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0543.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "40639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40639"
},
{
"name": "42787",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42787"
},
{
"name": "ADV-2011-0025",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "1024221",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024221"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4435"
},
{
"name": "GLSA-201406-36",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-36.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6570"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0001.html"
},
{
"name": "ADV-2010-1858",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1858"
},
{
"name": "40677",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40677"
},
{
"name": "APPLE-SA-2010-11-10-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "ADV-2010-1849",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1849"
},
{
"name": "41770",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/41770"
},
{
"name": "RHSA-2010:0542",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0542.html"
},
{
"name": "40687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40687"
},
{
"name": "20110105 VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/515545/100/0/threaded"
},
{
"name": "SUSE-SR:2010:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "RHSA-2010:0543",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0543.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "40639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40639"
},
{
"name": "42787",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42787"
},
{
"name": "ADV-2011-0025",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0025"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2010-0211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1024221",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024221"
},
{
"name": "http://support.apple.com/kb/HT4435",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4435"
},
{
"name": "GLSA-201406-36",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201406-36.xml"
},
{
"name": "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6570",
"refsource": "CONFIRM",
"url": "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6570"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0001.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0001.html"
},
{
"name": "ADV-2010-1858",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1858"
},
{
"name": "40677",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40677"
},
{
"name": "APPLE-SA-2010-11-10-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "ADV-2010-1849",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1849"
},
{
"name": "41770",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41770"
},
{
"name": "RHSA-2010:0542",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0542.html"
},
{
"name": "40687",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40687"
},
{
"name": "20110105 VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/515545/100/0/threaded"
},
{
"name": "SUSE-SR:2010:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "RHSA-2010:0543",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0543.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "40639",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40639"
},
{
"name": "42787",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42787"
},
{
"name": "ADV-2011-0025",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0025"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2010-0211",
"datePublished": "2010-07-27T22:00:00.000Z",
"dateReserved": "2010-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:37:54.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…