CVE List 2009

Product
Score
Severity
Status
CVE
               
CVE Score Severity Package Description Published
CVE-2009-5147
7.3 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 In progress
Serious ruby DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names. March 29, 2017, 09:03 am
CVE-2009-5064
6.9 MV Product/Version
affected:
CGE 6.0 Resolved
Medium glibc ** DISPUTED ** ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks. NOTE: the GNU C Library vendor states This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc. March 30, 2011, 17:03 pm
CVE-2009-5029
6.8 MV Product/Version
affected:
MVL6 Toolchain 4.4 Resolved
CGE 6.0 Resolved
Consumer Mobilinux 5.0 Resolved
MVL6 Toolchain 2010.09 Resolved
Medium glibc Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file, as demonstrated using vsftpd. May 2, 2013, 09:05 am
CVE-2009-5022
6.8 MV Product/Version
affected:
CGE 6.0 Resolved
Medium tiff Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibTIFF before 3.9.5 allows remote attackers to execute arbitrary code via a crafted TIFF file. May 3, 2011, 15:05 pm
CVE-2009-5016
6.8 MV Product/Version
affected:
CGE 7.0 Resolved
Normal php Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in PHP before 5.2.11 makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string that uses overlong UTF-8 encoding, a different vulnerability than CVE-2010-3870. November 12, 2010, 16:11 pm
CVE-2009-4895
4.7 MV Product/Version
affected:
MVL5 Kernel 2.6.24 Resolved
MVL5 Kernel 2.6.24 Resolved
Professional PRO 5.0.24 Resolved
Consumer Mobilinux 5.0.24 Resolved
MVL5 Kernel 2.6.29 Resolved
CGE 6.0 Resolved
Medium kernel Race condition in the tty_fasync function in drivers/char/tty_io.c in the Linux kernel before 2.6.32.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via unknown vectors, related to the put_tty_queue and __f_setown functions. NOTE: the vulnerability was addressed in a different way in 2.6.32.9. September 8, 2010, 15:09 pm
CVE-2009-4881
5.0 MV Product/Version
affected:
MVL6 Toolchain 4.3 Resolved
Medium glibc Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in the strfmon implementation in the GNU C Library (aka glibc or libc6) before 2.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted format string, as demonstrated by the %99999999999999999999n string, a related issue to CVE-2008-1391. June 1, 2010, 15:06 pm
CVE-2009-4880
5.0 MV Product/Version
affected:
MVL6 Toolchain 4.3 Resolved
Medium glibc Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent attackers to cause a denial of service (memory consumption or application crash) via a crafted format string, as demonstrated by a crafted first argument to the money_format function in PHP, a related issue to CVE-2008-1391. June 1, 2010, 15:06 pm
CVE-2009-4810
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Serious samhain The Secure Remote Password (SRP) implementation in Samhain before 2.5.4 does not check for a certain zero value where required by the protocol, which allows remote attackers to bypass authentication via crafted input. April 23, 2010, 09:04 am
CVE-2009-4537
7.8 MV Product/Version
affected:
High e1000 drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389. January 12, 2010, 11:01 am
CVE-2009-4410
4.9 MV Product/Version
affected:
MVL6 Kernel 2.6.29 Resolved
Medium kernel The fuse_ioctl_copy_user function in the ioctl handler in fs/fuse/file.c in the Linux kernel 2.6.29-rc1 through 2.6.30.y uses the wrong variable in an argument to the kunmap function, which allows local users to cause a denial of service (panic) via unknown vectors. December 24, 2009, 10:12 am
CVE-2009-4355
5.0 MV Product/Version
affected:
CGE 6.0 Resolved
Medium openssl Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678. January 14, 2010, 13:01 pm
CVE-2009-4308
7.1 MV Product/Version
affected:
MVL5 Kernel 2.6.24 Resolved
Consumer Mobilinux 5.0.24 Resolved
Professional PRO 5.0.24 Resolved
MVL5 Kernel 2.6.24 Resolved
MVL5 Kernel 2.6.29 Resolved
High kernel The ext4_decode_error function in fs/ext4/super.c in the ext4 filesystem in the Linux kernel before 2.6.32 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference), and possibly have unspecified other impact, via a crafted read-only filesystem that lacks a journal. December 12, 2009, 19:12 pm
CVE-2009-4307
7.1 MV Product/Version
affected:
MVL6 Kernel 2.6.27 Resolved
MVL5 Kernel 2.6.29 Resolved
Professional PRO 5.0.24 Resolved
Consumer Mobilinux 5.0.24 Resolved
MVL5 Kernel 2.6.24 Resolved
MVL5 Kernel 2.6.24 Resolved
High kernel The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 2.6.32-git6 allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value). December 12, 2009, 19:12 pm
CVE-2009-4272
7.8 MV Product/Version
affected:
MVL6 Kernel 2.6.27 Resolved
High kernel A certain Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (deadlock) via crafted packets that force collisions in the IPv4 routing hash table, and trigger a routing emergency in which a hash chain is too long. NOTE: this is related to an issue in the Linux kernel before 2.6.31, when the kernel routing cache is disabled, involving an uninitialized pointer and a panic. January 27, 2010, 11:01 am
CVE-2009-4271
4.7 MV Product/Version
affected:
Medium kernel The Linux kernel 2.6.9 through 2.6.17 on the x86_64 and amd64 platforms allows local users to cause a denial of service (panic) via a 32-bit application that calls mprotect on its Virtual Dynamic Shared Object (VDSO) page and then triggers a segmentation fault. March 19, 2010, 14:03 pm
CVE-2009-4141
7.2 MV Product/Version
affected:
CGE 4.0 Resolved
MVL5 Kernel 2.6.29 Resolved
MVL6 Kernel 2.6.28 Resolved
MVL5 Kernel 2.6.29 Resolved
High kernel Use-after-free vulnerability in the fasync_helper function in fs/fcntl.c in the Linux kernel before 2.6.33-rc4-git1 allows local users to gain privileges via vectors that include enabling O_ASYNC (aka FASYNC or FIOASYNC) on a locked file, and then closing this file. January 19, 2010, 10:01 am
CVE-2009-4138
4.7 MV Product/Version
affected:
MVL5 Kernel 2.6.29 Resolved
MVL5 Kernel 2.6.24 Resolved
MVL5 Kernel 2.6.24 Resolved
Professional PRO 5.0.24 Resolved
Consumer Mobilinux 5.0.24 Resolved
Medium kernel drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field. December 16, 2009, 13:12 pm
CVE-2009-4135
4.4 MV Product/Version
affected:
Medium coreutils The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp. December 11, 2009, 10:12 am
CVE-2009-4134
5.0 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Professional PRO 5.0 Resolved
Professional PRO 5.0 Resolved
Consumer Mobilinux 5.0 Resolved
CGE 5.1 Resolved
Medium python Buffer underflow in the rgbimg module in Python 2.5 allows remote attackers to cause a denial of service (application crash) via a large ZSIZE value in a black-and-white (aka B/W) RGB image that triggers an invalid pointer dereference. May 27, 2010, 14:05 pm
CVE-2009-4131
7.2 MV Product/Version
affected:
MVL5 Kernel 2.6.29 Resolved
MVL5 Kernel 2.6.24 Resolved
Consumer Mobilinux 5.0.24 Resolved
Professional PRO 5.0.24 Resolved
MVL5 Kernel 2.6.24 Resolved
MVL6 Kernel 2.6.30 Resolved
High kernel The EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ext4 filesystem in the Linux kernel before 2.6.32-git6 allows local users to overwrite arbitrary files via a crafted request, related to insufficient checks for file permissions. December 12, 2009, 19:12 pm
CVE-2009-4124
10.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Critical ruby Heap-based buffer overflow in the rb_str_justify function in string.c in Ruby 1.9.1 before 1.9.1-p376 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving (1) String#ljust, (2) String#center, or (3) String#rjust. NOTE: some of these details are obtained from third party information. December 11, 2009, 10:12 am
CVE-2009-4029
