cvelistv5 - cve-2009-2026

CVE-2009-2026 (GCVE-0-2009-2026)

Vulnerability from cvelistv5 – Published: 2009-08-10 18:00 – Updated: 2024-08-07 05:36

Summary

Stack-based buffer overflow in a token searching function in the dtscore library in Data Transport Services in CA Software Delivery r11.2 C1, C2, C3, and SP4; Unicenter Software Delivery 4.0 C3; CA Advantage Data Transport 3.0 C1; and CA IT Client Manager r12 allows remote attackers to execute arbitrary code via crafted data.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.vupen.com/english/advisories/2009/2195	vdb-entryx_refsource_VUPEN
	http://www.zerodayinitiative.com/advisories/ZDI-09-052/	x_refsource_MISC
	http://secunia.com/advisories/36142	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/505557/100…	mailing-listx_refsource_BUGTRAQ
	http://securitytracker.com/id?1022688	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/35984	vdb-entryx_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://osvdb.org/56834	vdb-entryx_refsource_OSVDB
	https://support.ca.com/irj/portal/anonymous/phpsu…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:36:20.404Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2009-2195",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2195"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-052/"
          },
          {
            "name": "36142",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36142"
          },
          {
            "name": "20090806 CA20090806-01: Security Notice for Data Transport Services",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/505557/100/0/threaded"
          },
          {
            "name": "1022688",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1022688"
          },
          {
            "name": "35984",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/35984"
          },
          {
            "name": "ca-multiple-dtscore-bo(52322)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52322"
          },
          {
            "name": "56834",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/56834"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214090"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-08-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in a token searching function in the dtscore library in Data Transport Services in CA Software Delivery r11.2 C1, C2, C3, and SP4; Unicenter Software Delivery 4.0 C3; CA Advantage Data Transport 3.0 C1; and CA IT Client Manager r12 allows remote attackers to execute arbitrary code via crafted data."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2009-2195",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2195"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-052/"
        },
        {
          "name": "36142",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36142"
        },
        {
          "name": "20090806 CA20090806-01: Security Notice for Data Transport Services",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/505557/100/0/threaded"
        },
        {
          "name": "1022688",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1022688"
        },
        {
          "name": "35984",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/35984"
        },
        {
          "name": "ca-multiple-dtscore-bo(52322)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52322"
        },
        {
          "name": "56834",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/56834"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214090"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-2026",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in a token searching function in the dtscore library in Data Transport Services in CA Software Delivery r11.2 C1, C2, C3, and SP4; Unicenter Software Delivery 4.0 C3; CA Advantage Data Transport 3.0 C1; and CA IT Client Manager r12 allows remote attackers to execute arbitrary code via crafted data."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2009-2195",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/2195"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-052/",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-052/"
            },
            {
              "name": "36142",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36142"
            },
            {
              "name": "20090806 CA20090806-01: Security Notice for Data Transport Services",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/505557/100/0/threaded"
            },
            {
              "name": "1022688",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1022688"
            },
            {
              "name": "35984",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/35984"
            },
            {
              "name": "ca-multiple-dtscore-bo(52322)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52322"
            },
            {
              "name": "56834",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/56834"
            },
            {
              "name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214090",
              "refsource": "CONFIRM",
              "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214090"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-2026",
    "datePublished": "2009-08-10T18:00:00",
    "dateReserved": "2009-06-09T00:00:00",
