Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2008-AVI-388
Vulnerability from certfr_avis
Plusieurs vulnérabilités permettant entre autres l'exécution de code arbitraire à distance, et concernant le système d'exploitaiton Mac OS X, ont été corrigées.
Description
Plusieurs vulnérabilités concernant Mac OS X ont été corrigées :
- Open Scripting Architecture : une mauvaise gestion des droits des plugins permet à un utilisateur malveillant local d'élever ses privilèges.
- BIND : une mauvaise gestion de l'aléa et un vulnérabilité protocolaire permettent de corrompre le cache du DNS.
- CarbonCore : une vulnérabilité dans les gestion des noms longs de fichier permet l'exécution de code arbitraire.
- CoreGraphics : une corruption de mémoire permet l'exécution de code arbitraire, par exemple à l'aide d'un site Web spécifiquement réalisé.
- CoreGraphics : un dépassement d'entier lors de la gestion de fichiers au format PDF permet l'exécution de code arbitraire.
- Data Detectors Engine : la visualisation d'un message spécifiquement créé permet de provoquer un déni de service de l'application.
- Disk Utility : après l'utilisation de l'outil Repair Permissions il est possible d'exécuter des commandes avec les droits sytème à l'aide d'emacs.
- OpenLDAP : un message spécifiquement réalisé permet de provoquer un déni de service de l'application.
- OpenSSL : une vulnérabilité dans la fonction SSL_get_shared_ciphers() permet de provoquer un déni de service de l'application.
- PHP : plusieurs vulnérabilités, dont certaines permettant l'exécution de code arbitraire, ont été corrigées.
- QuickLook : un document au format Microsoft Office spécifiquement réalisé permet l'exécution de code arbitraire.
- rsync : l'utilisation de liens symboliques permet de modifier des fichiers hors du module.
Solution
Se référer au bulletin de sécurité d'Apple HT2647 du 1 août 2008 pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Mac OS X 10.4.11 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Mac OS X Server 10.4 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Mac OS X 10.5.4.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Mac OS X Server 10.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s concernant Mac OS X ont \u00e9t\u00e9 corrig\u00e9es :\n\n- Open Scripting Architecture : une mauvaise gestion des droits des\n plugins permet \u00e0 un utilisateur malveillant local d\u0027\u00e9lever ses\n privil\u00e8ges.\n- BIND : une mauvaise gestion de l\u0027al\u00e9a et un vuln\u00e9rabilit\u00e9\n protocolaire permettent de corrompre le cache du DNS.\n- CarbonCore : une vuln\u00e9rabilit\u00e9 dans les gestion des noms longs de\n fichier permet l\u0027ex\u00e9cution de code arbitraire.\n- CoreGraphics : une corruption de m\u00e9moire permet l\u0027ex\u00e9cution de code\n arbitraire, par exemple \u00e0 l\u0027aide d\u0027un site Web sp\u00e9cifiquement\n r\u00e9alis\u00e9.\n- CoreGraphics : un d\u00e9passement d\u0027entier lors de la gestion de\n fichiers au format PDF permet l\u0027ex\u00e9cution de code arbitraire.\n- Data Detectors Engine : la visualisation d\u0027un message sp\u00e9cifiquement\n cr\u00e9\u00e9 permet de provoquer un d\u00e9ni de service de l\u0027application.\n- Disk Utility : apr\u00e8s l\u0027utilisation de l\u0027outil Repair Permissions il\n est possible d\u0027ex\u00e9cuter des commandes avec les droits syt\u00e8me \u00e0\n l\u0027aide d\u0027emacs.\n- OpenLDAP : un message sp\u00e9cifiquement r\u00e9alis\u00e9 permet de provoquer un\n d\u00e9ni de service de l\u0027application.\n- OpenSSL : une vuln\u00e9rabilit\u00e9 dans la fonction\n SSL_get_shared_ciphers() permet de provoquer un d\u00e9ni de service de\n l\u0027application.\n- PHP : plusieurs vuln\u00e9rabilit\u00e9s, dont certaines permettant\n l\u0027ex\u00e9cution de code arbitraire, ont \u00e9t\u00e9 corrig\u00e9es.\n- QuickLook : un document au format Microsoft Office sp\u00e9cifiquement\n r\u00e9alis\u00e9 permet l\u0027ex\u00e9cution de code arbitraire.\n- rsync : l\u0027utilisation de liens symboliques permet de modifier des\n fichiers hors du module.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 d\u0027Apple HT2647 du 1 ao\u00fbt 2008 pour\nl\u0027obtention des correctifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2008-2324",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2324"
},
{
"name": "CVE-2007-5135",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5135"
},
{
"name": "CVE-2007-6200",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6200"
},
{
"name": "CVE-2008-2051",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2051"
},
{
"name": "CVE-2008-2322",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2322"
},
{
"name": "CVE-2008-0674",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0674"
},
{
"name": "CVE-2008-2325",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2325"
},
{
"name": "CVE-2007-6199",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6199"
},
{
"name": "CVE-2008-2320",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2320"
},
{
"name": "CVE-2008-0599",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0599"
},
{
"name": "CVE-2008-1447",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1447"
},
{
"name": "CVE-2007-4850",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4850"
},
{
"name": "CVE-2008-2323",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2323"
},
{
"name": "CVE-2008-2050",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2050"
},
{
"name": "CVE-2008-2321",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2321"
},
{
"name": "CVE-2008-2952",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2952"
}
],
"initial_release_date": "2008-08-01T00:00:00",
"last_revision_date": "2008-08-01T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT2647 du 01 ao\u00fbt 2008 :",
"url": "http://support.apple.com/kb/HT2647"
}
],
"reference": "CERTA-2008-AVI-388",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2008-08-01T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s permettant entre autres l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance, et concernant le syst\u00e8me d\u0027exploitaiton Mac OS X,\nont \u00e9t\u00e9 corrig\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mac OS X",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT2647 du 1 ao\u00fbt 2008",
"url": null
}
]
}
CVE-2007-5135 (GCVE-0-2007-5135)
Vulnerability from cvelistv5
Published
2007-09-27 20:00
Modified
2024-08-07 15:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:17:28.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=194039"
},
{
"name": "HPSBUX02292",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/484353/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:5337",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5337"
},
{
"name": "20071001 Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/481217/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0241"
},
{
"name": "27205",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27205"
},
{
"name": "27097",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27097"
},
{
"name": "ADV-2008-2362",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2362"
},
{
"name": "1018755",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018755"
},
{
"name": "31489",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31489"
},
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "FEDORA-2007-725",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00218.html"
},
{
"name": "RHSA-2007:1003",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-1003.html"
},
{
"name": "29242",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29242"
},
{
"name": "MDKSA-2007:193",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:193"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1770"
},
{
"name": "27186",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27186"
},
{
"name": "27851",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27851"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "30124",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30124"
},
{
"name": "SUSE-SR:2008:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
},
{
"name": "27394",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27394"
},
{
"name": "[4.1] 011: SECURITY FIX: October 10, 2007",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD",
"x_transferred"
],
"url": "http://www.openbsd.org/errata41.html"
},
{
"name": "20071004 Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/481506/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:10904",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10904"
},
{
"name": "20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485936/100/0/threaded"
},
{
"name": "31308",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31308"
},
{
"name": "22130",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22130"
},
{
"name": "27031",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27031"
},
{
"name": "[Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000002.html"
},
{
"name": "ADV-2007-3625",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3625"
},
{
"name": "20070927 OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/480855/100/0/threaded"
},
{
"name": "FreeBSD-SA-07:08",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:08.openssl.asc"
},
{
"name": "USN-522-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/522-1/"
},
{
"name": "ADV-2008-2361",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2361"
},
{
"name": "27217",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27217"
},
{
"name": "31467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31467"
},
{
"name": "27961",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27961"
},
{
"name": "RHSA-2007:0964",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0964.html"
},
{
"name": "27870",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27870"
},
{
"name": "25831",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25831"
},
{
"name": "DSA-1379",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1379"
},
{
"name": "ADV-2007-4042",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4042"
},
{
"name": "20071003 FLEA-2007-0058-1 openssl openssl-scripts",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/481488/100/0/threaded"
},
{
"name": "27330",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27330"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4038"
},
{
"name": "30161",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30161"
},
{
"name": "GLSA-200805-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4037"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html"
},
{
"name": "28368",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28368"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1769"
},
{
"name": "27012",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27012"
},
{
"name": "3179",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3179"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm"
},
{
"name": "27229",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27229"
},
{
"name": "27051",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27051"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31326"
},
{
"name": "27078",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27078"
},
{
"name": "GLSA-200710-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200710-06.xml"
},
{
"name": "SSRT071499",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/484353/100/0/threaded"
},
{
"name": "NetBSD-SA2008-007",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openssl.org/news/secadv_20071012.txt"
},
{
"name": "200858",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200858-1"
},
{
"name": "[4.0] 017: SECURITY FIX: October 10, 2007",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD",
"x_transferred"
],
"url": "http://www.openbsd.org/errata40.html"
},
{
"name": "[4.2] 002: SECURITY FIX: October 10, 2007",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD",
"x_transferred"
],
"url": "http://www.openbsd.org/errata42.html"
},
{
"name": "openssl-sslgetshared-bo(36837)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36837"
},
{
"name": "RHSA-2007:0813",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0813.html"
},
{
"name": "SUSE-SR:2007:020",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_20_sr.html"
},
{
"name": "ADV-2007-3325",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3325"
},
{
"name": "ADV-2007-4144",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4144"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0001.html"
},
{
"name": "ADV-2008-0064",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0064"
},
{
"name": "27021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27021"
},
{
"name": "103130",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103130-1"
},
{
"name": "20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/486859/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=194039"
},
{
"name": "HPSBUX02292",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/484353/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:5337",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5337"
},
{
"name": "20071001 Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/481217/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0241"
},
{
"name": "27205",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27205"
},
{
"name": "27097",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27097"
},
{
"name": "ADV-2008-2362",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2362"
},
{
"name": "1018755",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018755"
},
{
"name": "31489",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31489"
},
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "FEDORA-2007-725",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00218.html"
},
{
"name": "RHSA-2007:1003",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-1003.html"
},
{
"name": "29242",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29242"
},
{
"name": "MDKSA-2007:193",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:193"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1770"
},
{
"name": "27186",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27186"
},
{
"name": "27851",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27851"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "30124",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30124"
},
{
"name": "SUSE-SR:2008:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
},
{
"name": "27394",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27394"
},
{
"name": "[4.1] 011: SECURITY FIX: October 10, 2007",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD"
],
"url": "http://www.openbsd.org/errata41.html"
},
{
"name": "20071004 Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/481506/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:10904",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10904"
},
{
"name": "20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/485936/100/0/threaded"
},
{
"name": "31308",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31308"
},
{
"name": "22130",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22130"
},
{
"name": "27031",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27031"
},
{
"name": "[Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000002.html"
},
{
"name": "ADV-2007-3625",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3625"
},
{
"name": "20070927 OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/480855/100/0/threaded"
},
{
"name": "FreeBSD-SA-07:08",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:08.openssl.asc"
},
{
"name": "USN-522-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/522-1/"
},
{
"name": "ADV-2008-2361",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2361"
},
{
"name": "27217",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27217"
},
{
"name": "31467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31467"
},
{
"name": "27961",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27961"
},
{
"name": "RHSA-2007:0964",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0964.html"
},
{
"name": "27870",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27870"
},
{
"name": "25831",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25831"
},
{
"name": "DSA-1379",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1379"
},
{
"name": "ADV-2007-4042",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4042"
},
{
"name": "20071003 FLEA-2007-0058-1 openssl openssl-scripts",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/481488/100/0/threaded"
},
{
"name": "27330",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27330"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4038"
},
{
"name": "30161",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30161"
},
{
"name": "GLSA-200805-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4037"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html"
},
{
"name": "28368",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28368"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1769"
},
{
"name": "27012",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27012"
},
{
"name": "3179",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3179"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm"
},
{
"name": "27229",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27229"
},
{
"name": "27051",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27051"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31326"
},
{
"name": "27078",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27078"
},
{
"name": "GLSA-200710-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200710-06.xml"
},
{
"name": "SSRT071499",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/484353/100/0/threaded"
},
{
"name": "NetBSD-SA2008-007",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openssl.org/news/secadv_20071012.txt"
},
{
"name": "200858",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200858-1"
},
{
"name": "[4.0] 017: SECURITY FIX: October 10, 2007",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD"
],
"url": "http://www.openbsd.org/errata40.html"
},
{
"name": "[4.2] 002: SECURITY FIX: October 10, 2007",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD"
],
"url": "http://www.openbsd.org/errata42.html"
},
{
"name": "openssl-sslgetshared-bo(36837)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36837"
},
{
"name": "RHSA-2007:0813",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0813.html"
},
{
"name": "SUSE-SR:2007:020",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_20_sr.html"
},
{
"name": "ADV-2007-3325",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3325"
},
{
"name": "ADV-2007-4144",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4144"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0001.html"
},
{
"name": "ADV-2008-0064",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0064"
},
{
"name": "27021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27021"
},
{
"name": "103130",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103130-1"
},
{
"name": "20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/486859/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=194039",
"refsource": "MISC",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=194039"
},
{
"name": "HPSBUX02292",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/484353/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:5337",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5337"
},
{
"name": "20071001 Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/481217/100/0/threaded"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0241",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0241"
},
{
"name": "27205",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27205"
},
{
"name": "27097",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27097"
},
{
"name": "ADV-2008-2362",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2362"
},
{
"name": "1018755",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018755"
},
{
"name": "31489",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31489"
},
{
"name": "APPLE-SA-2008-07-31",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "FEDORA-2007-725",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00218.html"
},
{
"name": "RHSA-2007:1003",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1003.html"
},
{
"name": "29242",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29242"
},
{
"name": "MDKSA-2007:193",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:193"
},
{
"name": "https://issues.rpath.com/browse/RPL-1770",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1770"
},
{
"name": "27186",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27186"
},
{
"name": "27851",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27851"
},
{
"name": "ADV-2008-2268",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "30124",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30124"
},
{
"name": "SUSE-SR:2008:005",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
},
{
"name": "27394",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27394"
},
{
"name": "[4.1] 011: SECURITY FIX: October 10, 2007",
"refsource": "OPENBSD",
"url": "http://www.openbsd.org/errata41.html"
},
{
"name": "20071004 Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/481506/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:10904",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10904"
},
{
"name": "20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485936/100/0/threaded"
},
{
"name": "31308",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31308"
},
{
"name": "22130",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22130"
