Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2009-AVI-413
Vulnerability from certfr_avis
Deux vulnérabilités découvertes dans HP-UX peuvent être exploitées afin de contourner la politique de sécurité ou pour provoquer un déni de service à distance.
Description
- Une vulnérabilité dans le serveur DNS Bind peut être exploitée par un utilisateur distant malintentionné afin de provoquer un déni de service à distance (CVE-2009-0696) ;
- une vulnérabilité dans le modèle de contrôle d'accès RBAC (Role-Based Access Control) sous HP-UX peut être exploitée afin de contourner la politique de sécurité et permettre à un utilisateur local d'obtenir un accès illégitime (CVE-2009-2692).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Role-Based Access Control sous HP-UX B.11.23 et HP-UX B.11.31.",
"product": {
"name": "N/A",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "DNS Bind Server sous T0685G06\u02c6 AAA, T0685G06\u02c6 AAC, T0685H01\u02c6 AAB et T0685H01\u02c6 AAD ;",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\n- Une vuln\u00e9rabilit\u00e9 dans le serveur DNS Bind peut \u00eatre exploit\u00e9e par\n un utilisateur distant malintentionn\u00e9 afin de provoquer un d\u00e9ni de\n service \u00e0 distance (CVE-2009-0696) ;\n- une vuln\u00e9rabilit\u00e9 dans le mod\u00e8le de contr\u00f4le d\u0027acc\u00e8s RBAC\n (Role-Based Access Control) sous HP-UX peut \u00eatre exploit\u00e9e afin de\n contourner la politique de s\u00e9curit\u00e9 et permettre \u00e0 un utilisateur\n local d\u0027obtenir un acc\u00e8s ill\u00e9gitime (CVE-2009-2692).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2009-2692",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2692"
},
{
"name": "CVE-2009-2682",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2682"
},
{
"name": "CVE-2009-0696",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0696"
}
],
"initial_release_date": "2009-09-30T00:00:00",
"last_revision_date": "2009-09-30T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 HP c01866178 du 21 septembre 2009 :",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01866178"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 HP c01855358 du 21 septembre 2009 :",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01855358"
}
],
"reference": "CERTA-2009-AVI-413",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2009-09-30T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Deux vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans HP-UX peuvent \u00eatre exploit\u00e9es afin\nde contourner la politique de s\u00e9curit\u00e9 ou pour provoquer un d\u00e9ni de\nservice \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans HP-UX",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletins de s\u00e9curit\u00e9 HP-UX du 21 septembre 2009",
"url": null
}
]
}
CVE-2009-2692 (GCVE-0-2009-2692)
Vulnerability from cvelistv5
Published
2009-08-14 15:00
Modified
2024-08-07 05:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:57.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2009:1233",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1233.html"
},
{
"name": "36278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36278"
},
{
"name": "DSA-1865",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1865"
},
{
"name": "RHSA-2009:1223",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-1223.html"
},
{
"name": "20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/512019/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.5"
},
{
"name": "37298",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37298"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0121"
},
{
"name": "36430",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36430"
},
{
"name": "37471",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37471"
},
{
"name": "RHSA-2009:1222",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-1222.html"
},
{
"name": "20090813 Linux NULL pointer dereference due to incorrect proto_ops initializations",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=516949"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-3103"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "19933",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/19933"
},
{
"name": "ADV-2009-2272",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2272"
},
{
"name": "SUSE-SR:2009:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
},
{
"name": "20090813 Linux NULL pointer dereference due to incorrect proto_ops initializations",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/505751/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e694958388c50148389b0e9b9e9e8945cf0f1b98"
},
{
"name": "36289",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36289"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "36327",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36327"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/css/P8/documents/100067254"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://grsecurity.net/~spender/wunderbar_emporium.tgz"
},
{
"name": "oval:org.mitre.oval:def:11591",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11591"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git%3Ba=commit%3Bh=c18d0fe535a73b219f960d1af3d0c264555a12e3"
},
{
"name": "oval:org.mitre.oval:def:11526",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11526"
},
{
"name": "MDVSA-2009:233",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:233"
},
{
"name": "9477",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/9477"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc6"
},
{
"name": "oval:org.mitre.oval:def:8657",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8657"
},
{
"name": "[oss-security] 20090814 CVE-2009-2692 kernel: uninit op in SOCKOPS_WRAP() leads to privesc",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/08/14/1"
},
{
"name": "36038",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36038"
},
{
"name": "20090818 rPSA-2009-0121-1 kernel open-vm-tools",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/505912/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zenthought.org/content/file/android-root-2009-08-16-source"
},
{
"name": "ADV-2009-3316",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2009:1233",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1233.html"
},
{
"name": "36278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36278"
},
{
"name": "DSA-1865",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1865"
},
{
"name": "RHSA-2009:1223",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-1223.html"
},
{
"name": "20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/512019/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.5"
},
{
"name": "37298",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37298"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0121"
},
{
"name": "36430",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36430"
},
{