    "dateUpdated": "2024-08-07T05:36:20.404Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ca:advantage_data_transport:3.0:c1:*:*:*:*:*:*\", \"matchCriteriaId\": \"5E6409A3-4F03-4CED-9A2E-2DE7B5EE624E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ca:it_client_manager:r12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C31688D4-1C99-4764-A913-564E0FEB1E9D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ca:software_delivery:r11:c1:*:*:*:*:*:*\", \"matchCriteriaId\": \"8E14834E-9E56-4036-B89C-E6F0E6775E34\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ca:software_delivery:r11:c2:*:*:*:*:*:*\", \"matchCriteriaId\": \"F59A43E7-02A9-4656-A4C4-FE01DCE5E615\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ca:software_delivery:r11:c3:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3DE142E-A7C8-4280-9677-AE167FA3ACF8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ca:software_delivery:r11:sp4:*:*:*:*:*:*\", \"matchCriteriaId\": \"4FD0F14E-A31D-4A2C-A464-A7DAC1CB2180\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ca:unicenter_software_delivery:4.0:c3:*:*:*:*:*:*\", \"matchCriteriaId\": \"D546AF2C-34D9-4C7A-A2F1-F766D1CAA3E2\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Stack-based buffer overflow in a token searching function in the dtscore library in Data Transport Services in CA Software Delivery r11.2 C1, C2, C3, and SP4; Unicenter Software Delivery 4.0 C3; CA Advantage Data Transport 3.0 C1; and CA IT Client Manager r12 allows remote attackers to execute arbitrary code via crafted data.\"}, {\"lang\": \"es\", \"value\": \"Desbordamiento de b\\u00fafer basado en pila en la funci\\u00f3n de b\\u00fasqueda de \\\"token\\\" (testigo) en la librer\\u00eda dtscore de los servicios Data Transport Services de CA Software Delivery r11.2 C1, C2, C3, y SP4; Unicenter Software Delivery 4.0 C3; CA Advantage Data Transport 3.0 C1; y CA IT Client Manager r12.\"}]",
      "id": "CVE-2009-2026",
      "lastModified": "2024-11-21T01:03:57.453",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2009-08-10T18:30:00.297",
      "references": "[{\"url\": \"http://osvdb.org/56834\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/36142\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1022688\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/505557/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/35984\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2009/2195\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.zerodayinitiative.com/advisories/ZDI-09-052/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/52322\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214090\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://osvdb.org/56834\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/36142\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1022688\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/505557/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/35984\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2009/2195\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.zerodayinitiative.com/advisories/ZDI-09-052/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/52322\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214090\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-2026\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-08-10T18:30:00.297\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Stack-based buffer overflow in a token searching function in the dtscore library in Data Transport Services in CA Software Delivery r11.2 C1, C2, C3, and SP4; Unicenter Software Delivery 4.0 C3; CA Advantage Data Transport 3.0 C1; and CA IT Client Manager r12 allows remote attackers to execute arbitrary code via crafted data.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n de b\u00fasqueda de \\\"token\\\" (testigo) en la librer\u00eda dtscore de los servicios Data Transport Services de CA Software Delivery r11.2 C1, C2, C3, y SP4; Unicenter Software Delivery 4.0 C3; CA Advantage Data Transport 3.0 C1; y CA IT Client Manager r12.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ca:advantage_data_transport:3.0:c1:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E6409A3-4F03-4CED-9A2E-2DE7B5EE624E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ca:it_client_manager:r12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C31688D4-1C99-4764-A913-564E0FEB1E9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ca:software_delivery:r11:c1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E14834E-9E56-4036-B89C-E6F0E6775E34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ca:software_delivery:r11:c2:*:*:*:*:*:*\",\"matchCriteriaId\":\"F59A43E7-02A9-4656-A4C4-FE01DCE5E615\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ca:software_delivery:r11:c3:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3DE142E-A7C8-4280-9677-AE167FA3ACF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ca:software_delivery:r11:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FD0F14E-A31D-4A2C-A464-A7DAC1CB2180\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ca:unicenter_software_delivery:4.0:c3:*:*:*:*:*:*\",\"matchCriteriaId\":\"D546AF2C-34D9-4C7A-A2F1-F766D1CAA3E2\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/56834\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/36142\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1022688\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/505557/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/35984\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/2195\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-09-052/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/52322\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214090\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://osvdb.org/56834\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/36142\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1022688\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/505557/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/35984\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/2195\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-09-052/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/52322\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214090\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GHSA-VCQ5-X5C9-VP58