},
{
"name": "27031",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27031"
},
{
"name": "[Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000002.html"
},
{
"name": "ADV-2007-3625",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3625"
},
{
"name": "20070927 OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/480855/100/0/threaded"
},
{
"name": "FreeBSD-SA-07:08",
"refsource": "FREEBSD",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:08.openssl.asc"
},
{
"name": "USN-522-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/522-1/"
},
{
"name": "ADV-2008-2361",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2361"
},
{
"name": "27217",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27217"
},
{
"name": "31467",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31467"
},
{
"name": "27961",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27961"
},
{
"name": "RHSA-2007:0964",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0964.html"
},
{
"name": "27870",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27870"
},
{
"name": "25831",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25831"
},
{
"name": "DSA-1379",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1379"
},
{
"name": "ADV-2007-4042",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4042"
},
{
"name": "20071003 FLEA-2007-0058-1 openssl openssl-scripts",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/481488/100/0/threaded"
},
{
"name": "27330",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27330"
},
{
"name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4038",
"refsource": "CONFIRM",
"url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4038"
},
{
"name": "30161",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30161"
},
{
"name": "GLSA-200805-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
},
{
"name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4037",
"refsource": "CONFIRM",
"url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4037"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html"
},
{
"name": "28368",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28368"
},
{
"name": "https://issues.rpath.com/browse/RPL-1769",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1769"
},
{
"name": "27012",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27012"
},
{
"name": "3179",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3179"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm"
},
{
"name": "27229",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27229"
},
{
"name": "27051",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27051"
},
{
"name": "31326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31326"
},
{
"name": "27078",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27078"
},
{
"name": "GLSA-200710-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200710-06.xml"
},
{
"name": "SSRT071499",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/484353/100/0/threaded"
},
{
"name": "NetBSD-SA2008-007",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc"
},
{
"name": "http://www.openssl.org/news/secadv_20071012.txt",
"refsource": "CONFIRM",
"url": "http://www.openssl.org/news/secadv_20071012.txt"
},
{
"name": "200858",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200858-1"
},
{
"name": "[4.0] 017: SECURITY FIX: October 10, 2007",
"refsource": "OPENBSD",
"url": "http://www.openbsd.org/errata40.html"
},
{
"name": "[4.2] 002: SECURITY FIX: October 10, 2007",
"refsource": "OPENBSD",
"url": "http://www.openbsd.org/errata42.html"
},
{
"name": "openssl-sslgetshared-bo(36837)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36837"
},
{
"name": "RHSA-2007:0813",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0813.html"
},
{
"name": "SUSE-SR:2007:020",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_20_sr.html"
},
{
"name": "ADV-2007-3325",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3325"
},
{
"name": "ADV-2007-4144",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4144"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0001.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0001.html"
},
{
"name": "ADV-2008-0064",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0064"
},
{
"name": "27021",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27021"
},
{
"name": "103130",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103130-1"
},
{
"name": "20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486859/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5135",
"datePublished": "2007-09-27T20:00:00",
"dateReserved": "2007-09-27T00:00:00",
"dateUpdated": "2024-08-07T15:17:28.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6200 (GCVE-0-2007-6200)
Vulnerability from cvelistv5
Published
2007-12-01 01:00
Modified
2024-08-07 15:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options.
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:54:27.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28412"
},
{
"name": "ADV-2007-4057",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4057"
},
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "RHSA-2011:0999",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0999.html"
},
{
"name": "26639",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26639"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "27853",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27853"
},
{
"name": "20080212 FLEA-2008-0004-1 rsync",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
},
{
"name": "27863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27863"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://rsync.samba.org/security.html#s3_0_0"
},
{
"name": "28457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28457"
},
{
"name": "MDVSA-2008:011",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31326"
},
{
"name": "1019012",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019012"
},
{
"name": "SUSE-SR:2008:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28412"
},
{
"name": "ADV-2007-4057",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4057"
},
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "RHSA-2011:0999",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0999.html"
},
{
"name": "26639",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26639"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "27853",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27853"
},
{
"name": "20080212 FLEA-2008-0004-1 rsync",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
},
{
"name": "27863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27863"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://rsync.samba.org/security.html#s3_0_0"
},
{
"name": "28457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28457"
},
{
"name": "MDVSA-2008:011",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31326"
},
{
"name": "1019012",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019012"
},
{
"name": "SUSE-SR:2008:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28412",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28412"
},
{
"name": "ADV-2007-4057",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4057"
},
{
"name": "APPLE-SA-2008-07-31",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "RHSA-2011:0999",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0999.html"
},
{
"name": "26639",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26639"
},
{
"name": "ADV-2008-2268",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "27853",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27853"
},
{
"name": "20080212 FLEA-2008-0004-1 rsync",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
},
{
"name": "27863",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27863"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
},
{
"name": "http://rsync.samba.org/security.html#s3_0_0",
"refsource": "CONFIRM",
"url": "http://rsync.samba.org/security.html#s3_0_0"
},
{
"name": "28457",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28457"
},
{
"name": "MDVSA-2008:011",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
},
{
"name": "31326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31326"
},
{
"name": "1019012",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019012"
},
{
"name": "SUSE-SR:2008:001",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6200",
"datePublished": "2007-12-01T01:00:00",
"dateReserved": "2007-11-30T00:00:00",
"dateUpdated": "2024-08-07T15:54:27.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2324 (GCVE-0-2008-2324)
Vulnerability from cvelistv5
Published
2008-08-04 01:00
Modified
2024-08-07 08:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Repair Permissions tool in Disk Utility in Apple Mac OS X 10.4.11 adds the setuid bit to the emacs executable file, which allows local users to gain privileges by executing commands within emacs.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:58:02.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "30492",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30492"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31326"
},
{
"name": "macosx-diskutility-privilege-escalation(44132)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44132"
},
{
"name": "1020605",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020605"
},
{
"name": "30483",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30483"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Repair Permissions tool in Disk Utility in Apple Mac OS X 10.4.11 adds the setuid bit to the emacs executable file, which allows local users to gain privileges by executing commands within emacs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "30492",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30492"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31326"
},
{
"name": "macosx-diskutility-privilege-escalation(44132)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44132"
},
{
"name": "1020605",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020605"
},
{
"name": "30483",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30483"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2324",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Repair Permissions tool in Disk Utility in Apple Mac OS X 10.4.11 adds the setuid bit to the emacs executable file, which allows local users to gain privileges by executing commands within emacs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2008-07-31",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "ADV-2008-2268",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "30492",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30492"
},
{
"name": "31326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31326"
},
{
"name": "macosx-diskutility-privilege-escalation(44132)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44132"
},
{
"name": "1020605",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020605"
},
{
"name": "30483",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30483"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2324",
"datePublished": "2008-08-04T01:00:00",
"dateReserved": "2008-05-18T00:00:00",
"dateUpdated": "2024-08-07T08:58:02.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0599 (GCVE-0-2008-0599)
Vulnerability from cvelistv5
Published
2008-05-05 17:00
Modified
2024-08-07 07:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:54:21.880Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-1412",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1412"
},
{
"name": "20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/492535/100/0/threaded"
},
{
"name": "FEDORA-2008-3606",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00779.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.267.2.15.2.50.2.12\u0026r2=1.267.2.15.2.50.2.13\u0026diff_format=u"
},
{
"name": "32746",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32746"
},
{
"name": "30616",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30616"
},
{
"name": "HPSBUX02342",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01476437"
},
{
"name": "HPSBUX02465",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
},
{
"name": "30083",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30083"
},
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "GLSA-200811-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200811-05.xml"
},
{
"name": "SSRT090085",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
},
{
"name": "FEDORA-2008-3864",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html"
},
{
"name": "29009",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29009"
},
{
"name": "oval:org.mitre.oval:def:5510",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5510"
},
{
"name": "30828",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30828"
},
{
"name": "MDVSA-2008:128",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:128"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "30345",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30345"
},
{
"name": "USN-628-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-628-1"
},
{
"name": "SSRT090192",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
},
{
"name": "php-vector-unspecified(42137)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42137"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176"
},
{
"name": "[oss-security] 20080502 CVE Request (PHP)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/05/02/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "31200",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31200"
},
{
"name": "SSA:2008-128-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.488951"
},
{
"name": "30757",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30757"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31326"
},
{
"name": "1019958",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019958"
},
{
"name": "VU#147027",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/147027"
},
{
"name": "HPSBUX02431",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-2503"
},
{
"name": "RHSA-2008:0505",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0505.html"
},
{
"name": "SSRT080063",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01476437"
},
{
"name": "ADV-2008-1810",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1810/references"
},
{
"name": "MDVSA-2008:127",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:127"
},
{
"name": "35650",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35650"
},
{
"name": "30048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30048"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "ADV-2008-1412",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1412"
},
{
"name": "20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/492535/100/0/threaded"
},
{
"name": "FEDORA-2008-3606",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00779.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.267.2.15.2.50.2.12\u0026r2=1.267.2.15.2.50.2.13\u0026diff_format=u"
},
{
"name": "32746",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32746"
},
{
"name": "30616",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30616"
},
{
"name": "HPSBUX02342",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01476437"
},
{
"name": "HPSBUX02465",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
},
{
"name": "30083",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30083"
},
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "GLSA-200811-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200811-05.xml"
},
{
"name": "SSRT090085",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
},
{
"name": "FEDORA-2008-3864",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html"
},
{
"name": "29009",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29009"
},
{
"name": "oval:org.mitre.oval:def:5510",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5510"
},
{
"name": "30828",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30828"
},
{
"name": "MDVSA-2008:128",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:128"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "30345",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30345"
},
{
"name": "USN-628-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-628-1"
},
{
"name": "SSRT090192",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
},
{
"name": "php-vector-unspecified(42137)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42137"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176"
},
{
"name": "[oss-security] 20080502 CVE Request (PHP)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/05/02/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "31200",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31200"
},
{
"name": "SSA:2008-128-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.488951"
},
{
"name": "30757",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30757"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31326"
},
{
"name": "1019958",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019958"
},
{
"name": "VU#147027",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/147027"
},
{
"name": "HPSBUX02431",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-2503"
},
{
"name": "RHSA-2008:0505",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0505.html"
},
{
"name": "SSRT080063",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01476437"
},
{
"name": "ADV-2008-1810",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1810/references"
},
{
"name": "MDVSA-2008:127",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:127"
},
{
"name": "35650",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35650"
},
{
"name": "30048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30048"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-0599",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1412",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1412"
},
{
"name": "20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/492535/100/0/threaded"
},
{
"name": "FEDORA-2008-3606",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00779.html"
},
{
"name": "http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.267.2.15.2.50.2.12\u0026r2=1.267.2.15.2.50.2.13\u0026diff_format=u",
"refsource": "CONFIRM",
"url": "http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.267.2.15.2.50.2.12\u0026r2=1.267.2.15.2.50.2.13\u0026diff_format=u"
},
{
"name": "32746",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32746"
},
{
"name": "30616",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30616"
},
{
"name": "HPSBUX02342",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01476437"
},
{
"name": "HPSBUX02465",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
},
{
"name": "30083",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30083"
},
{
"name": "APPLE-SA-2008-07-31",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "GLSA-200811-05",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200811-05.xml"
},
{
"name": "SSRT090085",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
},
{
"name": "FEDORA-2008-3864",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html"
},
{
"name": "29009",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29009"
},
{
"name": "oval:org.mitre.oval:def:5510",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5510"
},
{
"name": "30828",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30828"
},
{
"name": "MDVSA-2008:128",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:128"
},
{
"name": "ADV-2008-2268",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "30345",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30345"
},
{
"name": "USN-628-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-628-1"
},
{
"name": "SSRT090192",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
},
{
"name": "php-vector-unspecified(42137)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42137"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176"
},
{
"name": "[oss-security] 20080502 CVE Request (PHP)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/05/02/2"
},
{
"name": "http://www.php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "31200",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31200"
},
{
"name": "SSA:2008-128-01",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.488951"
},
{
"name": "30757",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30757"
},
{
"name": "31326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31326"
},
{
"name": "1019958",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019958"
},
{
"name": "VU#147027",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/147027"
},
{
"name": "HPSBUX02431",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
},
{
"name": "https://issues.rpath.com/browse/RPL-2503",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2503"
},
{
"name": "RHSA-2008:0505",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0505.html"
},
{
"name": "SSRT080063",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01476437"
},
{
"name": "ADV-2008-1810",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1810/references"
},
{
"name": "MDVSA-2008:127",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:127"
},
{
"name": "35650",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35650"
},
{
"name": "30048",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30048"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-0599",
"datePublished": "2008-05-05T17:00:00",
"dateReserved": "2008-02-05T00:00:00",
"dateUpdated": "2024-08-07T07:54:21.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6199 (GCVE-0-2007-6199)
Vulnerability from cvelistv5
Published
2007-12-01 01:00
Modified
2024-08-07 15:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy.