4.4 MV Product/Version
affected:
Medium automake The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete. December 19, 2009, 20:12 pm
CVE-2009-4027
7.1 MV Product/Version
affected:
MVL6 Kernel 2.6.30 Resolved
MVL6 Kernel 2.6.24 Resolved
MVL5 Kernel 2.6.29 Resolved
High kernel Race condition in the mac80211 subsystem in the Linux kernel before 2.6.32-rc8-next-20091201 allows remote attackers to cause a denial of service (system crash) via a Delete Block ACK (aka DELBA) packet that triggers a certain state change in the absence of an aggregation session. December 2, 2009, 10:12 am
CVE-2009-4026
7.8 MV Product/Version
affected:
MVL5 Kernel 2.6.29 Resolved
MVL6 Kernel 2.6.24 Resolved
MVL6 Kernel 2.6.30 Resolved
High kernel The mac80211 subsystem in the Linux kernel before 2.6.32-rc8-next-20091201 allows remote attackers to cause a denial of service (panic) via a crafted Delete Block ACK (aka DELBA) packet, related to an erroneous code shuffling patch. December 2, 2009, 10:12 am
CVE-2009-4022
2.6 MV Product/Version
affected:
CGE 6.0 Resolved
CGE 6.0 Resolved
CGE 6.0 Resolved
CGE 6.0 Resolved
Low bind Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed at the same time as requesting DNSSEC records (DO), aka Bug 20438. November 25, 2009, 10:11 am
CVE-2009-4021
4.9 MV Product/Version
affected:
Medium kernel The fuse_direct_io function in fs/fuse/file.c in the fuse subsystem in the Linux kernel before 2.6.32-rc7 might allow attackers to cause a denial of service (invalid pointer dereference and OOPS) via vectors possibly related to a memory-consumption attack. November 25, 2009, 10:11 am
CVE-2009-4020
7.8 MV Product/Version
affected:
Professional PRO 5.0.24 Resolved
Consumer Mobilinux 5.0.24 Resolved
MVL6 Kernel 2.6.27 Resolved
Professional PRO 5.0 Resolved
Professional PRO 5.0 Resolved
High kernel Stack-based buffer overflow in the hfs subsystem in the Linux kernel 2.6.32 allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c. December 4, 2009, 15:12 pm
CVE-2009-4017
5.0 MV Product/Version
affected:
Medium php PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive. November 23, 2009, 18:11 pm
CVE-2009-4005
7.2 MV Product/Version
affected:
MVL5 Kernel 2.6.29 Resolved
MVL5 Kernel 2.6.24 Resolved
MVL5 Kernel 2.6.24 Resolved
Professional PRO 5.0.24 Resolved
Consumer Mobilinux 5.0.24 Resolved
MVL6 Kernel 2.6.24 Resolved
Professional PRO 5.0 Resolved
Professional PRO 5.0 Resolved
High kernel The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. November 19, 2009, 20:11 pm
CVE-2009-3939
6.6 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Professional PRO 5.0 Resolved
Professional PRO 5.0.24 Resolved
Consumer Mobilinux 5.0.24 Resolved
MVL5 Kernel 2.6.24 Resolved
MVL5 Kernel 2.6.24 Resolved
MVL6 Kernel 2.6.24 Resolved
Medium kernel The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file. November 16, 2009, 13:11 pm
CVE-2009-3918
4.0 MV Product/Version
affected:
zoomify Cross-site scripting (XSS) vulnerability in the Zoomify module 5.x before 5.x-2.2 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the node title. November 9, 2009, 11:11 am
CVE-2009-3889
6.6 MV Product/Version
affected:
MVL6 Kernel 2.6.24 Resolved
MVL5 Kernel 2.6.24 Resolved
Professional PRO 5.0.24 Resolved
MVL5 Kernel 2.6.24 Resolved
Consumer Mobilinux 5.0.24 Resolved
Professional PRO 5.0 Resolved
Professional PRO 5.0 Resolved
Medium kernel The dbg_lvl file for the megaraid_sas driver in the Linux kernel before 2.6.27 has world-writable permissions, which allows local users to change the (1) behavior and (2) logging level of the driver by modifying this file. November 16, 2009, 13:11 pm
CVE-2009-3888
4.9 MV Product/Version
affected:
MVL6 Kernel 2.6.29 Resolved
Medium kernel The do_mmap_pgoff function in mm/nommu.c in the Linux kernel before 2.6.31.6, when the CPU lacks a memory management unit, allows local users to cause a denial of service (OOPS) via an application that attempts to allocate a large amount of memory. November 16, 2009, 13:11 pm
CVE-2009-3767
6.8 MV Product/Version
affected:
CGE 6.0 Resolved
CGE 6.0 Resolved
Medium openldap libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a character in a domain name in the subjects Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. October 23, 2009, 14:10 pm
CVE-2009-3736
6.9 MV Product/Version
affected:
Medium libtool ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file. November 29, 2009, 07:11 am
CVE-2009-3726
7.8 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Consumer Mobilinux 5.0.24 Resolved
Professional PRO 5.0.24 Resolved
Professional PRO 5.0 Resolved
MVL5 Kernel 2.6.24 Resolved
MVL5 Kernel 2.6.24 Resolved
MVL5 Kernel 2.6.29 Resolved
High kernel The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel before 2.6.31-rc4 allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect file attributes, which trigger attempted use of an open file that lacks NFSv4 state. November 9, 2009, 13:11 pm
CVE-2009-3725
7.2 MV Product/Version
affected:
MVL5 Kernel 2.6.29 Resolved
MVL5 Kernel 2.6.24 Resolved
MVL5 Kernel 2.6.24 Resolved
Professional PRO 5.0.24 Resolved
Consumer Mobilinux 5.0.24 Resolved
High kernel The connector layer in the Linux kernel before 2.6.31.5 does not require the CAP_SYS_ADMIN capability for certain interaction with the (1) uvesafb, (2) pohmelfs, (3) dst, or (4) dm subsystem, which allows local users to bypass intended access restrictions and gain privileges via calls to functions in these subsystems. November 6, 2009, 09:11 am
CVE-2009-3720
5.0 MV Product/Version
affected:
CGE 6.0 Resolved
Medium expat The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625. November 3, 2009, 10:11 am
CVE-2009-3639
5.8 MV Product/Version
affected:
CGE 5.1 Resolved
Medium proftpd The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a character in a domain name in the Subject Alternative Name field of an X.509 client certificate, which allows remote attackers to bypass intended client-hostname restrictions via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. October 28, 2009, 09:10 am
CVE-2009-3626
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
Medium perl Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large, invalid codepoint, which is not properly handled during a regular-expression match. October 29, 2009, 09:10 am
CVE-2009-3624
4.6 MV Product/Version
affected:
MVL6 Kernel 2.6.29 Resolved
MVL5 Kernel 2.6.29 Resolved
Medium kernel The get_instantiation_keyring function in security/keys/keyctl.c in the KEYS subsystem in the Linux kernel before 2.6.32-rc5 does not properly maintain the reference count of a keyring, which allows local users to gain privileges or cause a denial of service (OOPS) via vectors involving calls to this function without specifying a keyring by ID, as demonstrated by a series of keyctl request2 and keyctl list commands. November 2, 2009, 09:11 am
CVE-2009-3623
7.8 MV Product/Version
affected:
High kernel The lookup_cb_cred function in fs/nfsd/nfs4callback.c in the nfsd4 subsystem in the Linux kernel before 2.6.31.2 attempts to access a credentials cache even when a client specifies the AUTH_NULL authentication flavor, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an NFSv4 mount request. October 30, 2009, 15:10 pm
CVE-2009-3621
4.9 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Professional PRO 5.0 Resolved
MVL5 Kernel 2.6.29 Resolved
Consumer Mobilinux 5.0.24 Resolved
Professional PRO 5.0.24 Resolved
Medium kernel net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket. October 22, 2009, 11:10 am
CVE-2009-3620
4.9 MV Product/Version
affected:
MVL5 Kernel 2.6.29 Resolved
MVL5 Kernel 2.6.24 Resolved
Professional PRO 5.0 Resolved
Consumer Mobilinux 5.0.24 Resolved
Professional PRO 5.0 Resolved
Professional PRO 5.0.24 Resolved
MVL5 Kernel 2.6.24 Resolved