"name": "37471",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37471"
},
{
"name": "RHSA-2009:1222",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-1222.html"
},
{
"name": "20090813 Linux NULL pointer dereference due to incorrect proto_ops initializations",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=516949"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-3103"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "19933",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/19933"
},
{
"name": "ADV-2009-2272",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2272"
},
{
"name": "SUSE-SR:2009:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
},
{
"name": "20090813 Linux NULL pointer dereference due to incorrect proto_ops initializations",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/505751/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e694958388c50148389b0e9b9e9e8945cf0f1b98"
},
{
"name": "36289",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36289"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "36327",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36327"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/css/P8/documents/100067254"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://grsecurity.net/~spender/wunderbar_emporium.tgz"
},
{
"name": "oval:org.mitre.oval:def:11591",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11591"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git%3Ba=commit%3Bh=c18d0fe535a73b219f960d1af3d0c264555a12e3"
},
{
"name": "oval:org.mitre.oval:def:11526",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11526"
},
{
"name": "MDVSA-2009:233",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:233"
},
{
"name": "9477",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/9477"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc6"
},
{
"name": "oval:org.mitre.oval:def:8657",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8657"
},
{
"name": "[oss-security] 20090814 CVE-2009-2692 kernel: uninit op in SOCKOPS_WRAP() leads to privesc",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/08/14/1"
},
{
"name": "36038",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36038"
},
{
"name": "20090818 rPSA-2009-0121-1 kernel open-vm-tools",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/505912/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zenthought.org/content/file/android-root-2009-08-16-source"
},
{
"name": "ADV-2009-3316",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2692",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2009:1233",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1233.html"
},
{
"name": "36278",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36278"
},
{
"name": "DSA-1865",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1865"
},
{
"name": "RHSA-2009:1223",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2009-1223.html"
},
{
"name": "20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/512019/100/0/threaded"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.5",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.5"
},
{
"name": "37298",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37298"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0121",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0121"
},
{
"name": "36430",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36430"
},
{
"name": "37471",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37471"
},
{
"name": "RHSA-2009:1222",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2009-1222.html"
},
{
"name": "20090813 Linux NULL pointer dereference due to incorrect proto_ops initializations",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=516949",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=516949"
},
{
"name": "https://issues.rpath.com/browse/RPL-3103",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-3103"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "19933",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/19933"
},
{
"name": "ADV-2009-2272",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2272"
},
{
"name": "SUSE-SR:2009:015",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
},
{
"name": "20090813 Linux NULL pointer dereference due to incorrect proto_ops initializations",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/505751/100/0/threaded"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e694958388c50148389b0e9b9e9e8945cf0f1b98",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e694958388c50148389b0e9b9e9e8945cf0f1b98"
},
{
"name": "36289",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36289"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "36327",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36327"
},
{
"name": "http://support.avaya.com/css/P8/documents/100067254",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100067254"
},
{
"name": "http://grsecurity.net/~spender/wunderbar_emporium.tgz",
"refsource": "MISC",
"url": "http://grsecurity.net/~spender/wunderbar_emporium.tgz"
},
{
"name": "oval:org.mitre.oval:def:11591",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11591"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=c18d0fe535a73b219f960d1af3d0c264555a12e3",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=c18d0fe535a73b219f960d1af3d0c264555a12e3"
},
{
"name": "oval:org.mitre.oval:def:11526",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11526"
},
{
"name": "MDVSA-2009:233",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:233"
},
{
"name": "9477",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9477"
},
{
"name": "http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html",
"refsource": "MISC",
"url": "http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc6",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc6"
},
{
"name": "oval:org.mitre.oval:def:8657",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8657"
},
{
"name": "[oss-security] 20090814 CVE-2009-2692 kernel: uninit op in SOCKOPS_WRAP() leads to privesc",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/08/14/1"
},
{
"name": "36038",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36038"
},
{
"name": "20090818 rPSA-2009-0121-1 kernel open-vm-tools",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/505912/100/0/threaded"
},
{
"name": "http://zenthought.org/content/file/android-root-2009-08-16-source",
"refsource": "MISC",
"url": "http://zenthought.org/content/file/android-root-2009-08-16-source"
},
{
"name": "ADV-2009-3316",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2692",
"datePublished": "2009-08-14T15:00:00",
"dateReserved": "2009-08-05T00:00:00",
"dateUpdated": "2024-08-07T05:59:57.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0696 (GCVE-0-2009-0696)
Vulnerability from cvelistv5
Published
2009-07-29 17:00
Modified
2024-08-07 04:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009.