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:54:27.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28412"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html"
},
{
"name": "ADV-2007-4057",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4057"
},
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "27853",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27853"
},
{
"name": "20080212 FLEA-2008-0004-1 rsync",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
},
{
"name": "27863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27863"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://rsync.samba.org/security.html#s3_0_0"
},
{
"name": "61005",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61005"
},
{
"name": "28457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28457"
},
{
"name": "MDVSA-2008:011",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31326"
},
{
"name": "26638",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26638"
},
{
"name": "1019012",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019012"
},
{
"name": "SUSE-SR:2008:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module\u0027s hierarchy."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28412"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html"
},
{
"name": "ADV-2007-4057",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4057"
},
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "27853",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27853"
},
{
"name": "20080212 FLEA-2008-0004-1 rsync",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
},
{
"name": "27863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27863"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://rsync.samba.org/security.html#s3_0_0"
},
{
"name": "61005",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61005"
},
{
"name": "28457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28457"
},
{
"name": "MDVSA-2008:011",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31326"
},
{
"name": "26638",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26638"
},
{
"name": "1019012",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019012"
},
{
"name": "SUSE-SR:2008:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module\u0027s hierarchy."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28412",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28412"
},
{
"name": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html",
"refsource": "CONFIRM",
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html"
},
{
"name": "ADV-2007-4057",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4057"
},
{
"name": "APPLE-SA-2008-07-31",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "ADV-2008-2268",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "27853",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27853"
},
{
"name": "20080212 FLEA-2008-0004-1 rsync",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
},
{
"name": "27863",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27863"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
},
{
"name": "http://rsync.samba.org/security.html#s3_0_0",
"refsource": "CONFIRM",
"url": "http://rsync.samba.org/security.html#s3_0_0"
},
{
"name": "61005",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61005"
},
{
"name": "28457",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28457"
},
{
"name": "MDVSA-2008:011",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
},
{
"name": "31326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31326"
},
{
"name": "26638",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26638"
},
{
"name": "1019012",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019012"
},
{
"name": "SUSE-SR:2008:001",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6199",
"datePublished": "2007-12-01T01:00:00",
"dateReserved": "2007-11-30T00:00:00",
"dateUpdated": "2024-08-07T15:54:27.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2051 (GCVE-0-2008-2051)
Vulnerability from cvelistv5
Published
2008-05-05 17:00
Modified
2024-08-07 08:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to "incomplete multibyte chars."
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:49:57.022Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-1412",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1412"
},
{
"name": "20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/492535/100/0/threaded"
},
{
"name": "30288",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30288"
},
{
"name": "FEDORA-2008-3606",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00779.html"
},
{
"name": "32746",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32746"
},
{
"name": "30083",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30083"
},
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "GLSA-200811-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200811-05.xml"
},
{
"name": "RHSA-2008:0546",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0546.html"
},
{
"name": "FEDORA-2008-3864",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html"
},
{
"name": "oval:org.mitre.oval:def:10256",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10256"
},
{
"name": "29009",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29009"
},
{
"name": "30828",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30828"
},
{
"name": "MDVSA-2008:128",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:128"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "DSA-1572",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1572"
},
{
"name": "RHSA-2008:0582",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0582.html"
},
{
"name": "30345",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30345"
},
{
"name": "USN-628-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-628-1"
},
{
"name": "RHSA-2008:0545",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0545.html"
},
{
"name": "31124",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31124"
},
{
"name": "30967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30967"
},
{
"name": "31119",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31119"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176"
},
{
"name": "[oss-security] 20080502 CVE Request (PHP)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/05/02/2"
},
{
"name": "20080527 rPSA-2008-0178-1 php php-mysql php-pgsql",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/492671/100/0/threaded"
},
{
"name": "30411",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30411"
},
{
"name": "30158",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30158"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "31200",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31200"
},
{
"name": "SSA:2008-128-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.488951"
},
{
"name": "30757",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30757"
},
{
"name": "RHSA-2008:0544",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0544.html"
},
{
"name": "DSA-1578",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1578"
},
{
"name": "SUSE-SR:2008:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178"
},
{
"name": "MDVSA-2008:125",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:125"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31326"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-2503"
},
{
"name": "RHSA-2008:0505",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0505.html"
},
{
"name": "MDVSA-2008:126",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:126"
},
{
"name": "MDVSA-2008:127",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:127"
},
{
"name": "30048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30048"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to \"incomplete multibyte chars.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "ADV-2008-1412",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1412"
},
{
"name": "20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/492535/100/0/threaded"
},
{
"name": "30288",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30288"
},
{
"name": "FEDORA-2008-3606",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00779.html"
},
{
"name": "32746",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32746"
},
{
"name": "30083",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30083"
},
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "GLSA-200811-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200811-05.xml"
},
{
"name": "RHSA-2008:0546",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0546.html"
},
{
"name": "FEDORA-2008-3864",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html"
},
{
"name": "oval:org.mitre.oval:def:10256",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10256"
},
{
"name": "29009",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29009"
},
{
"name": "30828",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30828"
},
{
"name": "MDVSA-2008:128",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:128"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "DSA-1572",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1572"
},
{
"name": "RHSA-2008:0582",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0582.html"
},
{
"name": "30345",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30345"
},
{
"name": "USN-628-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-628-1"
},
{
"name": "RHSA-2008:0545",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0545.html"
},
{
"name": "31124",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31124"
},
{
"name": "30967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30967"
},
{
"name": "31119",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31119"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176"
},
{
"name": "[oss-security] 20080502 CVE Request (PHP)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/05/02/2"
},
{
"name": "20080527 rPSA-2008-0178-1 php php-mysql php-pgsql",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/492671/100/0/threaded"
},
{
"name": "30411",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30411"
},
{
"name": "30158",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30158"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "31200",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31200"
},
{
"name": "SSA:2008-128-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.488951"
},
{
"name": "30757",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30757"
},
{
"name": "RHSA-2008:0544",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0544.html"
},
{
"name": "DSA-1578",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1578"
},
{
"name": "SUSE-SR:2008:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178"
},
{
"name": "MDVSA-2008:125",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:125"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31326"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-2503"
},
{
"name": "RHSA-2008:0505",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0505.html"
},
{
"name": "MDVSA-2008:126",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:126"
},
{
"name": "MDVSA-2008:127",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:127"
},
{
"name": "30048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30048"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-2051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to \"incomplete multibyte chars.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1412",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1412"
},
{
"name": "20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/492535/100/0/threaded"
},
{
"name": "30288",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30288"
},
{
"name": "FEDORA-2008-3606",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00779.html"
},
{
"name": "32746",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32746"
},
{
"name": "30083",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30083"
},
{
"name": "APPLE-SA-2008-07-31",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "GLSA-200811-05",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200811-05.xml"
},
{
"name": "RHSA-2008:0546",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0546.html"
},
{
"name": "FEDORA-2008-3864",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html"
},
{
"name": "oval:org.mitre.oval:def:10256",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10256"
},
{
"name": "29009",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29009"
},
{
"name": "30828",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30828"
},
{
"name": "MDVSA-2008:128",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:128"
},
{
"name": "ADV-2008-2268",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "DSA-1572",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1572"
},
{
"name": "RHSA-2008:0582",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0582.html"
},
{
"name": "30345",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30345"
},
{
"name": "USN-628-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-628-1"
},
{
"name": "RHSA-2008:0545",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0545.html"
},
{
"name": "31124",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31124"
},
{
"name": "30967",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30967"
},
{
"name": "31119",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31119"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176"
},
{
"name": "[oss-security] 20080502 CVE Request (PHP)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/05/02/2"
},
{
"name": "20080527 rPSA-2008-0178-1 php php-mysql php-pgsql",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/492671/100/0/threaded"
},
{
"name": "30411",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30411"
},
{
"name": "30158",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30158"
},
{
"name": "http://www.php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "31200",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31200"
},
{
"name": "SSA:2008-128-01",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.488951"
},
{
"name": "30757",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30757"
},
{
"name": "RHSA-2008:0544",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0544.html"
},
{
"name": "DSA-1578",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1578"
},
{
"name": "SUSE-SR:2008:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178"
},
{
"name": "MDVSA-2008:125",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:125"
},
{
"name": "31326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31326"
},
{
"name": "https://issues.rpath.com/browse/RPL-2503",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2503"
},
{
"name": "RHSA-2008:0505",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0505.html"
},
{
"name": "MDVSA-2008:126",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:126"
},
{
"name": "MDVSA-2008:127",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:127"
},
{
"name": "30048",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30048"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-2051",
"datePublished": "2008-05-05T17:00:00",
"dateReserved": "2008-05-02T00:00:00",
"dateUpdated": "2024-08-07T08:49:57.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2323 (GCVE-0-2008-2323)
Vulnerability from cvelistv5
Published
2008-08-04 01:00
Modified
2024-08-07 08:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in Data Detectors Engine in Apple Mac OS X 10.5.4 allows attackers to cause a denial of service (resource consumption) via crafted textual content in messages.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:58:01.319Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020606",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020606"
},
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31326"
},
{
"name": "30490",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30490"
},
{
"name": "30483",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30483"
},
{
"name": "macosx-datadetectorengine-dos(44130)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44130"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Data Detectors Engine in Apple Mac OS X 10.5.4 allows attackers to cause a denial of service (resource consumption) via crafted textual content in messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1020606",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020606"
},
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31326"
},
{
"name": "30490",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30490"
},
{
"name": "30483",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30483"
},
{
"name": "macosx-datadetectorengine-dos(44130)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44130"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Data Detectors Engine in Apple Mac OS X 10.5.4 allows attackers to cause a denial of service (resource consumption) via crafted textual content in messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020606",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020606"
},
{
"name": "APPLE-SA-2008-07-31",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "ADV-2008-2268",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "31326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31326"
},
{
"name": "30490",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30490"
},
{
"name": "30483",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30483"
},
{
"name": "macosx-datadetectorengine-dos(44130)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44130"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2323",
"datePublished": "2008-08-04T01:00:00",
"dateReserved": "2008-05-18T00:00:00",
"dateUpdated": "2024-08-07T08:58:01.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2320 (GCVE-0-2008-2320)
Vulnerability from cvelistv5
Published
2008-08-04 01:00
Modified
2024-08-07 08:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.4, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long filename to the file management API.