Vulnerability from github – Published: 2022-05-02 03:31 – Updated: 2025-04-09 04:12

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-2026"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-08-10T18:30:00Z",
    "severity": "HIGH"
  },
  "details": "Stack-based buffer overflow in a token searching function in the dtscore library in Data Transport Services in CA Software Delivery r11.2 C1, C2, C3, and SP4; Unicenter Software Delivery 4.0 C3; CA Advantage Data Transport 3.0 C1; and CA IT Client Manager r12 allows remote attackers to execute arbitrary code via crafted data.",
  "id": "GHSA-vcq5-x5c9-vp58",
  "modified": "2025-04-09T04:12:44Z",
  "published": "2022-05-02T03:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2026"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52322"
    },
    {
      "type": "WEB",
      "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214090"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/56834"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36142"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1022688"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/505557/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/35984"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/2195"
    },
    {
      "type": "WEB",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-052"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2009-AVI-317

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans Data Transport Services permet d'exécuter du code arbitraire à distance.

Description

Une vulnérabilité a été découverte dans la bibliothèque dtscore.dll de Data Transport Services. L'exploitation de cette vulnérabilité permet d'exécuter du code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	CA Software Delivery r11.2 C3 ;
N/A	N/A	Unicenter Software Delivery 4.0 C3 ;
N/A	N/A	CA Software Delivery r11.2 SP4 ;
N/A	N/A	CA IT Client Manager r12.
N/A	N/A	CA Software Delivery r11.2 C2 ;
N/A	N/A	CA Advantage Data Transport 3.0 C1 ;
N/A	N/A	CA Software Delivery r11.2 C1 ;

References

Title

Publication Time

Tags

Bulletin de sécurité CA20090806-1 du 06 août 2009

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "CA Software Delivery r11.2 C3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Unicenter Software Delivery 4.0 C3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA Software Delivery r11.2 SP4 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA IT Client Manager r12.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA Software Delivery r11.2 C2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA Advantage Data Transport 3.0 C1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA Software Delivery r11.2 C1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans la biblioth\u00e8que dtscore.dll de\nData Transport Services. L\u0027exploitation de cette vuln\u00e9rabilit\u00e9 permet\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-2026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2026"
    }
  ],
  "links": [],
  "reference": "CERTA-2009-AVI-317",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-08-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans \u003cspan class=\"textit\"\u003eData Transport\nServices\u003c/span\u003e permet d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans CA Data Transport Services",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 CA20090806-1 du 06 ao\u00fbt 2009",
      "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214090"
    }
  ]
}

CERTA-2009-AVI-317

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans Data Transport Services permet d'exécuter du code arbitraire à distance.

Description

Une vulnérabilité a été découverte dans la bibliothèque dtscore.dll de Data Transport Services. L'exploitation de cette vulnérabilité permet d'exécuter du code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	CA Software Delivery r11.2 C3 ;
N/A	N/A	Unicenter Software Delivery 4.0 C3 ;
N/A	N/A	CA Software Delivery r11.2 SP4 ;
N/A	N/A	CA IT Client Manager r12.
N/A	N/A	CA Software Delivery r11.2 C2 ;
N/A	N/A	CA Advantage Data Transport 3.0 C1 ;
N/A	N/A	CA Software Delivery r11.2 C1 ;

References

Title

Publication Time

Tags

Bulletin de sécurité CA20090806-1 du 06 août 2009

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "CA Software Delivery r11.2 C3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Unicenter Software Delivery 4.0 C3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA Software Delivery r11.2 SP4 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA IT Client Manager r12.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA Software Delivery r11.2 C2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA Advantage Data Transport 3.0 C1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA Software Delivery r11.2 C1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans la biblioth\u00e8que dtscore.dll de\nData Transport Services. L\u0027exploitation de cette vuln\u00e9rabilit\u00e9 permet\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-2026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2026"
    }
  ],
  "links": [],
  "reference": "CERTA-2009-AVI-317",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-08-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans \u003cspan class=\"textit\"\u003eData Transport\nServices\u003c/span\u003e permet d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans CA Data Transport Services",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 CA20090806-1 du 06 ao\u00fbt 2009",
      "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214090"
    }
  ]
}

FKIE_CVE-2009-2026

Vulnerability from fkie_nvd - Published: 2009-08-10 18:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://osvdb.org/56834
cve@mitre.org	http://secunia.com/advisories/36142	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1022688
cve@mitre.org	http://www.securityfocus.com/archive/1/505557/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/35984
cve@mitre.org	http://www.vupen.com/english/advisories/2009/2195	Patch, Vendor Advisory
cve@mitre.org	http://www.zerodayinitiative.com/advisories/ZDI-09-052/
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/52322
cve@mitre.org	https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214090	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/56834
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36142	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1022688
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/505557/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/35984
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/2195	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.zerodayinitiative.com/advisories/ZDI-09-052/
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/52322
af854a3a-2127-422b-91ae-364da2661108	https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214090	Vendor Advisory