Medium kernel The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls. October 22, 2009, 11:10 am
CVE-2009-3613
7.8 MV Product/Version
affected:
MVL5 Kernel 2.6.24 Resolved
MVL6 Kernel 2.6.24 In progress
Consumer Mobilinux 5.0.24 Resolved
Professional PRO 5.0.24 Resolved
MVL5 Kernel 2.6.24 Resolved
High kernel The swiotlb functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel before 2.6.27.22 allows remote attackers to cause a denial of service (IOMMU space exhaustion and system crash) by using jumbo frames for a large amount of network traffic, as demonstrated by a flood ping. October 19, 2009, 15:10 pm
CVE-2009-3612
4.9 MV Product/Version
affected:
Professional PRO 5.0 Resolved
MVL5 Kernel 2.6.29 Resolved
Professional PRO 5.0.24 Resolved
Professional PRO 5.0 Resolved
Consumer Mobilinux 5.0.24 Resolved
MVL5 Kernel 2.6.24 Resolved
MVL5 Kernel 2.6.24 Resolved
Medium kernel The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881. October 19, 2009, 15:10 pm
CVE-2009-3563
6.4 MV Product/Version
affected:
CGE 6.0 Resolved
CGE 3.1 Resolved
CGE 7.0 Resolved
CGE 6.0 Resolved
Medium ntp ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons. December 9, 2009, 12:12 pm
CVE-2009-3560
5.0 MV Product/Version
affected:
CGE 6.0 Resolved
Medium expat The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720. December 4, 2009, 15:12 pm
CVE-2009-3559
7.5 MV Product/Version
affected:
High php ** DISPUTED ** main/streams/plain_wrapper.c in PHP 5.3.x before 5.3.1 does not recognize the safe_mode_include_dir directive, which allows context-dependent attackers to have an unknown impact by triggering the failure of PHP scripts that perform include or require operations, as demonstrated by a script that attempts to perform a require_once on a file in a standard library directory. NOTE: a reliable third party reports that this is not a vulnerability, because it results in a more restrictive security policy. November 23, 2009, 11:11 am
CVE-2009-3558
6.8 MV Product/Version
affected:
Medium php The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file. November 23, 2009, 11:11 am
CVE-2009-3557
5.0 MV Product/Version
affected:
Medium php The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safe_mode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments. November 23, 2009, 11:11 am
CVE-2009-3555
5.8 MV Product/Version
affected:
CGE 6.0 Resolved
Medium appache The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a plaintext injection attack, aka the Project Mogul issue. November 9, 2009, 11:11 am
CVE-2009-3553
5.0 MV Product/Version
affected:
Medium cups Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. November 19, 2009, 20:11 pm
CVE-2009-3547
6.9 MV Product/Version
affected:
Medium kernel Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname. November 4, 2009, 09:11 am
CVE-2009-3490
6.8 MV Product/Version
affected:
CGE 6.0 Resolved
CGE 6.0 Resolved
Medium wget GNU Wget before 1.12 does not properly handle a character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. September 30, 2009, 10:09 am
CVE-2009-3297
0 MV Product/Version
affected:
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-0787, CVE-2010-0788, CVE-2010-0789. Reason: this candidate was intended for one issue in Samba, but it was used for multiple distinct issues, including one in FUSE and one in ncpfs. Notes: All CVE users should consult CVE-2010-0787 (Samba), CVE-2010-0788 (ncpfs), and CVE-2010-0789 (FUSE) to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage. March 2, 2010, 12:03 pm
CVE-2009-3280
7.8 MV Product/Version
affected:
High kernel Integer signedness error in the find_ie function in net/wireless/scan.c in the cfg80211 subsystem in the Linux kernel before 2.6.31.1-rc1 allows remote attackers to cause a denial of service (soft lockup) via malformed packets. September 21, 2009, 14:09 pm
CVE-2009-3245
10.0 MV Product/Version
affected:
CGE 6.0 Resolved
High openssl OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors. March 5, 2010, 13:03 pm
CVE-2009-3238
7.8 MV Product/Version
affected:
Professional PRO 5.0 Resolved
MVL5 Kernel 2.6.29 Resolved
Professional PRO 5.0.24 Resolved
Consumer Mobilinux 5.0.24 Resolved
Professional PRO 5.0 Resolved
MVL5 Kernel 2.6.24 Resolved
MVL5 Kernel 2.6.24 Resolved
High kernel The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the functions tendency to return the same value over and over again for long stretches of time. September 18, 2009, 05:09 am
CVE-2009-3230
6.5 MV Product/Version
affected:
Medium postgresql The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600. September 17, 2009, 05:09 am
CVE-2009-3228
4.9 MV Product/Version
affected:
Professional PRO 5.0.24 Resolved
Professional PRO 5.0 Resolved
Professional PRO 5.0 Resolved
MVL5 Kernel 2.6.29 Resolved
MVL5 Kernel 2.6.24 Resolved
Consumer Mobilinux 5.0.24 Resolved
MVL5 Kernel 2.6.24 Resolved
Medium kernel The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. October 19, 2009, 15:10 pm
CVE-2009-3095
7.5 MV Product/Version
affected:
High appache The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. September 8, 2009, 13:09 pm
CVE-2009-3094
2.6 MV Product/Version
affected:
Low appache The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command. September 8, 2009, 13:09 pm
CVE-2009-3080
7.2 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Consumer Mobilinux 5.0.24 Resolved
MVL5 Kernel 2.6.24 Resolved
MVL5 Kernel 2.6.24 Resolved
Professional PRO 5.0.24 Resolved
Professional PRO 5.0 Resolved
MVL5 Kernel 2.6.29 Resolved
High kernel Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. November 20, 2009, 11:11 am
CVE-2009-3043
4.9 MV Product/Version
affected:
Medium kernel The tty_ldisc_hangup function in drivers/char/tty_ldisc.c in the Linux kernel 2.6.31-rc before 2.6.31-rc8 allows local users to cause a denial of service (system crash, sometimes preceded by a NULL pointer dereference) or possibly gain privileges via certain pseudo-terminal I/O activity, as demonstrated by KernelTtyTest.c. September 2, 2009, 12:09 pm
CVE-2009-3002
4.9 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Medium kernel The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to the atalk_getname function in net/appletalk/ddp.c; (2) an AF_IRDA socket, related to the irda_getname function in net/irda/af_irda.c; (3) an AF_ECONET socket, related to the econet_getname function in net/econet/af_econet.c; (4) an AF_NETROM socket, related to the nr_getname function in net/netrom/af_netrom.c; (5) an AF_ROSE socket, related to the rose_getname function in net/rose/af_rose.c; or (6) a raw CAN socket, related to the raw_getname function in net/can/raw.c. August 28, 2009, 10:08 am
CVE-2009-3001
4.9 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Medium kernel The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel 2.6.31-rc7 and earlier does not initialize a certain data structure, which allows local users to read the contents of some kernel memory locations by calling getsockname on an AF_LLC socket. August 28, 2009, 10:08 am
CVE-2009-2910
4.9 MV Product/Version
affected:
Professional PRO 5.0.24 Resolved
Professional PRO 5.0 Resolved
Medium kernel arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 process to 64-bit mode. October 20, 2009, 12:10 pm
CVE-2009-2909
4.9 MV Product/Version
affected:
MVL5 Kernel 2.6.24 Resolved
MVL5 Kernel 2.6.24 Resolved
MVL5 Kernel 2.6.29 Resolved
Professional PRO 5.0 Resolved
Consumer Mobilinux 5.0.24 Resolved
Professional PRO 5.0.24 Resolved
Medium kernel Integer signedness error in the ax25_setsockopt function in net/ax25/af_ax25.c in the ax25 subsystem in the Linux kernel before 2.6.31.2 allows local users to cause a denial of service (OOPS) via a crafted optlen value in an SO_BINDTODEVICE operation. October 20, 2009, 12:10 pm
CVE-2009-2908