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:58:02.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30487",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30487"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "ADV-2009-1621",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "1020602",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020602"
},
{
"name": "APPLE-SA-2009-06-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "ADV-2009-1522",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name": "APPLE-SA-2009-06-17-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "35379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35379"
},
{
"name": "20080801 n.runs-SA-2008.005 - Apple Inc. - CoreServices Framework\u0026acirc;??s CarbonCore Framework - Arbitrary Code Execution (remote)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495040/100/0/threaded"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31326"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3613"
},
{
"name": "30483",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30483"
},
{
"name": "macosx-carboncore-bo(44126)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44126"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.4, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long filename to the file management API."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30487",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30487"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "ADV-2009-1621",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "1020602",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020602"
},
{
"name": "APPLE-SA-2009-06-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "ADV-2009-1522",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name": "APPLE-SA-2009-06-17-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "35379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35379"
},
{
"name": "20080801 n.runs-SA-2008.005 - Apple Inc. - CoreServices Framework\u0026acirc;??s CarbonCore Framework - Arbitrary Code Execution (remote)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495040/100/0/threaded"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31326"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3613"
},
{
"name": "30483",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30483"
},
{
"name": "macosx-carboncore-bo(44126)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44126"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2320",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.4, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long filename to the file management API."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30487",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30487"
},
{
"name": "http://support.apple.com/kb/HT3639",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "ADV-2009-1621",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "APPLE-SA-2008-07-31",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "1020602",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020602"
},
{
"name": "APPLE-SA-2009-06-08-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name": "ADV-2008-2268",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "ADV-2009-1522",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name": "APPLE-SA-2009-06-17-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "35379",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35379"
},
{
"name": "20080801 n.runs-SA-2008.005 - Apple Inc. - CoreServices Framework\u0026acirc;??s CarbonCore Framework - Arbitrary Code Execution (remote)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495040/100/0/threaded"
},
{
"name": "31326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31326"
},
{
"name": "http://support.apple.com/kb/HT3613",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3613"
},
{
"name": "30483",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30483"
},
{
"name": "macosx-carboncore-bo(44126)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44126"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2320",
"datePublished": "2008-08-04T01:00:00",
"dateReserved": "2008-05-18T00:00:00",
"dateUpdated": "2024-08-07T08:58:02.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2322 (GCVE-0-2008-2322)
Vulnerability from cvelistv5
Published
2008-08-04 01:00
Modified
2024-08-07 08:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11, 10.5.2, and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF file with a long Type 1 font, which triggers a heap-based buffer overflow.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:58:01.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "30489",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30489"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "1020604",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020604"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31326"
},
{
"name": "macosx-coregraphics-pdf-bo(44128)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44128"
},
{
"name": "20080731 Apple Mac OS X CoreGraphics PDF Type1 Font Integer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=730"
},
{
"name": "30483",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30483"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11, 10.5.2, and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF file with a long Type 1 font, which triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "30489",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30489"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "1020604",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020604"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31326"
},
{
"name": "macosx-coregraphics-pdf-bo(44128)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44128"
},
{
"name": "20080731 Apple Mac OS X CoreGraphics PDF Type1 Font Integer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=730"
},
{
"name": "30483",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30483"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2322",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11, 10.5.2, and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF file with a long Type 1 font, which triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2008-07-31",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "30489",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30489"
},
{
"name": "ADV-2008-2268",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "1020604",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020604"
},
{
"name": "31326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31326"
},
{
"name": "macosx-coregraphics-pdf-bo(44128)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44128"
},
{
"name": "20080731 Apple Mac OS X CoreGraphics PDF Type1 Font Integer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=730"
},
{
"name": "30483",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30483"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2322",
"datePublished": "2008-08-04T01:00:00",
"dateReserved": "2008-05-18T00:00:00",
"dateUpdated": "2024-08-07T08:58:01.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1447 (GCVE-0-2008-1447)
Vulnerability from cvelistv5
Published
2008-07-08 23:00
Modified
2024-08-07 08:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:42.012Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020438",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020438"
},
{
"name": "FEDORA-2008-6256",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00402.html"
},
{
"name": "SUSE-SR:2008:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"name": "VU#800113",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/800113"
},
{
"name": "31137",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31137"
},
{
"name": "31430",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31430"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/MIMG-7DWR4J"
},
{
"name": "31169",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31169"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phys.uu.nl/~rombouts/pdnsd.html"
},
{
"name": "1020702",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020702"
},
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "ADV-2008-2052",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2052/references"
},
{
"name": "1020561",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020561"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "HPSBOV03226",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141879471518471\u0026w=2"
},
{
"name": "1020578",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020578"
},
{
"name": "FreeBSD-SA-08:06",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-08:06.bind.asc"
},
{
"name": "oval:org.mitre.oval:def:9627",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9627"
},
{
"name": "1020802",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020802"
},
{
"name": "HPSBMP02404",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=123324863916385\u0026w=2"
},
{
"name": "30131",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30131"
},
{
"name": "[4.2] 013: SECURITY FIX: July 23, 2008",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD",
"x_transferred"
],
"url": "http://www.openbsd.org/errata42.html#013_bind"
},
{
"name": "31236",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31236"
},
{
"name": "APPLE-SA-2008-09-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"name": "1020651",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020651"
},
{
"name": "1020437",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020437"
},
{
"name": "31209",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31209"
},
{
"name": "31012",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31012"
},
{
"name": "31151",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31151"
},
{
"name": "ADV-2008-2050",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2050/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX117991"
},
{
"name": "SSRT101004",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141879471518471\u0026w=2"
},
{
"name": "31237",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31237"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phys.uu.nl/~rombouts/pdnsd/ChangeLog"
},
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "win-dns-client-server-spoofing(43334)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43334"
},
{
"name": "31495",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31495"
},
{
"name": "6130",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6130"
},
{
"name": "20080708 Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809c2168.shtml"
},
{
"name": "1020579",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020579"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nominum.com/asset_upload_file741_2661.pdf"
},
{
"name": "1020653",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020653"
},
{
"name": "30998",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30998"
},
{
"name": "DSA-1603",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1603"
},
{
"name": "ADV-2008-2525",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2525"
},
{
"name": "SUSE-SA:2008:033",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00003.html"
},
{
"name": "31094",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31094"
},
{
"name": "IZ26668",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ26668"
},
{
"name": "31687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31687"
},
{
"name": "ADV-2008-2025",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2025/references"
},
{
"name": "239392",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239392-1"
},
{
"name": "TA08-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "31588",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31588"
},
{
"name": "31019",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31019"
},
{
"name": "ADV-2008-2029",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2029/references"
},
{
"name": "SSRT080058",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121630706004256\u0026w=2"
},
{
"name": "6123",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6123"
},
{
"name": "IZ26671",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ26671"
},
{
"name": "FEDORA-2008-6281",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00458.html"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "ADV-2009-0297",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0297"
},
{
"name": "HPSBUX02351",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121630706004256\u0026w=2"
},
{
"name": "31207",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31207"
},
{
"name": "31031",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31031"
},
{
"name": "ADV-2008-2584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "31451",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31451"
},
{
"name": "ADV-2008-2051",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2051/references"
},
{
"name": "30977",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30977"
},
{
"name": "RHSA-2008:0789",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0789.html"
},
{
"name": "ADV-2008-2377",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2377"
},
{
"name": "HPSBNS02405",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01662368"
},
{
"name": "1020558",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020558"
},
{
"name": "31221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31221"
},
{
"name": "RHSA-2008:0533",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2008-0533.html"
},
{
"name": "[4.3] 004: SECURITY FIX: July 23, 2008",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD",
"x_transferred"
],
"url": "http://www.openbsd.org/errata43.html#004_bind"
},
{
"name": "1020804",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020804"
},
{
"name": "31143",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31143"
},
{
"name": "20080808 New paper: An Illustrated Guide to the Kaminsky DNS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495289/100/0/threaded"
},
{
"name": "ADV-2008-2195",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2195/references"
},
{
"name": "ADV-2008-2196",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2196/references"
},
{
"name": "33714",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33714"
},
{
"name": "HPSBTU02358",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121866517322103\u0026w=2"
},
{
"name": "33786",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33786"
},
{
"name": "1020448",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020448"
},
{
"name": "31882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31882"
},
{
"name": "ADV-2008-2384",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2384"
},
{
"name": "IZ26669",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ26669"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://up2date.astaro.com/2008/08/up2date_7202_released.html"
},
{
"name": "ADV-2008-2123",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2123/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3026"
},
{
"name": "31014",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31014"
},
{
"name": "30979",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30979"
},
{
"name": "1020575",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020575"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/"
},
{
"name": "ADV-2008-2482",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2482"
},
{
"name": "IZ26672",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ26672"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3129"
},
{
"name": "DSA-1619",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1619"
},
{
"name": "ADV-2008-2166",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2166/references"
},
{
"name": "31072",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31072"
},
{
"name": "ADV-2008-2139",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2139/references"
},
{
"name": "oval:org.mitre.oval:def:5761",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5761"
},
{
"name": "ADV-2008-2092",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2092/references"
},
{
"name": "31482",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31482"
},
{
"name": "IZ26670",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ26670"
},
{
"name": "MDVSA-2008:139",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:139"
},
{
"name": "oval:org.mitre.oval:def:5917",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5917"
},
{
"name": "30989",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30989"
},
{
"name": "ADV-2008-2055",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2055/references"
},
{
"name": "SSRT071449",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01662368"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=762152"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ipcop.org/index.php?name=News\u0026file=article\u0026sid=40"
},
{
"name": "31065",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31065"
},
{
"name": "31254",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31254"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.doxpara.com/?p=1176"
},
{
"name": "NetBSD-SA2008-009",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-009.txt.asc"
},
{
"name": "USN-627-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-627-1"
},
{
"name": "ADV-2010-0622",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0622"
},
{
"name": "1020576",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020576"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.isc.org/index.pl?/sw/bind/bind-security.php"
},
{
"name": "HPSBOV02357",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01523520"
},
{
"name": "31153",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31153"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0231"
},
{
"name": "ADV-2008-2549",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2549"
},
{
"name": "IZ26667",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ26667"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/VU800113.html"
},
{
"name": "31213",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31213"
},
{
"name": "31030",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31030"
},
{
"name": "USN-622-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-622-1"
},
{
"name": "31033",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31033"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html"
},
{
"name": "1020440",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020440"
},
{
"name": "APPLE-SA-2008-09-12",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.doxpara.com/DMK_BO2K8.ppt"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"name": "DSA-1604",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1604"
},
{
"name": "31823",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31823"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31326"
},
{
"name": "ADV-2008-2558",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2558"
},
{
"name": "6122",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6122"
},
{
"name": "oval:org.mitre.oval:def:5725",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5725"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.caughq.org/exploits/CAU-EX-2008-0003.txt"
},
{
"name": "cisco-multiple-dns-cache-poisoning(43637)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43637"
},
{
"name": "ADV-2008-2383",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2383"
},
{
"name": "1020560",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020560"
},
{
"name": "31900",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31900"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/MIMG-7ECL8Q"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX118183"
},
{
"name": "30925",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30925"
},
{
"name": "ADV-2009-0311",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0311"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018"
},
{
"name": "DSA-1623",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1623"