Impacted products

Vendor	Product	Version
ca	advantage_data_transport	3.0
ca	it_client_manager	r12
ca	software_delivery	r11
ca	software_delivery	r11
ca	software_delivery	r11
ca	software_delivery	r11
ca	unicenter_software_delivery	4.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ca:advantage_data_transport:3.0:c1:*:*:*:*:*:*",
              "matchCriteriaId": "5E6409A3-4F03-4CED-9A2E-2DE7B5EE624E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:it_client_manager:r12:*:*:*:*:*:*:*",
              "matchCriteriaId": "C31688D4-1C99-4764-A913-564E0FEB1E9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:software_delivery:r11:c1:*:*:*:*:*:*",
              "matchCriteriaId": "8E14834E-9E56-4036-B89C-E6F0E6775E34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:software_delivery:r11:c2:*:*:*:*:*:*",
              "matchCriteriaId": "F59A43E7-02A9-4656-A4C4-FE01DCE5E615",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:software_delivery:r11:c3:*:*:*:*:*:*",
              "matchCriteriaId": "F3DE142E-A7C8-4280-9677-AE167FA3ACF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:software_delivery:r11:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "4FD0F14E-A31D-4A2C-A464-A7DAC1CB2180",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:unicenter_software_delivery:4.0:c3:*:*:*:*:*:*",
              "matchCriteriaId": "D546AF2C-34D9-4C7A-A2F1-F766D1CAA3E2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in a token searching function in the dtscore library in Data Transport Services in CA Software Delivery r11.2 C1, C2, C3, and SP4; Unicenter Software Delivery 4.0 C3; CA Advantage Data Transport 3.0 C1; and CA IT Client Manager r12 allows remote attackers to execute arbitrary code via crafted data."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n de b\u00fasqueda de \"token\" (testigo) en la librer\u00eda dtscore de los servicios Data Transport Services de CA Software Delivery r11.2 C1, C2, C3, y SP4; Unicenter Software Delivery 4.0 C3; CA Advantage Data Transport 3.0 C1; y CA IT Client Manager r12."
    }
  ],
  "id": "CVE-2009-2026",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-08-10T18:30:00.297",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/56834"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36142"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1022688"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/505557/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/35984"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2195"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-052/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52322"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214090"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/56834"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36142"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1022688"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/505557/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/35984"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2195"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-052/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52322"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214090"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2009-2026

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-2026

Aliases

CVE-2009-2026

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-2026",
    "description": "Stack-based buffer overflow in a token searching function in the dtscore library in Data Transport Services in CA Software Delivery r11.2 C1, C2, C3, and SP4; Unicenter Software Delivery 4.0 C3; CA Advantage Data Transport 3.0 C1; and CA IT Client Manager r12 allows remote attackers to execute arbitrary code via crafted data.",
    "id": "GSD-2009-2026"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-2026"
      ],
      "details": "Stack-based buffer overflow in a token searching function in the dtscore library in Data Transport Services in CA Software Delivery r11.2 C1, C2, C3, and SP4; Unicenter Software Delivery 4.0 C3; CA Advantage Data Transport 3.0 C1; and CA IT Client Manager r12 allows remote attackers to execute arbitrary code via crafted data.",
      "id": "GSD-2009-2026",
      "modified": "2023-12-13T01:19:46.869629Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-2026",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Stack-based buffer overflow in a token searching function in the dtscore library in Data Transport Services in CA Software Delivery r11.2 C1, C2, C3, and SP4; Unicenter Software Delivery 4.0 C3; CA Advantage Data Transport 3.0 C1; and CA IT Client Manager r12 allows remote attackers to execute arbitrary code via crafted data."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2009-2195",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/2195"
          },
          {
            "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-052/",
            "refsource": "MISC",
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-052/"
          },
          {
            "name": "36142",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/36142"
          },
          {
            "name": "20090806 CA20090806-01: Security Notice for Data Transport Services",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/505557/100/0/threaded"
          },
          {
            "name": "1022688",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1022688"
          },
          {
            "name": "35984",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/35984"
          },
          {
            "name": "ca-multiple-dtscore-bo(52322)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52322"
          },
          {
            "name": "56834",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/56834"
          },
          {
            "name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214090",
            "refsource": "CONFIRM",
            "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214090"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ca:advantage_data_transport:3.0:c1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:unicenter_software_delivery:4.0:c3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:software_delivery:r11:c1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:software_delivery:r11:c2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:software_delivery:r11:c3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:software_delivery:r11:sp4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:it_client_manager:r12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-2026"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in a token searching function in the dtscore library in Data Transport Services in CA Software Delivery r11.2 C1, C2, C3, and SP4; Unicenter Software Delivery 4.0 C3; CA Advantage Data Transport 3.0 C1; and CA IT Client Manager r12 allows remote attackers to execute arbitrary code via crafted data."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "36142",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/36142"
            },
            {
              "name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214090",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214090"
            },
            {
              "name": "ADV-2009-2195",
              "refsource": "VUPEN",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/2195"
            },
            {
              "name": "35984",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/35984"
            },
            {
              "name": "1022688",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1022688"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-052/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-052/"
            },
            {
              "name": "56834",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/56834"
            },
            {
              "name": "ca-multiple-dtscore-bo(52322)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52322"
            },
            {
              "name": "20090806 CA20090806-01: Security Notice for Data Transport Services",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/505557/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-10T19:39Z",
      "publishedDate": "2009-08-10T18:30Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-2026 (GCVE-0-2009-2026)

GHSA-VCQ5-X5C9-VP58

CERTA-2009-AVI-317

Description

Solution

CERTA-2009-AVI-317

Description

Solution

FKIE_CVE-2009-2026

GSD-2009-2026

Tags

Sightings

Nomenclature