4.9 MV Product/Version
affected:
Medium kernel The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux kernel 2.6.31 allows local users to cause a denial of service (kernel OOPS) and possibly execute arbitrary code via unspecified vectors that cause a negative dentry and trigger a NULL pointer dereference, as demonstrated via a Mutt temporary directory in an eCryptfs mount. October 13, 2009, 05:10 am
CVE-2009-2906
4.0 MV Product/Version
affected:
Medium samba smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet. October 7, 2009, 13:10 pm
CVE-2009-2903
7.1 MV Product/Version
affected:
MVL5 Kernel 2.6.24 Resolved
Professional PRO 5.0.24 Resolved
MVL5 Kernel 2.6.29 Resolved
MVL5 Kernel 2.6.24 Resolved
Professional PRO 5.0 Resolved
Consumer Mobilinux 5.0.24 Resolved
Professional PRO 5.0 Resolved
High kernel Memory leak in the appletalk subsystem in the Linux kernel 2.4.x through 2.4.37.6 and 2.6.x through 2.6.31, when the appletalk and ipddp modules are loaded but the ipddpN device is not found, allows remote attackers to cause a denial of service (memory consumption) via IP-DDP datagrams. September 15, 2009, 17:09 pm
CVE-2009-2849
4.7 MV Product/Version
affected:
MVL5 Kernel 2.6.29 Resolved
MVL5 Kernel 2.6.24 Resolved
Professional PRO 5.0.24 Resolved
Consumer Mobilinux 5.0.24 Resolved
MVL5 Kernel 2.6.24 Resolved
Professional PRO 5.0 Resolved
Professional PRO 5.0 Resolved
Medium kernel The md driver (drivers/md/md.c) in the Linux kernel before 2.6.30.2 might allow local users to cause a denial of service (NULL pointer dereference) via vectors related to suspend_* sysfs attributes and the (1) suspend_lo_store or (2) suspend_hi_store functions. NOTE: this is only a vulnerability when sysfs is writable by an attacker. August 18, 2009, 16:08 pm
CVE-2009-2848
4.7 MV Product/Version
affected:
Medium kernel The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit. August 18, 2009, 16:08 pm
CVE-2009-2847
4.9 MV Product/Version
affected:
Consumer Mobilinux 5.0.24 Resolved
Professional PRO 5.0 Resolved
MVL5 Kernel 2.6.29 Resolved
Professional PRO 5.0.24 Resolved
MVL5 Kernel 2.6.24 Resolved
MVL5 Kernel 2.6.24 Resolved
Professional PRO 5.0 Resolved
Medium kernel The do_sigaltstack function in kernel/signal.c in Linux kernel 2.4 through 2.4.37 and 2.6 before 2.6.31-rc5, when running on 64-bit systems, does not clear certain padding bytes from a structure, which allows local users to obtain sensitive information from the kernel stack via the sigaltstack function. August 18, 2009, 16:08 pm
CVE-2009-2844
7.8 MV Product/Version
affected:
MVL6 Kernel 2.6.30 Resolved
High kernel cfg80211 in net/wireless/scan.c in the Linux kernel 2.6.30-rc1 and other versions before 2.6.31-rc6 allows remote attackers to cause a denial of service (crash) via a sequence of beacon frames in which one frame omits an SSID Information Element (IE) and the subsequent frame contains an SSID IE, which triggers a NULL pointer dereference in the cmp_ies function. NOTE: a potential weakness in the is_mesh function was also addressed, but the relevant condition did not exist in the code, so it is not a vulnerability. August 18, 2009, 16:08 pm
CVE-2009-2820
4.3 MV Product/Version
affected:
Medium mac_os_x The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the products web interface, (b) the configuration of the print system, and (c) the titles of printed jobs, as demonstrated by an XSS attack that uses the kerberos parameter to the admin program, and leverages attribute injection and HTTP Parameter Pollution (HPP) issues. November 10, 2009, 13:11 pm
CVE-2009-2813
6.0 MV Product/Version
affected:
Medium samba Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories. September 14, 2009, 11:09 am
CVE-2009-2768
7.2 MV Product/Version
affected:
High kernel The load_flat_shared_library function in fs/binfmt_flat.c in the flat subsystem in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by executing a shared flat binary, which triggers an access of an uninitialized cred pointer. August 14, 2009, 10:08 am
CVE-2009-2767
7.2 MV Product/Version
affected:
MVL5 Kernel 2.6.29 Resolved
High kernel The init_posix_timers function in kernel/posix-timers.c in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (OOPS) or possibly gain privileges via a CLOCK_MONOTONIC_RAW clock_nanosleep call that triggers a NULL pointer dereference. August 14, 2009, 10:08 am
CVE-2009-2730
7.5 MV Product/Version
affected:
CGE 6.0 Resolved
CGE 6.0 Resolved
High gnutls libgnutls in GnuTLS before 2.8.2 does not properly handle a character in a domain name in the subjects (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. August 12, 2009, 05:08 am
CVE-2009-2698
7.2 MV Product/Version
affected:
Professional PRO 5.0 Resolved
High kernel The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket. August 27, 2009, 12:08 pm
CVE-2009-2695
7.2 MV Product/Version
affected:
CGE 6.0 Resolved
High kernel The Linux kernel before 2.6.31-rc7 does not properly prevent mmap operations that target page zero and other low memory addresses, which allows local users to gain privileges by exploiting NULL pointer dereference vulnerabilities, related to (1) the default configuration of the allow_unconfined_mmap_low boolean in SELinux on Red Hat Enterprise Linux (RHEL) 5, (2) an error that causes allow_unconfined_mmap_low to be ignored in the unconfined_t domain, (3) lack of a requirement for the CAP_SYS_RAWIO capability for these mmap operations, and (4) interaction between the mmap_min_addr protection mechanism and certain application programs. August 28, 2009, 10:08 am
CVE-2009-2692
7.2 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Consumer Mobilinux 5.0.24 Resolved
Professional PRO 5.0 Resolved
MVL5 Kernel 2.6.29 Resolved
MVL5 Kernel 2.6.24 Resolved
MVL5 Kernel 2.6.24 Resolved
MVL5 Kernel 2.6.27 Resolved
Professional PRO 5.0.24 Resolved
High kernel The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket. August 14, 2009, 10:08 am
CVE-2009-2691
2.1 MV Product/Version
affected:
MVL6 Kernel 2.6.29 Resolved
Low kernel The mm_for_maps function in fs/proc/base.c in the Linux kernel 2.6.30.4 and earlier allows local users to read (1) maps and (2) smaps files under proc/ via vectors related to ELF loading, a setuid process, and a race condition. August 14, 2009, 10:08 am
CVE-2009-2625
5.0 MV Product/Version
affected:
Medium jdk XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework. August 6, 2009, 10:08 am
CVE-2009-2417
7.5 MV Product/Version
affected:
High libcurl lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a character in a domain name in the subjects Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. August 14, 2009, 10:08 am
CVE-2009-2416
4.3 MV Product/Version
affected:
Professional PRO 5.0.24 Resolved
Medium libxml Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. August 11, 2009, 13:08 pm
CVE-2009-2414
4.3 MV Product/Version
affected:
Professional PRO 5.0.24 Resolved
Medium libxml Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework. August 11, 2009, 13:08 pm
CVE-2009-2412
10.0 MV Product/Version
affected:
High apr-util Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information. August 6, 2009, 10:08 am
CVE-2009-2409
5.1 MV Product/Version
affected:
CGE 6.0 Resolved
Medium gnutls The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large. July 30, 2009, 14:07 pm
CVE-2009-2408
6.8 MV Product/Version
affected:
CGE 5.1 Resolved
CGX 2.0 Resolved
CGE 6.0 Resolved
CGE 6.0 Resolved
CGX 1.8 Resolved
CGE 6.0 Resolved
CGE 7.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
Medium firefox Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a character in a domain name in the subjects Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5. July 30, 2009, 14:07 pm
CVE-2009-2407
6.9 MV Product/Version
affected:
MVL5 Kernel 2.6.24 Resolved