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:48:51.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36035",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36035"
},
{
"name": "36063",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36063"
},
{
"name": "ADV-2009-2171",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2171"
},
{
"name": "36056",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36056"
},
{
"name": "36038",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36038"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/bind_advisory.asc"
},
{
"name": "VU#725188",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/725188"
},
{
"name": "37471",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37471"
},
{
"name": "36050",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36050"
},
{
"name": "[4.4] 014: RELIABILITY FIX: July 29, 2009",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD",
"x_transferred"
],
"url": "http://www.openbsd.org/errata44.html#014_bind"
},
{
"name": "20090729 rPSA-2009-0113-1 bind bind-utils",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/505403/100/0/threaded"
},
{
"name": "36192",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36192"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "ADV-2009-2088",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2088"
},
{
"name": "1022613",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022613"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.isc.org/node/474"
},
{
"name": "1020788",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020788.1-1"
},
{
"name": "ADV-2009-2247",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2247"
},
{
"name": "oval:org.mitre.oval:def:7806",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7806"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "39334",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39334"
},
{
"name": "ADV-2009-2036",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2036"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0113"
},
{
"name": "36098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36098"
},
{
"name": "oval:org.mitre.oval:def:10414",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10414"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://up2date.astaro.com/2009/08/up2date_7505_released.html"
},
{
"name": "USN-808-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-808-1"
},
{
"name": "36086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36086"
},
{
"name": "FEDORA-2009-8119",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01265.html"
},
{
"name": "oval:org.mitre.oval:def:12245",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12245"
},
{
"name": "36053",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36053"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt"
},
{
"name": "SSA:2009-210-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.561499"
},
{
"name": "NetBSD-SA2009-013",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-013.txt.asc"
},
{
"name": "ADV-2009-3316",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975"
},
{
"name": "264828",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-264828-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "36035",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36035"
},
{
"name": "36063",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36063"
},
{
"name": "ADV-2009-2171",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2171"
},
{
"name": "36056",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36056"
},
{
"name": "36038",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36038"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/bind_advisory.asc"
},
{
"name": "VU#725188",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/725188"
},
{
"name": "37471",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37471"
},
{
"name": "36050",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36050"
},
{
"name": "[4.4] 014: RELIABILITY FIX: July 29, 2009",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD"
],
"url": "http://www.openbsd.org/errata44.html#014_bind"
},
{
"name": "20090729 rPSA-2009-0113-1 bind bind-utils",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/505403/100/0/threaded"
},
{
"name": "36192",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36192"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "ADV-2009-2088",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2088"
},
{
"name": "1022613",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022613"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.isc.org/node/474"
},
{
"name": "1020788",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020788.1-1"
},
{
"name": "ADV-2009-2247",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2247"
},
{
"name": "oval:org.mitre.oval:def:7806",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7806"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "39334",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39334"
},
{
"name": "ADV-2009-2036",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2036"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0113"
},
{
"name": "36098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36098"
},
{
"name": "oval:org.mitre.oval:def:10414",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10414"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://up2date.astaro.com/2009/08/up2date_7505_released.html"
},
{
"name": "USN-808-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-808-1"
},
{
"name": "36086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36086"
},
{
"name": "FEDORA-2009-8119",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01265.html"
},
{
"name": "oval:org.mitre.oval:def:12245",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12245"
},
{
"name": "36053",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36053"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt"
},
{
"name": "SSA:2009-210-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.561499"
},
{
"name": "NetBSD-SA2009-013",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-013.txt.asc"
},
{
"name": "ADV-2009-3316",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975"
},
{
"name": "264828",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-264828-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2009-0696",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36035",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36035"