},
{
"name": "ADV-2008-2582",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2582"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.caughq.org/exploits/CAU-EX-2008-0002.txt"
},
{
"name": "DSA-1605",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1605"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7000912"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.bluecoat.com/support/security-advisories/dns_cache_poisoning"
},
{
"name": "ADV-2008-2342",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2342"
},
{
"name": "ADV-2008-2114",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2114/references"
},
{
"name": "30973",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30973"
},
{
"name": "31204",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31204"
},
{
"name": "31354",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31354"
},
{
"name": "GLSA-200812-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200812-17.xml"
},
{
"name": "oval:org.mitre.oval:def:12117",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12117"
},
{
"name": "33178",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33178"
},
{
"name": "30988",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30988"
},
{
"name": "APPLE-SA-2008-09-09",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html"
},
{
"name": "31011",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31011"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.invisibledenizen.org/2008/07/kaminskys-dns-issue-accidentally-leaked.html"
},
{
"name": "ADV-2008-2334",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2334"
},
{
"name": "1020577",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020577"
},
{
"name": "31422",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31422"
},
{
"name": "31197",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31197"
},
{
"name": "1020548",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020548"
},
{
"name": "ADV-2008-2467",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2467"
},
{
"name": "240048",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-240048-1"
},
{
"name": "TA08-190B",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190B.html"
},
{
"name": "TA08-190A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"name": "GLSA-200807-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200807-08.xml"
},
{
"name": "31022",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31022"
},
{
"name": "SSA:2008-191",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.539239"
},
{
"name": "1020449",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020449"
},
{
"name": "31093",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31093"
},
{
"name": "31052",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31052"
},
{
"name": "30980",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30980"
},
{
"name": "SSA:2008-205-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.452680"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401"
},
{
"name": "31199",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31199"
},
{
"name": "ADV-2008-2030",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2030/references"
},
{
"name": "ADV-2008-2291",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2291"
},
{
"name": "ADV-2008-2023",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2023/references"
},
{
"name": "SSRT090014",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=123324863916385\u0026w=2"
},
{
"name": "ADV-2008-2466",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
},
{
"name": "MS08-037",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-037"
},
{
"name": "31212",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31212"
},
{
"name": "ADV-2008-2113",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2113/references"
},
{
"name": "31152",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31152"
},
{
"name": "ADV-2008-2019",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2019/references"
},
{
"name": "ADV-2008-2197",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2197/references"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka \"DNS Insufficient Socket Entropy Vulnerability\" or \"the Kaminsky bug.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1020438",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020438"
},
{
"name": "FEDORA-2008-6256",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00402.html"
},
{
"name": "SUSE-SR:2008:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"name": "VU#800113",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/800113"
},
{
"name": "31137",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31137"
},
{
"name": "31430",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31430"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kb.cert.org/vuls/id/MIMG-7DWR4J"
},
{
"name": "31169",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31169"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phys.uu.nl/~rombouts/pdnsd.html"
},
{
"name": "1020702",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020702"
},
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "ADV-2008-2052",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2052/references"
},
{
"name": "1020561",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020561"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "HPSBOV03226",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141879471518471\u0026w=2"
},
{
"name": "1020578",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020578"
},
{
"name": "FreeBSD-SA-08:06",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-08:06.bind.asc"
},
{
"name": "oval:org.mitre.oval:def:9627",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9627"
},
{
"name": "1020802",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020802"
},
{
"name": "HPSBMP02404",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=123324863916385\u0026w=2"
},
{
"name": "30131",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30131"
},
{
"name": "[4.2] 013: SECURITY FIX: July 23, 2008",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD"
],
"url": "http://www.openbsd.org/errata42.html#013_bind"
},
{
"name": "31236",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31236"
},
{
"name": "APPLE-SA-2008-09-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"name": "1020651",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020651"
},
{
"name": "1020437",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020437"
},
{
"name": "31209",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31209"
},
{
"name": "31012",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31012"
},
{
"name": "31151",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31151"
},
{
"name": "ADV-2008-2050",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2050/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX117991"
},
{
"name": "SSRT101004",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141879471518471\u0026w=2"
},
{
"name": "31237",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31237"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phys.uu.nl/~rombouts/pdnsd/ChangeLog"
},
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "win-dns-client-server-spoofing(43334)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43334"
},
{
"name": "31495",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31495"
},
{
"name": "6130",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6130"
},
{
"name": "20080708 Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809c2168.shtml"
},
{
"name": "1020579",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020579"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nominum.com/asset_upload_file741_2661.pdf"
},
{
"name": "1020653",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020653"
},
{
"name": "30998",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30998"
},
{
"name": "DSA-1603",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1603"
},
{
"name": "ADV-2008-2525",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2525"
},
{
"name": "SUSE-SA:2008:033",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00003.html"
},
{
"name": "31094",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31094"
},
{
"name": "IZ26668",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ26668"
},
{
"name": "31687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31687"
},
{
"name": "ADV-2008-2025",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2025/references"
},
{
"name": "239392",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239392-1"
},
{
"name": "TA08-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "31588",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31588"
},
{
"name": "31019",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31019"
},
{
"name": "ADV-2008-2029",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2029/references"
},
{
"name": "SSRT080058",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121630706004256\u0026w=2"
},
{
"name": "6123",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6123"
},
{
"name": "IZ26671",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ26671"
},
{
"name": "FEDORA-2008-6281",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00458.html"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "ADV-2009-0297",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0297"
},
{
"name": "HPSBUX02351",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121630706004256\u0026w=2"
},
{
"name": "31207",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31207"
},
{
"name": "31031",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31031"
},
{
"name": "ADV-2008-2584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "31451",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31451"
},
{
"name": "ADV-2008-2051",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2051/references"
},
{
"name": "30977",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30977"
},
{
"name": "RHSA-2008:0789",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0789.html"
},
{
"name": "ADV-2008-2377",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2377"
},
{
"name": "HPSBNS02405",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01662368"
},
{
"name": "1020558",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020558"
},
{
"name": "31221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31221"
},
{
"name": "RHSA-2008:0533",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2008-0533.html"
},
{
"name": "[4.3] 004: SECURITY FIX: July 23, 2008",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD"
],
"url": "http://www.openbsd.org/errata43.html#004_bind"
},
{
"name": "1020804",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020804"
},
{
"name": "31143",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31143"
},
{
"name": "20080808 New paper: An Illustrated Guide to the Kaminsky DNS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495289/100/0/threaded"
},
{
"name": "ADV-2008-2195",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2195/references"
},
{
"name": "ADV-2008-2196",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2196/references"
},
{
"name": "33714",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33714"
},
{
"name": "HPSBTU02358",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121866517322103\u0026w=2"
},
{
"name": "33786",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33786"
},
{
"name": "1020448",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020448"
},
{
"name": "31882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31882"
},
{
"name": "ADV-2008-2384",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2384"
},
{
"name": "IZ26669",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ26669"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://up2date.astaro.com/2008/08/up2date_7202_released.html"
},
{
"name": "ADV-2008-2123",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2123/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3026"
},
{
"name": "31014",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31014"
},
{
"name": "30979",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30979"
},
{
"name": "1020575",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020575"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/"
},
{
"name": "ADV-2008-2482",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2482"
},
{
"name": "IZ26672",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ26672"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3129"
},
{
"name": "DSA-1619",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1619"
},
{
"name": "ADV-2008-2166",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2166/references"
},
{
"name": "31072",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31072"
},
{
"name": "ADV-2008-2139",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2139/references"
},
{
"name": "oval:org.mitre.oval:def:5761",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5761"
},
{
"name": "ADV-2008-2092",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2092/references"
},
{
"name": "31482",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31482"
},
{
"name": "IZ26670",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ26670"
},
{
"name": "MDVSA-2008:139",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:139"
},
{
"name": "oval:org.mitre.oval:def:5917",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5917"
},
{
"name": "30989",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30989"
},
{
"name": "ADV-2008-2055",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2055/references"
},
{
"name": "SSRT071449",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01662368"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=762152"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ipcop.org/index.php?name=News\u0026file=article\u0026sid=40"
},
{
"name": "31065",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31065"
},
{
"name": "31254",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31254"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.doxpara.com/?p=1176"
},
{
"name": "NetBSD-SA2008-009",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-009.txt.asc"
},
{
"name": "USN-627-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-627-1"
},
{
"name": "ADV-2010-0622",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0622"
},
{
"name": "1020576",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020576"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.isc.org/index.pl?/sw/bind/bind-security.php"
},
{
"name": "HPSBOV02357",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01523520"
},
{
"name": "31153",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31153"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0231"
},
{
"name": "ADV-2008-2549",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2549"
},
{
"name": "IZ26667",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ26667"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/VU800113.html"
},
{
"name": "31213",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31213"
},
{
"name": "31030",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31030"
},
{
"name": "USN-622-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-622-1"
},
{
"name": "31033",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31033"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html"
},
{
"name": "1020440",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020440"
},
{
"name": "APPLE-SA-2008-09-12",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.doxpara.com/DMK_BO2K8.ppt"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"name": "DSA-1604",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1604"
},
{
"name": "31823",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31823"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31326"
},
{
"name": "ADV-2008-2558",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2558"
},
{
"name": "6122",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6122"
},
{
"name": "oval:org.mitre.oval:def:5725",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5725"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.caughq.org/exploits/CAU-EX-2008-0003.txt"
},
{
"name": "cisco-multiple-dns-cache-poisoning(43637)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43637"
},
{
"name": "ADV-2008-2383",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2383"
},
{
"name": "1020560",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020560"
},
{
"name": "31900",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31900"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kb.cert.org/vuls/id/MIMG-7ECL8Q"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX118183"
},
{
"name": "30925",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30925"
},
{
"name": "ADV-2009-0311",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0311"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018"
},
{
"name": "DSA-1623",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1623"
},
{
"name": "ADV-2008-2582",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2582"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.caughq.org/exploits/CAU-EX-2008-0002.txt"
},
{
"name": "DSA-1605",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1605"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7000912"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.bluecoat.com/support/security-advisories/dns_cache_poisoning"
},
{
"name": "ADV-2008-2342",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2342"
},
{
"name": "ADV-2008-2114",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2114/references"
},
{
"name": "30973",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30973"
},
{
"name": "31204",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31204"
},
{
"name": "31354",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31354"
},
{
"name": "GLSA-200812-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200812-17.xml"
},
{
"name": "oval:org.mitre.oval:def:12117",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12117"
},
{
"name": "33178",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33178"
},
{
"name": "30988",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30988"
},
{
"name": "APPLE-SA-2008-09-09",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html"
},
{
"name": "31011",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31011"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.invisibledenizen.org/2008/07/kaminskys-dns-issue-accidentally-leaked.html"
},
{
"name": "ADV-2008-2334",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2334"
},
{
"name": "1020577",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020577"
},
{
"name": "31422",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31422"
},
{
"name": "31197",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31197"
},
{
"name": "1020548",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020548"
},
{
"name": "ADV-2008-2467",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2467"
},
{
"name": "240048",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-240048-1"
},
{
"name": "TA08-190B",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190B.html"
},
{
"name": "TA08-190A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"name": "GLSA-200807-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200807-08.xml"
},
{
"name": "31022",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31022"
},
{
"name": "SSA:2008-191",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.539239"
},
{
"name": "1020449",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020449"
},
{
"name": "31093",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31093"
},
{
"name": "31052",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31052"
},
{
"name": "30980",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30980"
},
{
"name": "SSA:2008-205-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.452680"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401"
},
{
"name": "31199",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31199"
},
{
"name": "ADV-2008-2030",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2030/references"