Professional PRO 5.0.24 Resolved
MVL5 Kernel 2.6.29 Resolved
MVL5 Kernel 2.6.24 Resolved
Consumer Mobilinux 5.0.24 Resolved
Medium kernel Heap-based buffer overflow in the parse_tag_3_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to a large encrypted key size in a Tag 3 packet. July 31, 2009, 14:07 pm
CVE-2009-2406
6.9 MV Product/Version
affected:
MVL5 Kernel 2.6.24 Resolved
MVL5 Kernel 2.6.24 Resolved
Consumer Mobilinux 5.0.24 Resolved
MVL5 Kernel 2.6.29 Resolved
Professional PRO 5.0.24 Resolved
Medium kernel Stack-based buffer overflow in the parse_tag_11_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to not ensuring that the key signature length in a Tag 11 packet is compatible with the key signature buffer size. July 31, 2009, 14:07 pm
CVE-2009-2347
9.3 MV Product/Version
affected:
High tiff Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr. July 14, 2009, 15:07 pm
CVE-2009-2185
5.0 MV Product/Version
affected:
CGE 5.1 Resolved
Medium openswan The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial of service (pluto IKE daemon crash) via an X.509 certificate with (1) crafted Relative Distinguished Names (RDNs), (2) a crafted UTCTIME string, or (3) a crafted GENERALIZEDTIME string. June 24, 2009, 21:06 pm
CVE-2009-2042
4.3 MV Product/Version
affected:
CGE 6.0 Resolved
Medium libpng libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via out-of-bounds pixels in the file. June 12, 2009, 15:06 pm
CVE-2009-1961
1.9 MV Product/Version
affected:
Consumer Mobilinux 5.0.24 Resolved
Professional PRO 5.0 Resolved
Professional PRO 5.0.24 Resolved
Professional PRO 5.0 Resolved
Low kernel The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before 2.6.29.4, and possibly other versions down to 2.6.19 allows local users to cause a denial of service (prevention of file creation and removal) via a series of splice system calls that trigger a deadlock between the generic_file_splice_write, splice_from_pipe, and ocfs2_file_splice_write functions. June 7, 2009, 20:06 pm
CVE-2009-1897
6.9 MV Product/Version
affected:
MVL6 Kernel 2.6.27 Resolved
Medium kernel The tun_chr_poll function in drivers/net/tun.c in the tun subsystem in the Linux kernel 2.6.30 and 2.6.30.1, when the -fno-delete-null-pointer-checks gcc option is omitted, allows local users to gain privileges via vectors involving a NULL pointer dereference and an mmap of /dev/net/tun, a different vulnerability than CVE-2009-1894. July 20, 2009, 12:07 pm
CVE-2009-1895
7.2 MV Product/Version
affected:
Professional PRO 5.0.24 Resolved
MVL5 Kernel 2.6.29 Resolved
Professional PRO 5.0 Resolved
MVL5 Kernel 2.6.24 Resolved
MVL5 Kernel 2.6.27 Resolved
MVL5 Kernel 2.6.27 Resolved
MVL5 Kernel 2.6.27 Resolved
MVL5 Kernel 2.6.24 Resolved
MVL5 Kernel 2.6.24 Resolved
Professional PRO 5.0.24 Resolved
MVL5 Kernel 2.6.29 Resolved
MVL6 Kernel 2.6.24 Resolved
Consumer Mobilinux 5.0.24 Resolved
MVL5 Kernel 2.6.24 Resolved
Professional PRO 5.0 Resolved
MVL6 Kernel 2.6.27 Resolved
MVL5 Kernel 2.6.27 Resolved
High kernel The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PER_CLEAR_ON_SETID setting that does not clear the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to (1) conduct NULL pointer dereference attacks, (2) bypass the mmap_min_addr protection mechanism, or (3) defeat address space layout randomization (ASLR). July 16, 2009, 10:07 am
CVE-2009-1894
7.2 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious pulseaudio Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and then calling execv on the target of the /proc/self/exe symlink. July 17, 2009, 11:07 am
CVE-2009-1891
7.1 MV Product/Version
affected:
High appache The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption). July 10, 2009, 10:07 am
CVE-2009-1890
7.1 MV Product/Version
affected:
High appache The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests. July 5, 2009, 11:07 am
CVE-2009-1888
5.8 MV Product/Version
affected:
Medium samba The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory. June 24, 2009, 20:06 pm
CVE-2009-1886
9.3 MV Product/Version
affected:
High samba Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename. June 24, 2009, 20:06 pm
CVE-2009-1885
4.3 MV Product/Version
affected:
Medium xerces-c++ Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in simply nested DTD structures, as demonstrated by the Codenomicon XML fuzzing framework. August 11, 2009, 13:08 pm
CVE-2009-1791
9.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Critical libsndfile Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an AIFF file with an invalid header value. May 26, 2009, 12:05 pm
CVE-2009-1633
7.1 MV Product/Version
affected:
High kernel Multiple buffer overflows in the cifs subsystem in the Linux kernel before 2.6.29.4 allow remote CIFS servers to cause a denial of service (memory corruption) and possibly have unspecified other impact via (1) a malformed Unicode string, related to Unicode string area alignment in fs/cifs/sess.c; or (2) long Unicode characters, related to fs/cifs/cifssmb.c and the cifs_readdir function in fs/cifs/readdir.c. May 28, 2009, 15:05 pm
CVE-2009-1632
5.0 MV Product/Version
affected:
Medium ipsec-tools Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) signature verification during user authentication with X.509 certificates, related to the eay_check_x509sign function in src/racoon/crypto_openssl.c; and (2) the NAT-Traversal (aka NAT-T) keepalive implementation, related to src/racoon/nattraversal.c. May 14, 2009, 12:05 pm
CVE-2009-1630
4.4 MV Product/Version
affected:
Professional PRO 5.0 Resolved
MVL5 Kernel 2.6.24 Resolved
Professional PRO 5.0.24 Resolved
Consumer Mobilinux 5.0.24 Resolved
MVL5 Kernel 2.6.24 Resolved
MVL5 Kernel 2.6.29 Resolved
Professional PRO 5.0 Resolved
Medium kernel The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver. May 14, 2009, 12:05 pm
CVE-2009-1574
5.0 MV Product/Version
affected:
Medium ipsec-tools racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference. May 6, 2009, 12:05 pm
CVE-2009-1572
5.0 MV Product/Version
affected:
Medium quagga The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error. May 6, 2009, 12:05 pm
CVE-2009-1527
6.9 MV Product/Version
affected:
MVL5 Kernel 2.6.29 Resolved
MVL6 Kernel 2.6.29 Resolved
Medium kernel Race condition in the ptrace_attach function in kernel/ptrace.c in the Linux kernel before 2.6.30-rc4 allows local users to gain privileges via a PTRACE_ATTACH ptrace call during an exec system call that is launching a setuid application, related to locking an incorrect cred_exec_mutex object. May 5, 2009, 15:05 pm
CVE-2009-1439
7.8 MV Product/Version
affected:
MVL6 Kernel 2.6.29 Resolved
High kernel Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel 2.6.29 and earlier allows remote attackers to cause a denial of service (crash) via a long nativeFileSystem field in a Tree Connect response to an SMB mount request. April 27, 2009, 13:04 pm
CVE-2009-1417
5.0 MV Product/Version
affected:
CGE 6.0 Resolved
CGE 6.0 Resolved
Medium gnutls gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup. April 30, 2009, 15:04 pm
CVE-2009-1415
4.3 MV Product/Version
affected:
CGE 6.0 Resolved
Medium gnutls lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free. April 30, 2009, 15:04 pm
CVE-2009-1389
7.8 MV Product/Version
affected:
MVL5 Kernel 2.6.24 Resolved
High kernel Buffer overflow in the RTL8169 NIC driver (drivers/net/r8169.c) in the Linux kernel before 2.6.30 allows remote attackers to cause a denial of service (kernel memory corruption and crash) via a long packet. June 16, 2009, 18:06 pm
CVE-2009-1388
4.9 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Professional PRO 5.0 Resolved