},
{
"name": "36063",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36063"
},
{
"name": "ADV-2009-2171",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2171"
},
{
"name": "36056",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36056"
},
{
"name": "36038",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36038"
},
{
"name": "http://aix.software.ibm.com/aix/efixes/security/bind_advisory.asc",
"refsource": "CONFIRM",
"url": "http://aix.software.ibm.com/aix/efixes/security/bind_advisory.asc"
},
{
"name": "VU#725188",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/725188"
},
{
"name": "37471",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37471"
},
{
"name": "36050",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36050"
},
{
"name": "[4.4] 014: RELIABILITY FIX: July 29, 2009",
"refsource": "OPENBSD",
"url": "http://www.openbsd.org/errata44.html#014_bind"
},
{
"name": "20090729 rPSA-2009-0113-1 bind bind-utils",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/505403/100/0/threaded"
},
{
"name": "36192",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36192"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "ADV-2009-2088",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2088"
},
{
"name": "1022613",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022613"
},
{
"name": "https://www.isc.org/node/474",
"refsource": "CONFIRM",
"url": "https://www.isc.org/node/474"
},
{
"name": "1020788",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020788.1-1"
},
{
"name": "ADV-2009-2247",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2247"
},
{
"name": "oval:org.mitre.oval:def:7806",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7806"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "39334",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39334"
},
{
"name": "ADV-2009-2036",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2036"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2009-0113",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0113"
},
{
"name": "36098",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36098"
},
{
"name": "oval:org.mitre.oval:def:10414",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10414"
},
{
"name": "http://up2date.astaro.com/2009/08/up2date_7505_released.html",
"refsource": "CONFIRM",
"url": "http://up2date.astaro.com/2009/08/up2date_7505_released.html"
},
{
"name": "USN-808-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-808-1"
},
{
"name": "36086",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36086"
},
{
"name": "FEDORA-2009-8119",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01265.html"
},
{
"name": "oval:org.mitre.oval:def:12245",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12245"
},
{
"name": "36053",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36053"
},
{
"name": "ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt",
"refsource": "CONFIRM",
"url": "ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt"
},
{
"name": "SSA:2009-210-01",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.561499"
},
{
"name": "NetBSD-SA2009-013",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-013.txt.asc"
},
{
"name": "ADV-2009-3316",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975"
},
{
"name": "264828",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-264828-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2009-0696",
"datePublished": "2009-07-29T17:00:00",
"dateReserved": "2009-02-22T00:00:00",
"dateUpdated": "2024-08-07T04:48:51.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2682 (GCVE-0-2009-2682)
Vulnerability from cvelistv5
Published
2009-09-24 18:00
Modified
2024-08-07 05:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in Role-Based Access Control (RBAC) in HP HP-UX B.11.23 and B.11.31 allows local users to bypass intended access restrictions via unknown vectors.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:56.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36850",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36850"
},
{
"name": "HPSBUX02457",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125364434020838\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:6328",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6328"
},
{
"name": "SSRT090174",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125364434020838\u0026w=2"
},
{
"name": "hpux-rbac-unauth-access(53411)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53411"
},
{
"name": "36476",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36476"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Role-Based Access Control (RBAC) in HP HP-UX B.11.23 and B.11.31 allows local users to bypass intended access restrictions via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36850",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36850"
},
{
"name": "HPSBUX02457",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125364434020838\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:6328",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6328"
},
{
"name": "SSRT090174",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125364434020838\u0026w=2"
},
{
"name": "hpux-rbac-unauth-access(53411)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53411"
},
{
"name": "36476",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36476"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2682",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Role-Based Access Control (RBAC) in HP HP-UX B.11.23 and B.11.31 allows local users to bypass intended access restrictions via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36850",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36850"
},
{
"name": "HPSBUX02457",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=125364434020838\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:6328",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6328"
},
{
"name": "SSRT090174",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=125364434020838\u0026w=2"
},
{
"name": "hpux-rbac-unauth-access(53411)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53411"
},
{
"name": "36476",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36476"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2682",
"datePublished": "2009-09-24T18:00:00",
"dateReserved": "2009-08-05T00:00:00",
"dateUpdated": "2024-08-07T05:59:56.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…