},
{
"name": "ADV-2008-2291",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2291"
},
{
"name": "ADV-2008-2023",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2023/references"
},
{
"name": "SSRT090014",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=123324863916385\u0026w=2"
},
{
"name": "ADV-2008-2466",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
},
{
"name": "MS08-037",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-037"
},
{
"name": "31212",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31212"
},
{
"name": "ADV-2008-2113",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2113/references"
},
{
"name": "31152",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31152"
},
{
"name": "ADV-2008-2019",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2019/references"
},
{
"name": "ADV-2008-2197",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2197/references"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-1447",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka \"DNS Insufficient Socket Entropy Vulnerability\" or \"the Kaminsky bug.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020438",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020438"
},
{
"name": "FEDORA-2008-6256",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00402.html"
},
{
"name": "SUSE-SR:2008:017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"name": "VU#800113",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/800113"
},
{
"name": "31137",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31137"
},
{
"name": "31430",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31430"
},
{
"name": "http://www.kb.cert.org/vuls/id/MIMG-7DWR4J",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/MIMG-7DWR4J"
},
{
"name": "31169",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31169"
},
{
"name": "http://www.phys.uu.nl/~rombouts/pdnsd.html",
"refsource": "CONFIRM",
"url": "http://www.phys.uu.nl/~rombouts/pdnsd.html"
},
{
"name": "1020702",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020702"
},
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "ADV-2008-2052",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2052/references"
},
{
"name": "1020561",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020561"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "HPSBOV03226",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=141879471518471\u0026w=2"
},
{
"name": "1020578",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020578"
},
{
"name": "FreeBSD-SA-08:06",
"refsource": "FREEBSD",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-08:06.bind.asc"
},
{
"name": "oval:org.mitre.oval:def:9627",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9627"
},
{
"name": "1020802",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020802"
},
{
"name": "HPSBMP02404",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=123324863916385\u0026w=2"
},
{
"name": "30131",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30131"
},
{
"name": "[4.2] 013: SECURITY FIX: July 23, 2008",
"refsource": "OPENBSD",
"url": "http://www.openbsd.org/errata42.html#013_bind"
},
{
"name": "31236",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31236"
},
{
"name": "APPLE-SA-2008-09-15",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"name": "1020651",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020651"
},
{
"name": "1020437",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020437"
},
{
"name": "31209",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31209"
},
{
"name": "31012",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31012"
},
{
"name": "31151",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31151"
},
{
"name": "ADV-2008-2050",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2050/references"
},
{
"name": "http://support.citrix.com/article/CTX117991",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX117991"
},
{
"name": "SSRT101004",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=141879471518471\u0026w=2"
},
{
"name": "31237",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31237"
},
{
"name": "http://www.phys.uu.nl/~rombouts/pdnsd/ChangeLog",
"refsource": "CONFIRM",
"url": "http://www.phys.uu.nl/~rombouts/pdnsd/ChangeLog"
},
{
"name": "APPLE-SA-2008-07-31",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "win-dns-client-server-spoofing(43334)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43334"
},
{
"name": "31495",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31495"
},
{
"name": "6130",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6130"
},
{
"name": "20080708 Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809c2168.shtml"
},
{
"name": "1020579",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020579"
},
{
"name": "http://www.nominum.com/asset_upload_file741_2661.pdf",
"refsource": "MISC",
"url": "http://www.nominum.com/asset_upload_file741_2661.pdf"
},
{
"name": "1020653",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020653"
},
{
"name": "30998",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30998"
},
{
"name": "DSA-1603",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1603"
},
{
"name": "ADV-2008-2525",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2525"
},
{
"name": "SUSE-SA:2008:033",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00003.html"
},
{
"name": "31094",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31094"
},
{
"name": "IZ26668",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ26668"
},
{
"name": "31687",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31687"
},
{
"name": "ADV-2008-2025",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2025/references"
},
{
"name": "239392",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239392-1"
},
{
"name": "TA08-260A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "31588",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31588"
},
{
"name": "31019",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31019"
},
{
"name": "ADV-2008-2029",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2029/references"
},
{
"name": "SSRT080058",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=121630706004256\u0026w=2"
},
{
"name": "6123",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6123"
},
{
"name": "IZ26671",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ26671"
},
{
"name": "FEDORA-2008-6281",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00458.html"
},
{
"name": "ADV-2008-2268",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "ADV-2009-0297",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0297"
},
{
"name": "HPSBUX02351",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=121630706004256\u0026w=2"
},
{
"name": "31207",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31207"
},
{
"name": "31031",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31031"
},
{
"name": "ADV-2008-2584",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "31451",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31451"
},
{
"name": "ADV-2008-2051",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2051/references"
},
{
"name": "30977",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30977"
},
{
"name": "RHSA-2008:0789",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0789.html"
},
{
"name": "ADV-2008-2377",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2377"
},
{
"name": "HPSBNS02405",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01662368"
},
{
"name": "1020558",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020558"
},
{
"name": "31221",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31221"
},
{
"name": "RHSA-2008:0533",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2008-0533.html"
},
{
"name": "[4.3] 004: SECURITY FIX: July 23, 2008",
"refsource": "OPENBSD",
"url": "http://www.openbsd.org/errata43.html#004_bind"
},
{
"name": "1020804",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020804"
},
{
"name": "31143",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31143"
},
{
"name": "20080808 New paper: An Illustrated Guide to the Kaminsky DNS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495289/100/0/threaded"
},
{
"name": "ADV-2008-2195",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2195/references"
},
{
"name": "ADV-2008-2196",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2196/references"
},
{
"name": "33714",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33714"
},
{
"name": "HPSBTU02358",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=121866517322103\u0026w=2"
},
{
"name": "33786",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33786"
},
{
"name": "1020448",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020448"
},
{
"name": "31882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31882"
},
{
"name": "ADV-2008-2384",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2384"
},
{
"name": "IZ26669",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ26669"
},
{
"name": "http://up2date.astaro.com/2008/08/up2date_7202_released.html",
"refsource": "CONFIRM",
"url": "http://up2date.astaro.com/2008/08/up2date_7202_released.html"
},
{
"name": "ADV-2008-2123",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2123/references"
},
{
"name": "http://support.apple.com/kb/HT3026",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3026"
},
{
"name": "31014",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31014"
},
{
"name": "30979",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30979"
},
{
"name": "1020575",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020575"
},
{
"name": "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/",
"refsource": "CONFIRM",
"url": "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/"
},
{
"name": "ADV-2008-2482",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2482"
},
{
"name": "IZ26672",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ26672"
},
{
"name": "http://support.apple.com/kb/HT3129",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3129"
},
{
"name": "DSA-1619",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1619"
},
{
"name": "ADV-2008-2166",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2166/references"
},
{
"name": "31072",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31072"
},
{
"name": "ADV-2008-2139",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2139/references"
},
{
"name": "oval:org.mitre.oval:def:5761",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5761"
},
{
"name": "ADV-2008-2092",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2092/references"
},
{
"name": "31482",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31482"
},
{
"name": "IZ26670",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ26670"
},
{
"name": "MDVSA-2008:139",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:139"
},
{
"name": "oval:org.mitre.oval:def:5917",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5917"
},
{
"name": "30989",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30989"
},
{
"name": "ADV-2008-2055",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2055/references"
},
{
"name": "SSRT071449",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01662368"
},
{
"name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=762152",
"refsource": "CONFIRM",
"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=762152"
},
{
"name": "http://www.ipcop.org/index.php?name=News\u0026file=article\u0026sid=40",
"refsource": "CONFIRM",
"url": "http://www.ipcop.org/index.php?name=News\u0026file=article\u0026sid=40"
},
{
"name": "31065",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31065"
},
{
"name": "31254",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31254"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "http://www.doxpara.com/?p=1176",
"refsource": "MISC",
"url": "http://www.doxpara.com/?p=1176"
},
{
"name": "NetBSD-SA2008-009",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-009.txt.asc"
},
{
"name": "USN-627-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-627-1"
},
{
"name": "ADV-2010-0622",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0622"
},
{
"name": "1020576",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020576"
},
{
"name": "http://www.isc.org/index.pl?/sw/bind/bind-security.php",
"refsource": "CONFIRM",
"url": "http://www.isc.org/index.pl?/sw/bind/bind-security.php"
},
{
"name": "HPSBOV02357",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01523520"
},
{
"name": "31153",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31153"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0231",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0231"
},
{
"name": "ADV-2008-2549",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2549"
},
{
"name": "IZ26667",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ26667"
},
{
"name": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/VU800113.html",
"refsource": "CONFIRM",
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/VU800113.html"
},
{
"name": "31213",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31213"
},
{
"name": "31030",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31030"
},
{
"name": "USN-622-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-622-1"
},
{
"name": "31033",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31033"
},
{
"name": "http://www.unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html",
"refsource": "MISC",
"url": "http://www.unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html"
},
{
"name": "1020440",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020440"
},
{
"name": "APPLE-SA-2008-09-12",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html"
},
{
"name": "http://www.doxpara.com/DMK_BO2K8.ppt",
"refsource": "MISC",
"url": "http://www.doxpara.com/DMK_BO2K8.ppt"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"name": "DSA-1604",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1604"
},
{
"name": "31823",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31823"
},
{
"name": "31326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31326"
},
{
"name": "ADV-2008-2558",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2558"
},
{
"name": "6122",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6122"
},
{
"name": "oval:org.mitre.oval:def:5725",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5725"
},
{
"name": "http://www.caughq.org/exploits/CAU-EX-2008-0003.txt",
"refsource": "MISC",
"url": "http://www.caughq.org/exploits/CAU-EX-2008-0003.txt"
},
{
"name": "cisco-multiple-dns-cache-poisoning(43637)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43637"
},
{
"name": "ADV-2008-2383",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2383"
},
{
"name": "1020560",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020560"
},
{
"name": "31900",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31900"
},
{
"name": "http://www.kb.cert.org/vuls/id/MIMG-7ECL8Q",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/MIMG-7ECL8Q"
},
{
"name": "http://support.citrix.com/article/CTX118183",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX118183"
},
{
"name": "30925",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30925"
},
{
"name": "ADV-2009-0311",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0311"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018"
},
{
"name": "DSA-1623",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1623"
},
{
"name": "ADV-2008-2582",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2582"
},
{
"name": "http://www.caughq.org/exploits/CAU-EX-2008-0002.txt",
"refsource": "MISC",
"url": "http://www.caughq.org/exploits/CAU-EX-2008-0002.txt"
},
{
"name": "DSA-1605",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1605"
},
{
"name": "http://www.novell.com/support/viewContent.do?externalId=7000912",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7000912"
},
{
"name": "http://www.bluecoat.com/support/security-advisories/dns_cache_poisoning",
"refsource": "CONFIRM",
"url": "http://www.bluecoat.com/support/security-advisories/dns_cache_poisoning"
},
{
"name": "ADV-2008-2342",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2342"
},
{
"name": "ADV-2008-2114",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2114/references"
},
{
"name": "30973",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30973"
},
{
"name": "31204",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31204"
},
{
"name": "31354",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31354"
},
{
"name": "GLSA-200812-17",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200812-17.xml"
},
{
"name": "oval:org.mitre.oval:def:12117",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12117"
},
{
"name": "33178",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33178"
},
{
"name": "30988",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30988"
},
{
"name": "APPLE-SA-2008-09-09",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html"
},
{
"name": "31011",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31011"
},
{
"name": "http://blog.invisibledenizen.org/2008/07/kaminskys-dns-issue-accidentally-leaked.html",
"refsource": "MISC",
"url": "http://blog.invisibledenizen.org/2008/07/kaminskys-dns-issue-accidentally-leaked.html"
},
{
"name": "ADV-2008-2334",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2334"
},
{
"name": "1020577",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020577"
},
{
"name": "31422",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31422"
},
{
"name": "31197",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31197"
},
{
"name": "1020548",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020548"
},
{
"name": "ADV-2008-2467",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2467"
},
{
"name": "240048",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-240048-1"
},
{
"name": "TA08-190B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190B.html"
},
{
"name": "TA08-190A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"name": "GLSA-200807-08",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200807-08.xml"
},
{
"name": "31022",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31022"
},
{
"name": "SSA:2008-191",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.539239"
},
{
"name": "1020449",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020449"
},
{
"name": "31093",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31093"
},
{
"name": "31052",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31052"
},
{
"name": "30980",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30980"
},
{
"name": "SSA:2008-205-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.452680"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401"
},
{
"name": "31199",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31199"
},
{
"name": "ADV-2008-2030",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2030/references"
},
{
"name": "ADV-2008-2291",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2291"
},
{
"name": "ADV-2008-2023",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2023/references"
},
{
"name": "SSRT090014",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=123324863916385\u0026w=2"
},
{
"name": "ADV-2008-2466",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2466"
},
{
"name": "MS08-037",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-037"
},
{
"name": "31212",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31212"
},
{
"name": "ADV-2008-2113",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2113/references"
},
{
"name": "31152",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31152"
},
{
"name": "ADV-2008-2019",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2019/references"
},
{
"name": "ADV-2008-2197",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2197/references"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2008-1447",
"datePublished": "2008-07-08T23:00:00",
"dateReserved": "2008-03-21T00:00:00",
"dateUpdated": "2024-08-07T08:24:42.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2952 (GCVE-0-2008-2952)
Vulnerability from cvelistv5
Published
2008-07-01 21:00
Modified
2024-08-07 09:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams that trigger an assertion error.