Medium kernel The ptrace_start function in kernel/ptrace.c in the Linux kernel 2.6.18 does not properly handle simultaneous execution of the do_coredump function, which allows local users to cause a denial of service (deadlock) via vectors involving the ptrace system call and a coredumping thread. July 5, 2009, 11:07 am
CVE-2009-1387
5.0 MV Product/Version
affected:
Medium openssl The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a fragment bug. June 4, 2009, 11:06 am
CVE-2009-1386
5.0 MV Product/Version
affected:
Medium openssl ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello. June 4, 2009, 11:06 am
CVE-2009-1378
5.0 MV Product/Version
affected:
CGE 6.0 Resolved
Medium openssl Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka DTLS fragment handling memory leak. May 19, 2009, 14:05 pm
CVE-2009-1377
5.0 MV Product/Version
affected:
CGE 6.0 Resolved
CGE 6.0 Resolved
Medium openssl The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of future epoch DTLS records that are buffered in a queue, aka DTLS record buffer limitation bug. May 19, 2009, 14:05 pm
CVE-2009-1360
7.1 MV Product/Version
affected:
MVL5 Kernel 2.6.24 Resolved
Professional PRO 5.0.24 Resolved
Consumer Mobilinux 5.0.24 Resolved
Professional PRO 5.0 Resolved
Professional PRO 5.0 Resolved
MVL5 Kernel 2.6.24 Resolved
High kernel The __inet6_check_established function in net/ipv6/inet6_hashtables.c in the Linux kernel before 2.6.29, when Network Namespace Support (aka NET_NS) is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via vectors involving IPv6 packets. April 22, 2009, 10:04 am
CVE-2009-1337
4.4 MV Product/Version
affected:
Professional PRO 5.0 Resolved
MVL5 Kernel 2.6.24 Resolved
Professional PRO 5.0.24 Resolved
Professional PRO 5.0 Resolved
MVL5 Kernel 2.6.24 Resolved
Consumer Mobilinux 5.0.24 Resolved
MVL5 Kernel 2.6.29 Resolved
Medium kernel The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application. April 22, 2009, 10:04 am
CVE-2009-1298
7.8 MV Product/Version
affected:
MVL5 Kernel 2.6.29 Resolved
MVL6 Kernel 2.6.29 Resolved
High kernel The ip_frag_reasm function in net/ipv4/ip_fragment.c in the Linux kernel 2.6.32-rc8, and 2.6.29 and later versions before 2.6.32, calls IP_INC_STATS_BH with an incorrect argument, which allows remote attackers to cause a denial of service (NULL pointer dereference and hang) via long IP packets, possibly related to the ip_defrag function. December 8, 2009, 17:12 pm
CVE-2009-1297
4.4 MV Product/Version
affected:
Medium systemd iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name. October 23, 2009, 13:10 pm
CVE-2009-1269
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal wireshark Unspecified vulnerability in Wireshark 0.99.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file. April 13, 2009, 11:04 am
CVE-2009-1265
5.0 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Professional PRO 5.0 Resolved
Professional PRO 5.0 Resolved
Consumer Mobilinux 5.0.24 Resolved
Professional PRO 5.0.24 Resolved
MVL5 Kernel 2.6.29 Resolved
MVL5 Kernel 2.6.24 Resolved
MVL5 Kernel 2.6.24 Resolved
Professional PRO 5.0.24 Resolved
MVL5 Kernel 2.6.24 Resolved
MVL5 Kernel 2.6.29 Resolved
Professional PRO 5.0 Resolved
MVL5 Kernel 2.6.24 Resolved
MVL6 Kernel 2.6.24 Resolved
Consumer Mobilinux 5.0.24 Resolved
MVL6 Kernel 2.6.24 Resolved
Medium kernel Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the Linux kernel 2.6.24.4, and other versions before 2.6.30-rc1, might allow remote attackers to obtain sensitive information via a large length value, which causes garbage memory to be sent. April 7, 2009, 20:04 pm
CVE-2009-1252
6.8 MV Product/Version
affected:
CGE 6.0 Resolved
CGE 7.0 Resolved
CGE 6.0 Resolved
Medium ntp Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field. May 19, 2009, 14:05 pm
CVE-2009-1243
4.9 MV Product/Version
affected:
MVL5 Kernel 2.6.29 Resolved
Medium kernel net/ipv4/udp.c in the Linux kernel before 2.6.29.1 performs an unlocking step in certain incorrect circumstances, which allows local users to cause a denial of service (panic) by reading zero bytes from the /proc/net/udp file and unspecified other files, related to the udp seq_file infrastructure. April 6, 2009, 09:04 am
CVE-2009-1210
10.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Critical wireshark Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details are obtained from third party information. April 1, 2009, 05:04 am
CVE-2009-1196
5.0 MV Product/Version
affected:
Medium cups The directory-services functionality in the scheduler in CUPS 1.1.17 and 1.1.22 allows remote attackers to cause a denial of service (cupsd daemon outage or crash) via manipulations of the timing of CUPS browse packets, related to a pointer use-after-delete flaw. June 9, 2009, 12:06 pm
CVE-2009-1195
4.9 MV Product/Version
affected:
Medium appache The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file. May 28, 2009, 15:05 pm
CVE-2009-1194
6.8 MV Product/Version
affected:
Medium pango Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as demonstrated by a long document.location value in Firefox. May 11, 2009, 10:05 am
CVE-2009-1192
4.9 MV Product/Version
affected:
Professional PRO 5.0 Resolved
MVL5 Kernel 2.6.29 Resolved
MVL5 Kernel 2.6.24 Resolved
MVL5 Kernel 2.6.24 Resolved
Professional PRO 5.0.24 Resolved
Professional PRO 5.0 Resolved
Consumer Mobilinux 5.0.24 Resolved
Medium kernel The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages functions in drivers/char/agp/generic.c in the agp subsystem in the Linux kernel before 2.6.30-rc3 do not zero out pages that may later be available to a user-space process, which allows local users to obtain sensitive information by reading these pages. April 24, 2009, 10:04 am
CVE-2009-1191
5.0 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Medium appache mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request. April 23, 2009, 12:04 pm
CVE-2009-1189
3.6 MV Product/Version
affected:
Low dbus The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834. April 27, 2009, 13:04 pm
CVE-2009-1186
2.1 MV Product/Version
affected:
Low udev Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments. April 17, 2009, 09:04 am
CVE-2009-1185
7.2 MV Product/Version
affected:
High udev udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space. April 17, 2009, 09:04 am
CVE-2009-1184
4.4 MV Product/Version
affected:
CGE 5.1 Resolved
Medium kernel The selinux_ip_postroute_iptables_compat function in security/selinux/hooks.c in the SELinux subsystem in the Linux kernel before 2.6.27.22, and 2.6.28.x before 2.6.28.10, when compat_net is enabled, omits calls to avc_has_perm for the (1) node and (2) port, which allows local users to bypass intended restrictions on network traffic. NOTE: this was incorrectly reported as an issue fixed in 2.6.27.21. May 5, 2009, 15:05 pm
CVE-2009-1073
4.9 MV Product/Version
affected:
Medium nss-ldap nss-ldapd before 0.6.8 uses world-readable permissions for the /etc/nss-ldapd.conf file, which allows local users to obtain a cleartext password for the LDAP server by reading the bindpw field. March 31, 2009, 13:03 pm
CVE-2009-1059
9.3 MV Product/Version
affected:
High powerzip Stack-based buffer overflow in Trident PowerZip 7.2 might allow remote attackers to execute arbitrary code via a crafted .zip file. NOTE: CVE has not investigated whether the specified file.zip file can be used for exploitation of this product. March 24, 2009, 09:03 am
CVE-2009-1046
4.7 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Professional PRO 5.0 Resolved
MVL5 Kernel 2.6.29 Resolved
Consumer Mobilinux 5.0.24 Resolved
MVL5 Kernel 2.6.24 Resolved
MVL5 Kernel 2.6.24 Resolved
Professional PRO 5.0.24 Resolved
Medium kernel The console selection feature in the Linux kernel 2.6.28 before 2.6.28.4, 2.6.25, and possibly earlier versions, when the UTF-8 console is used, allows physically proximate attackers to cause a denial of service (memory corruption) by selecting a small number of 3-byte UTF-8 characters, which triggers an off-by-two memory error. NOTE: it is not clear whether this issue crosses privilege boundaries. March 23, 2009, 11:03 am
CVE-2009-0949
5.0 MV Product/Version
affected:
Medium cups The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags. June 9, 2009, 12:06 pm
CVE-2009-0946
10.0 MV Product/Version
affected:
High freetype Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c. April 16, 2009, 19:04 pm
CVE-2009-0922
4.0 MV Product/Version
affected:
Medium postgresql PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified encoding, as demonstrated using mismatched encoding conversion requests. March 17, 2009, 12:03 pm
CVE-2009-0887
6.6 MV Product/Version
affected:
CGE 3.1 Resolved
Medium kernel Integer signedness error in the _pam_StrTok function in libpam/pam_misc.c in Linux-PAM (aka pam) 1.0.3 and earlier, when a configuration file contains non-ASCII usernames, might allow remote attackers to cause a denial of service, and might allow remote authenticated users to obtain login access with a different users non-ASCII username, via a login attempt. March 12, 2009, 10:03 am
CVE-2009-0859
4.7 MV Product/Version
affected:
MVL5 Kernel 2.6.24 Resolved
Professional PRO 5.0.24 Resolved
MVL5 Kernel 2.6.24 Resolved
Professional PRO 5.0 Resolved
Consumer Mobilinux 5.0.24 Resolved
Professional PRO 5.0 Resolved
Medium kernel The shm_get_stat function in ipc/shm.c in the shm subsystem in the Linux kernel before 2.6.28.5, when CONFIG_SHMEM is disabled, misinterprets the data type of an inode, which allows local users to cause a denial of service (system hang) via an SHM_INFO shmctl call, as demonstrated by running the ipcs program. March 9, 2009, 16:03 pm
CVE-2009-0835
3.6 MV Product/Version
affected:
Professional PRO 5.0.24 Resolved
Low kernel The __secure_computing function in kernel/seccomp.c in the seccomp subsystem in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform, when CONFIG_SECCOMP is enabled, does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass intended access restrictions via crafted syscalls that are misinterpreted as (a) stat or (b) chmod, a related issue to CVE-2009-0342 and CVE-2009-0343. March 6, 2009, 05:03 am
CVE-2009-0834
3.6 MV Product/Version
affected:
Professional PRO 5.0.24 Resolved
Low kernel The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass certain syscall audit configurations via crafted syscalls, a related issue to CVE-2009-0342 and CVE-2009-0343. March 6, 2009, 05:03 am
CVE-2009-0801
5.4 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Medium squid Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. March 4, 2009, 10:03 am
CVE-2009-0798
5.0 MV Product/Version
affected:
CGE 5.0 Resolved
Medium acpid ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop. April 24, 2009, 10:04 am
CVE-2009-0791
6.8 MV Product/Version
affected:
Medium cups Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as used in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7, GPdf, and kdegraphics KPDF, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file that triggers a heap-based buffer overflow, possibly related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4) JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE: the JBIG2Stream.cxx vector may overlap CVE-2009-1179. June 9, 2009, 12:06 pm
CVE-2009-0790
5.0 MV Product/Version
affected:
Medium openswan The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and 2.4 before 2.4.14, and Strongswan 4.2 before 4.2.14 and 2.8 before 2.8.9, allows remote attackers to cause a denial of service (daemon crash and restart) via a crafted (1) R_U_THERE or (2) R_U_THERE_ACK Dead Peer Detection (DPD) IPsec IKE Notification message that triggers a NULL pointer dereference related to inconsistent ISAKMP state and the lack of a phase2 state association in DPD. April 1, 2009, 05:04 am
CVE-2009-0789
5.0 MV Product/Version
affected:
CGE 5.0 Resolved
Medium openssl OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and application crash) by placing this structure in the public key of a certificate, as demonstrated by an RSA public key. March 27, 2009, 11:03 am
CVE-2009-0784
6.9 MV Product/Version
affected:
CGE 7.0 Resolved
Normal systemtap Race condition in the SystemTap stap tool 0.0.20080705 and 0.0.20090314 allows local users in the stapusr group to insert arbitrary SystemTap kernel modules and gain privileges via unknown vectors. March 25, 2009, 18:03 pm
CVE-2009-0778
7.1 MV Product/Version
affected:
Professional PRO 4.0 Resolved
High kernel The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable message, which allows remote attackers to cause a denial of service (connectivity outage) by sending a large series of packets to many destination IP addresses within this REJECT route, related to an rt_cache leak. March 12, 2009, 10:03 am
CVE-2009-0754
2.1 MV Product/Version
affected:
Low php PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server. March 3, 2009, 10:03 am
CVE-2009-0748
4.9 MV Product/Version
affected:
Medium kernel The ext4_fill_super function in fs/ext4/super.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate the superblock configuration, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) by attempting to mount a crafted ext4 filesystem. February 27, 2009, 11:02 am
CVE-2009-0746
4.9 MV Product/Version
affected:
MVL6 Kernel 2.6.27 In progress
Medium kernel The make_indexed_dir function in fs/ext4/namei.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate a certain rec_len field, which allows local users to cause a denial of service (OOPS) by attempting to mount a crafted ext4 filesystem. February 27, 2009, 11:02 am
CVE-2009-0745
4.9 MV Product/Version
affected:
MVL6 Kernel 2.6.27 In progress
Medium kernel The ext4_group_add function in fs/ext4/resize.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not properly initialize the group descriptor during a resize (aka resize2fs) operation, which might allow local users to cause a denial of service (OOPS) by arranging for crafted values to be present in available memory. February 27, 2009, 11:02 am
CVE-2009-0696
4.3 MV Product/Version
affected:
Medium bind The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009. July 29, 2009, 12:07 pm
CVE-2009-0692
10.0 MV Product/Version
affected:
High dhcp Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option. July 14, 2009, 15:07 pm
CVE-2009-0676
2.1 MV Product/Version
affected:
MVL6 Kernel 2.6.28 Resolved
MVL5 Kernel 2.6.27 Resolved
CGE 4.0 Resolved
Professional PRO 5.0 Resolved
Consumer Mobilinux 5.0.24 Resolved
MVL5 Kernel 2.6.24 Resolved
Professional PRO 5.0.24 Resolved
MVL5 Kernel 2.6.24 Resolved
Professional PRO 5.0 Resolved
Low kernel The sock_getsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request. February 22, 2009, 16:02 pm
CVE-2009-0675
2.1 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Professional PRO 5.0 Resolved
CGE 5.0 Resolved
Low kernel The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel before 2.6.28.6 permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related to an inverted logic issue. February 22, 2009, 16:02 pm
CVE-2009-0605
4.9 MV Product/Version
affected:
MVL5 Kernel 2.6.24 Resolved
Professional PRO 5.0 Resolved
MVL5 Kernel 2.6.24 Resolved
Professional PRO 5.0 Resolved
MVL5 Kernel 2.6.29 Resolved
Consumer Mobilinux 5.0.24 Resolved
Professional PRO 5.0.24 Resolved
Medium kernel Stack consumption vulnerability in the do_page_fault function in arch/x86/mm/fault.c in the Linux kernel before 2.6.28.5 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via unspecified vectors that trigger page faults on a machine that has a registered Kprobes probe. February 17, 2009, 11:02 am
CVE-2009-0591
2.6 MV Product/Version
affected:
Low openssl The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid. March 27, 2009, 11:03 am
CVE-2009-0590
5.0 MV Product/Version
affected:
CGE 5.0 Resolved
Medium openssl The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length. March 27, 2009, 11:03 am
CVE-2009-0579
4.6 MV Product/Version
affected:
Medium kernel Linux-PAM before 1.0.4 does not enforce the minimum password age (MINDAYS) as specified in /etc/shadow, which allows local users to bypass intended security policy and change their passwords sooner than specified. April 16, 2009, 10:04 am
CVE-2009-0343
7.2 MV Product/Version
affected:
MVL6 Kernel 2.6.28 Resolved
MVL6 Kernel 2.6.28 Resolved
High systrace Niels Provos Systrace 1.6f and earlier on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 32-bit syscall with a syscall number that corresponds to a policy-compliant 64-bit syscall, related to race conditions that occur in monitoring 64-bit processes. January 29, 2009, 13:01 pm
CVE-2009-0342
7.2 MV Product/Version
affected:
MVL6 Kernel 2.6.28 Resolved
MVL6 Kernel 2.6.28 Resolved
High systrace Niels Provos Systrace before 1.6f on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 64-bit syscall with a syscall number that corresponds to a policy-compliant 32-bit syscall. January 29, 2009, 13:01 pm
CVE-2009-0322
4.9 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Professional PRO 5.0 Resolved
Professional PRO 5.0.24 Resolved
Medium kernel drivers/firmware/dell_rbu.c in the Linux kernel before 2.6.27.13, and 2.6.28.x before 2.6.28.2, allows local users to cause a denial of service (system crash) via a read system call that specifies zero bytes from the (1) image_type or (2) packet_size file in /sys/devices/platform/dell_rbu/. January 28, 2009, 12:01 pm
CVE-2009-0316
6.9 MV Product/Version
affected:
CGE 7.0 Resolved
Medium vim Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair. January 28, 2009, 05:01 am
CVE-2009-0269
4.9 MV Product/Version
affected:
Professional PRO 5.0.24 Resolved
MVL5 Kernel 2.6.24 Resolved
Consumer Mobilinux 5.0.24 Resolved
MVL6 Kernel 2.6.24 Resolved
MVL5 Kernel 2.6.27 Resolved
MVL5 Kernel 2.6.24 Resolved
Medium kernel fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel before 2.6.28.1 allows local users to cause a denial of service (fault or memory corruption), or possibly have unspecified other impact, via a readlink call that results in an error, leading to use of a -1 return value as an array index. January 26, 2009, 09:01 am
CVE-2009-0217
5.0 MV Product/Version
affected:
Medium libxml The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits. July 14, 2009, 18:07 pm
CVE-2009-0166
4.3 MV Product/Version
affected:
Medium cups The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory. April 23, 2009, 12:04 pm
CVE-2009-0165
10.0 MV Product/Version
affected:
High xpdf Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to g*allocn. April 23, 2009, 14:04 pm
CVE-2009-0164
6.4 MV Product/Version
affected:
Medium cups The web interface for CUPS before 1.3.10 does not validate the HTTP Host header in a client request, which makes it easier for remote attackers to conduct DNS rebinding attacks. April 24, 2009, 10:04 am
CVE-2009-0163
6.8 MV Product/Version
affected:
Medium cups Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the (1) _cupsImageReadTIFF function in the imagetops filter and (2) imagetoraster filter, leading to a heap-based buffer overflow. April 23, 2009, 12:04 pm
CVE-2009-0159
6.8 MV Product/Version
affected:
CGE 6.0 Resolved
CGE 6.0 Resolved
CGE 7.0 Resolved
Medium ntp Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response. April 14, 2009, 10:04 am
CVE-2009-0148
9.3 MV Product/Version
affected:
High cscope Multiple buffer overflows in Cscope before 15.7a allow remote attackers to execute arbitrary code via long strings in input such as (1) source-code tokens and (2) pathnames, related to integer overflows in some cases. NOTE: this issue exists because of an incomplete fix for CVE-2004-2541. May 5, 2009, 12:05 pm
CVE-2009-0147
4.3 MV Product/Version
affected:
Medium cups Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap. April 23, 2009, 12:04 pm
CVE-2009-0146
4.3 MV Product/Version
affected:
Medium cups Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg. April 23, 2009, 12:04 pm
CVE-2009-0065
10.0 MV Product/Version
affected:
Professional PRO 5.0 Resolved
MVL5 Kernel 2.6.24 Resolved
Consumer Mobilinux 5.0.24 Resolved
MVL6 Kernel 2.6.27 Resolved
Professional PRO 5.0.24 Resolved
MVL5 Kernel 2.6.24 Resolved
Professional PRO 5.0 Resolved
MVL5 Kernel 2.6.27 Resolved
High kernel Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.28-git8 allows remote attackers to have an unknown impact via an FWD-TSN (aka FORWARD-TSN) chunk with a large stream ID. January 7, 2009, 13:01 pm
CVE-2009-0040
6.8 MV Product/Version
affected:
Medium libpng The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables. February 22, 2009, 16:02 pm
CVE-2009-0037
6.8 MV Product/Version
affected:
Medium curl The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL. March 4, 2009, 20:03 pm
CVE-2009-0034
6.9 MV Product/Version
affected:
Medium sudo parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. January 30, 2009, 13:01 pm
CVE-2009-0032
6.9 MV Product/Version
affected:
Medium cups CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) 3.0 and 4.0, and Multi Network Firewall (MNF) 2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file. January 27, 2009, 14:01 pm
CVE-2009-0031
4.9 MV Product/Version
affected:
MVL6 Kernel 2.6.27 Resolved
Professional PRO 5.0 Resolved
Consumer Mobilinux 5.0.24 Resolved
Professional PRO 5.0 Resolved
MVL6 Kernel 2.6.27 Resolved
MVL5 Kernel 2.6.24 Resolved
MVL5 Kernel 2.6.24 Resolved
MVL5 Kernel 2.6.27 Resolved
Professional PRO 5.0.24 Resolved
Medium kernel Memory leak in the keyctl_join_session_keyring function (security/keys/keyctl.c) in Linux kernel 2.6.29-rc2 and earlier allows local users to cause a denial of service (kernel memory consumption) via unknown vectors related to a missing kfree. January 20, 2009, 20:01 pm
CVE-2009-0029
7.2 MV Product/Version
affected:
High kernel The ABI in the Linux kernel 2.6.28 and earlier on s390, powerpc, sparc64, and mips 64-bit platforms requires that a 32-bit argument in a 64-bit register was properly sign extended when sent from a user-mode application, but cannot verify this, which allows local users to cause a denial of service (crash) or possibly gain privileges via a crafted system call. January 15, 2009, 11:01 am
CVE-2009-0028
2.1 MV Product/Version
affected:
MVL5 Kernel 2.6.24 Resolved
Professional PRO 5.0.24 Resolved
Professional PRO 5.0 Resolved
Professional PRO 5.0 Resolved
Consumer Mobilinux 5.0.24 Resolved
MVL5 Kernel 2.6.24 Resolved
Low kernel The clone system call in the Linux kernel 2.6.28 and earlier allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child process with the CLONE_PARENT flag, and then letting this new process exit. February 27, 2009, 11:02 am
CVE-2009-0025
6.8 MV Product/Version
affected:
Medium bind BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. January 7, 2009, 11:01 am
CVE-2009-0024
7.2 MV Product/Version
affected:
MVL5 Kernel 2.6.24 Resolved
MVL5 Kernel 2.6.24 Resolved
Professional PRO 5.0.24 Resolved
CGE 5.1 Resolved
Consumer Mobilinux 5.0.24 Resolved
High kernel The sys_remap_file_pages function in mm/fremap.c in the Linux kernel before 2.6.24.1 allows local users to cause a denial of service or gain privileges via unspecified vectors, related to the vm_file structure member, and the mmap_region and do_munmap functions. January 13, 2009, 11:01 am
CVE-2009-0021
5.0 MV Product/Version
affected:
CGE 6.0 Resolved
CGE 7.0 Resolved
CGE 6.0 Resolved
Medium ntp NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. January 7, 2009, 11:01 am