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:21:34.530Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2008:0583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0583.html"
},
{
"name": "GLSA-200808-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200808-09.xml"
},
{
"name": "31364",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31364"
},
{
"name": "oval:org.mitre.oval:def:10662",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10662"
},
{
"name": "30917",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30917"
},
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "openldap-bergetnext-dos(43515)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43515"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5580%3Bselectid=5580"
},
{
"name": "DSA-1650",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1650"
},
{
"name": "30013",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30013"
},
{
"name": "[oss-security 20080701 Re: [oss-security] openldap DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/01/2"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "20080811 rPSA-2008-0249-1 openldap openldap-clients openldap-servers",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495320/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-2645"
},
{
"name": "30996",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30996"
},
{
"name": "31436",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31436"
},
{
"name": "SUSE-SR:2008:021",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html"
},
{
"name": "MDVSA-2008:144",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:144"
},
{
"name": "[oss-security] 20080713 Re: openldap DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/13/2"
},
{
"name": "USN-634-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-634-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-052/"
},
{
"name": "30853",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30853"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0249"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31326"
},
{
"name": "FEDORA-2008-6062",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00129.html"
},
{
"name": "32254",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32254"
},
{
"name": "1020405",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020405"
},
{
"name": "ADV-2008-1978",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1978/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5580"
},
{
"name": "FEDORA-2008-6029",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00109.html"
},
{
"name": "32316",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32316"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams that trigger an assertion error."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2008:0583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0583.html"
},
{
"name": "GLSA-200808-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200808-09.xml"
},
{
"name": "31364",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31364"
},
{
"name": "oval:org.mitre.oval:def:10662",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10662"
},
{
"name": "30917",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30917"
},
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "openldap-bergetnext-dos(43515)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43515"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5580%3Bselectid=5580"
},
{
"name": "DSA-1650",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1650"
},
{
"name": "30013",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30013"
},
{
"name": "[oss-security 20080701 Re: [oss-security] openldap DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/01/2"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "20080811 rPSA-2008-0249-1 openldap openldap-clients openldap-servers",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495320/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-2645"
},
{
"name": "30996",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30996"
},
{
"name": "31436",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31436"
},
{
"name": "SUSE-SR:2008:021",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html"
},
{
"name": "MDVSA-2008:144",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:144"
},
{
"name": "[oss-security] 20080713 Re: openldap DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/13/2"
},
{
"name": "USN-634-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-634-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-052/"
},
{
"name": "30853",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30853"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0249"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31326"
},
{
"name": "FEDORA-2008-6062",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00129.html"
},
{
"name": "32254",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32254"
},
{
"name": "1020405",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020405"
},
{
"name": "ADV-2008-1978",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1978/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5580"
},
{
"name": "FEDORA-2008-6029",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00109.html"
},
{
"name": "32316",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32316"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2952",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams that trigger an assertion error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2008:0583",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0583.html"
},
{
"name": "GLSA-200808-09",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200808-09.xml"
},
{
"name": "31364",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31364"
},
{
"name": "oval:org.mitre.oval:def:10662",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10662"
},
{
"name": "30917",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30917"
},
{
"name": "APPLE-SA-2008-07-31",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "openldap-bergetnext-dos(43515)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43515"
},
{
"name": "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5580;selectid=5580",
"refsource": "CONFIRM",
"url": "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5580;selectid=5580"
},
{
"name": "DSA-1650",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1650"
},
{
"name": "30013",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30013"
},
{
"name": "[oss-security 20080701 Re: [oss-security] openldap DoS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/07/01/2"
},
{
"name": "ADV-2008-2268",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "20080811 rPSA-2008-0249-1 openldap openldap-clients openldap-servers",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495320/100/0/threaded"
},
{
"name": "https://issues.rpath.com/browse/RPL-2645",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2645"
},
{
"name": "30996",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30996"
},
{
"name": "31436",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31436"
},
{
"name": "SUSE-SR:2008:021",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html"
},
{
"name": "MDVSA-2008:144",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:144"
},
{
"name": "[oss-security] 20080713 Re: openldap DoS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/07/13/2"
},
{
"name": "USN-634-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-634-1"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-052/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-052/"
},
{
"name": "30853",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30853"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2008-0249",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0249"
},
{
"name": "31326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31326"
},
{
"name": "FEDORA-2008-6062",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00129.html"
},
{
"name": "32254",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32254"
},
{
"name": "1020405",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020405"
},
{
"name": "ADV-2008-1978",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1978/references"
},
{
"name": "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5580",
"refsource": "CONFIRM",
"url": "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5580"
},
{
"name": "FEDORA-2008-6029",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00109.html"
},
{
"name": "32316",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32316"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2952",
"datePublished": "2008-07-01T21:00:00",
"dateReserved": "2008-07-01T00:00:00",
"dateUpdated": "2024-08-07T09:21:34.530Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2321 (GCVE-0-2008-2321)
Vulnerability from cvelistv5
Published
2008-08-04 01:00
Modified
2024-08-07 08:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unknown vectors involving "processing of arguments."
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:58:01.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "APPLE-SA-2009-06-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name": "1020603",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020603"
},
{
"name": "APPLE-SA-2008-11-20",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "ADV-2009-1522",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name": "ADV-2008-3232",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3232"
},
{
"name": "30488",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30488"
},
{
"name": "35379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35379"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3318"
},
{
"name": "macosx-coregraphics-code-execution(44127)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44127"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31326"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3613"
},
{
"name": "30483",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30483"
},
{
"name": "32756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32756"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unknown vectors involving \"processing of arguments.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "APPLE-SA-2009-06-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name": "1020603",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020603"
},
{
"name": "APPLE-SA-2008-11-20",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "ADV-2009-1522",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name": "ADV-2008-3232",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3232"
},
{
"name": "30488",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30488"
},
{
"name": "35379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35379"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3318"
},
{
"name": "macosx-coregraphics-code-execution(44127)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44127"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31326"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3613"
},
{
"name": "30483",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30483"
},
{
"name": "32756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32756"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unknown vectors involving \"processing of arguments.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2008-07-31",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "APPLE-SA-2009-06-08-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name": "1020603",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020603"
},
{
"name": "APPLE-SA-2008-11-20",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
},
{
"name": "ADV-2008-2268",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "ADV-2009-1522",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name": "ADV-2008-3232",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3232"
},
{
"name": "30488",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30488"
},
{
"name": "35379",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35379"
},
{
"name": "http://support.apple.com/kb/HT3318",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3318"
},
{
"name": "macosx-coregraphics-code-execution(44127)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44127"
},
{
"name": "31326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31326"
},
{
"name": "http://support.apple.com/kb/HT3613",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3613"
},
{
"name": "30483",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30483"
},
{
"name": "32756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32756"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2321",
"datePublished": "2008-08-04T01:00:00",
"dateReserved": "2008-05-18T00:00:00",
"dateUpdated": "2024-08-07T08:58:01.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4850 (GCVE-0-2007-4850)
Vulnerability from cvelistv5
Published
2008-01-25 00:00
Modified
2024-08-07 15:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563.
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:08:33.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-1412",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1412"
},
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "31681",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31681"
},
{
"name": "29009",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29009"
},
{
"name": "27413",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27413"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "USN-628-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-628-1"
},
{
"name": "20080122 PHP 5.2.5 cURL safe_mode bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/486856/100/0/threaded"
},
{
"name": "20080122 PHP 5.2.5 cURL safe_mode bypass",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES",
"x_transferred"
],
"url": "http://securityreason.com/achievement_securityalert/51"
},
{
"name": "[oss-security] 20080502 CVE Request (PHP)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/05/02/2"
},
{
"name": "20080527 rPSA-2008-0178-1 php php-mysql php-pgsql",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/492671/100/0/threaded"
},
{
"name": "30411",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30411"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "MDVSA-2009:023",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:023"
},
{
"name": "MDVSA-2009:022",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:022"
},
{
"name": "31200",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31200"
},
{
"name": "32222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32222"
},
{
"name": "20080122 PHP 5.2.5 cURL safe_mode bypass",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059849.html"
},
{
"name": "3562",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3562"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31326"
},
{
"name": "ADV-2008-2780",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"name": "php-safemode-directive-security-bypass(42134)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42134"
},
{
"name": "php-curlinit-security-bypass(39852)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39852"
},
{
"name": "APPLE-SA-2008-10-09",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3216"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.php.net/viewcvs.cgi/php-src/NEWS?revision=1.2027.2.547.2.1047\u0026view=markup"
},
{
"name": "30048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30048"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \\x00 sequence, a different vulnerability than CVE-2006-2563."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-1412",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1412"
},
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "31681",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31681"
},
{
"name": "29009",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29009"
},
{
"name": "27413",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27413"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "USN-628-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-628-1"
},
{
"name": "20080122 PHP 5.2.5 cURL safe_mode bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/486856/100/0/threaded"
},
{
"name": "20080122 PHP 5.2.5 cURL safe_mode bypass",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES"
],
"url": "http://securityreason.com/achievement_securityalert/51"
},
{
"name": "[oss-security] 20080502 CVE Request (PHP)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/05/02/2"
},
{
"name": "20080527 rPSA-2008-0178-1 php php-mysql php-pgsql",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/492671/100/0/threaded"
},
{
"name": "30411",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30411"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "MDVSA-2009:023",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:023"
},
{
"name": "MDVSA-2009:022",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:022"
},
{
"name": "31200",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31200"
},
{
"name": "32222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32222"
},
{
"name": "20080122 PHP 5.2.5 cURL safe_mode bypass",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059849.html"
},
{
"name": "3562",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3562"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31326"
},
{
"name": "ADV-2008-2780",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"name": "php-safemode-directive-security-bypass(42134)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42134"
},
{
"name": "php-curlinit-security-bypass(39852)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39852"
},
{
"name": "APPLE-SA-2008-10-09",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3216"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.php.net/viewcvs.cgi/php-src/NEWS?revision=1.2027.2.547.2.1047\u0026view=markup"
},
{
"name": "30048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30048"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4850",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \\x00 sequence, a different vulnerability than CVE-2006-2563."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1412",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1412"
},
{
"name": "APPLE-SA-2008-07-31",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "31681",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31681"
},
{
"name": "29009",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29009"
},
{
"name": "27413",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27413"
},
{
"name": "ADV-2008-2268",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "USN-628-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-628-1"
},
{
"name": "20080122 PHP 5.2.5 cURL safe_mode bypass",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486856/100/0/threaded"
},
{
"name": "20080122 PHP 5.2.5 cURL safe_mode bypass",
"refsource": "SREASONRES",
"url": "http://securityreason.com/achievement_securityalert/51"
},
{
"name": "[oss-security] 20080502 CVE Request (PHP)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/05/02/2"
},
{
"name": "20080527 rPSA-2008-0178-1 php php-mysql php-pgsql",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/492671/100/0/threaded"
},
{
"name": "30411",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30411"
},
{
"name": "http://www.php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "MDVSA-2009:023",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:023"
},
{
"name": "MDVSA-2009:022",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:022"
},
{
"name": "31200",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31200"
},
{
"name": "32222",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32222"
},
{
"name": "20080122 PHP 5.2.5 cURL safe_mode bypass",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059849.html"
},
{
"name": "3562",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3562"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178"
},
{
"name": "31326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31326"
},
{
"name": "ADV-2008-2780",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"name": "php-safemode-directive-security-bypass(42134)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42134"
},
{
"name": "php-curlinit-security-bypass(39852)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39852"
},
{
"name": "APPLE-SA-2008-10-09",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT3216",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3216"
},
{
"name": "http://cvs.php.net/viewcvs.cgi/php-src/NEWS?revision=1.2027.2.547.2.1047\u0026view=markup",
"refsource": "CONFIRM",
"url": "http://cvs.php.net/viewcvs.cgi/php-src/NEWS?revision=1.2027.2.547.2.1047\u0026view=markup"
},
{
"name": "30048",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30048"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4850",
"datePublished": "2008-01-25T00:00:00",
"dateReserved": "2007-09-12T00:00:00",
"dateUpdated": "2024-08-07T15:08:33.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0674 (GCVE-0-2008-0674)
Vulnerability from cvelistv5
Published
2008-02-18 22:00
Modified
2024-08-07 07:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255.
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:54:22.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29267"
},
{
"name": "ADV-2008-1412",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1412"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3757"
},
{
"name": "20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/492535/100/0/threaded"
},
{
"name": "FEDORA-2008-1533",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00371.html"
},
{
"name": "28923",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28923"
},
{
"name": "32746",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32746"
},
{
"name": "29048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29048"
},
{
"name": "GLSA-200803-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200803-24.xml"
},
{
"name": "DSA-1499",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1499"
},
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "GLSA-200811-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200811-05.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=431660"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnome.org/pub/gnome/sources/glib/2.14/glib-2.14.6.news"
},
{
"name": "28957",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28957"
},
{
"name": "31681",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31681"
},
{
"name": "36096",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36096"
},
{
"name": "29009",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29009"
},
{
"name": "29027",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29027"
},
{
"name": "29282",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29282"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "28960",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28960"
},
{
"name": "30345",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30345"
},
{
"name": "20080228 rPSA-2008-0086-1 pcre",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488927/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176"
},
{
"name": "[oss-security] 20080502 CVE Request (PHP)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/05/02/2"
},
{
"name": "28996",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28996"
},
{
"name": "APPLE-SA-2009-08-05-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0086"
},
{
"name": "MDVSA-2008:053",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:053"
},
{
"name": "SUSE-SR:2008:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html"
},
{
"name": "32222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32222"
},
{
"name": "FEDORA-2008-1842",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html"
},
{
"name": "ADV-2008-0592",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0592"
},
{
"name": "pcre-characterclass-bo(40505)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40505"
},
{
"name": "29175",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29175"
},
{
"name": "1022674",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022674"
},
{
"name": "28985",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28985"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31326"
},
{
"name": "27786",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27786"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-2503"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pcre.org/changelog.txt"
},
{
"name": "ADV-2008-2780",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"name": "FEDORA-2008-1783",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00632.html"
},
{
"name": "USN-581-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/581-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-2223"
},
{
"name": "ADV-2008-0570",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0570"
},
{
"name": "APPLE-SA-2008-10-09",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3216"
},
{
"name": "ADV-2009-2172",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2172"
},
{
"name": "TA09-218A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-218A.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0086"
},
{
"name": "30048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30048"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "29267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29267"
},
{
"name": "ADV-2008-1412",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1412"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3757"
},
{
"name": "20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/492535/100/0/threaded"
},
{
"name": "FEDORA-2008-1533",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00371.html"
},
{
"name": "28923",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28923"
},
{
"name": "32746",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32746"
},
{
"name": "29048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29048"
},
{
"name": "GLSA-200803-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200803-24.xml"
},
{
"name": "DSA-1499",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1499"
},
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "GLSA-200811-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200811-05.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=431660"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnome.org/pub/gnome/sources/glib/2.14/glib-2.14.6.news"
},
{
"name": "28957",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28957"
},
{
"name": "31681",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31681"
},
{
"name": "36096",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36096"
},
{
"name": "29009",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29009"
},
{
"name": "29027",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29027"
},
{
"name": "29282",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29282"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "28960",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28960"
},
{
"name": "30345",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30345"
},
{
"name": "20080228 rPSA-2008-0086-1 pcre",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488927/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176"
},
{
"name": "[oss-security] 20080502 CVE Request (PHP)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/05/02/2"
},
{
"name": "28996",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28996"
},
{
"name": "APPLE-SA-2009-08-05-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0086"
},
{
"name": "MDVSA-2008:053",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:053"
},
{
"name": "SUSE-SR:2008:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html"
},
{
"name": "32222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32222"
},
{
"name": "FEDORA-2008-1842",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html"
},
{
"name": "ADV-2008-0592",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0592"
},
{
"name": "pcre-characterclass-bo(40505)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40505"
},
{
"name": "29175",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29175"
},
{
"name": "1022674",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022674"
},
{
"name": "28985",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28985"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31326"
},
{
"name": "27786",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27786"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-2503"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pcre.org/changelog.txt"
},
{
"name": "ADV-2008-2780",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"name": "FEDORA-2008-1783",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00632.html"
},
{
"name": "USN-581-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/581-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-2223"
},
{
"name": "ADV-2008-0570",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0570"
},
{
"name": "APPLE-SA-2008-10-09",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3216"
},
{
"name": "ADV-2009-2172",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2172"
},
{
"name": "TA09-218A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-218A.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0086"
},
{
"name": "30048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30048"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-0674",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29267",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29267"
},
{
"name": "ADV-2008-1412",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1412"
},
{
"name": "http://support.apple.com/kb/HT3757",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3757"
},
{
"name": "20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/492535/100/0/threaded"
},
{
"name": "FEDORA-2008-1533",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00371.html"
},
{
"name": "28923",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28923"
},
{
"name": "32746",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32746"
},
{
"name": "29048",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29048"
},
{
"name": "GLSA-200803-24",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200803-24.xml"
},
{
"name": "DSA-1499",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1499"
},
{
"name": "APPLE-SA-2008-07-31",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "GLSA-200811-05",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200811-05.xml"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=431660",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=431660"
},
{
"name": "http://ftp.gnome.org/pub/gnome/sources/glib/2.14/glib-2.14.6.news",
"refsource": "CONFIRM",
"url": "http://ftp.gnome.org/pub/gnome/sources/glib/2.14/glib-2.14.6.news"
},
{
"name": "28957",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28957"
},
{
"name": "31681",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31681"
},
{
"name": "36096",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36096"
},
{
"name": "29009",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29009"
},
{
"name": "29027",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29027"
},
{
"name": "29282",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29282"
},
{
"name": "ADV-2008-2268",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "28960",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28960"
},
{
"name": "30345",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30345"
},
{
"name": "20080228 rPSA-2008-0086-1 pcre",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488927/100/0/threaded"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176"
},
{
"name": "[oss-security] 20080502 CVE Request (PHP)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/05/02/2"
},
{
"name": "28996",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28996"
},
{
"name": "APPLE-SA-2009-08-05-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html"
},
{
"name": "http://www.php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0086",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0086"
},
{
"name": "MDVSA-2008:053",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:053"
},
{
"name": "SUSE-SR:2008:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html"
},
{
"name": "32222",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32222"
},
{
"name": "FEDORA-2008-1842",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html"
},
{
"name": "ADV-2008-0592",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0592"
},
{
"name": "pcre-characterclass-bo(40505)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40505"
},
{
"name": "29175",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29175"
},
{
"name": "1022674",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022674"
},
{
"name": "28985",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28985"
},
{
"name": "31326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31326"
},
{
"name": "27786",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27786"
},
{
"name": "https://issues.rpath.com/browse/RPL-2503",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2503"
},
{
"name": "http://pcre.org/changelog.txt",
"refsource": "CONFIRM",
"url": "http://pcre.org/changelog.txt"
},
{
"name": "ADV-2008-2780",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"name": "FEDORA-2008-1783",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00632.html"
},
{
"name": "USN-581-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/581-1/"
},
{
"name": "https://issues.rpath.com/browse/RPL-2223",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2223"
},
{
"name": "ADV-2008-0570",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0570"
},
{
"name": "APPLE-SA-2008-10-09",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT3216",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3216"
},
{
"name": "ADV-2009-2172",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2172"
},
{
"name": "TA09-218A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-218A.html"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2008-0086",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0086"
},
{
"name": "30048",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30048"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-0674",
"datePublished": "2008-02-18T22:00:00",
"dateReserved": "2008-02-11T00:00:00",
"dateUpdated": "2024-08-07T07:54:22.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2050 (GCVE-0-2008-2050)
Vulnerability from cvelistv5
Published
2008-05-05 17:00
Modified
2024-08-07 08:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors.
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:49:57.395Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-1412",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1412"
},
{
"name": "20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/492535/100/0/threaded"
},
{
"name": "32746",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32746"
},
{
"name": "30083",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30083"
},
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "GLSA-200811-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200811-05.xml"
},
{
"name": "29009",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29009"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "DSA-1572",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1572"
},
{
"name": "30345",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30345"
},
{
"name": "USN-628-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-628-1"
},
{
"name": "php-fastcgisapi-bo(42133)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42133"
},
{
"name": "30967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30967"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176"
},
{
"name": "[oss-security] 20080502 CVE Request (PHP)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/05/02/2"
},
{
"name": "30158",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30158"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "MDVSA-2009:023",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:023"
},
{
"name": "MDVSA-2009:022",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:022"
},
{
"name": "31200",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31200"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/fastcgi.c?r1=1.44\u0026r2=1.45\u0026diff_format=u"
},
{
"name": "SSA:2008-128-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.488951"
},
{
"name": "SUSE-SR:2008:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31326"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-2503"
},
{
"name": "30048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30048"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "ADV-2008-1412",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1412"
},
{
"name": "20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/492535/100/0/threaded"
},
{
"name": "32746",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32746"
},
{
"name": "30083",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30083"
},
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "GLSA-200811-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200811-05.xml"
},
{
"name": "29009",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29009"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "DSA-1572",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1572"
},
{
"name": "30345",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30345"
},
{
"name": "USN-628-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-628-1"
},
{
"name": "php-fastcgisapi-bo(42133)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42133"
},
{
"name": "30967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30967"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176"
},
{
"name": "[oss-security] 20080502 CVE Request (PHP)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/05/02/2"
},
{
"name": "30158",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30158"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "MDVSA-2009:023",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:023"
},
{
"name": "MDVSA-2009:022",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:022"
},
{
"name": "31200",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31200"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/fastcgi.c?r1=1.44\u0026r2=1.45\u0026diff_format=u"
},
{
"name": "SSA:2008-128-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.488951"
},
{
"name": "SUSE-SR:2008:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31326"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-2503"
},
{
"name": "30048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30048"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-2050",
"datePublished": "2008-05-05T17:00:00",
"dateReserved": "2008-05-02T00:00:00",
"dateUpdated": "2024-08-07T08:49:57.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2325 (GCVE-0-2008-2325)
Vulnerability from cvelistv5
Published
2008-08-04 01:00
Modified
2024-08-07 08:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
QuickLook in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office file, related to insufficient "bounds checking."
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:58:01.819Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "macosx-quicklook-code-execution(44135)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44135"
},
{
"name": "30493",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30493"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31326"
},
{
"name": "1020607",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020607"
},
{
"name": "30483",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30483"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "QuickLook in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office file, related to insufficient \"bounds checking.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "macosx-quicklook-code-execution(44135)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44135"
},
{
"name": "30493",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30493"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31326"
},
{
"name": "1020607",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020607"
},
{
"name": "30483",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30483"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QuickLook in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office file, related to insufficient \"bounds checking.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2008-07-31",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "ADV-2008-2268",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "macosx-quicklook-code-execution(44135)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44135"
},
{
"name": "30493",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30493"
},
{
"name": "31326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31326"
},
{
"name": "1020607",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020607"
},
{
"name": "30483",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30483"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2325",
"datePublished": "2008-08-04T01:00:00",
"dateReserved": "2008-05-18T00:00:00",
"dateUpdated": "2024-08-07T08:58:01.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…