var-200910-0199
Vulnerability from variot
Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors. Multiple IBM Informix products are prone to a buffer-overflow vulnerability because the software fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. This issue affects the following: IBM Informix Client Software Development Kit (CSDK) 3.5 IBM Informix Connect 3.x Other products that use the Setnet32 3.50.0.13752 utility may also be vulnerable. Sun VirtualBox is prone to a local privilege-escalation vulnerability. Successful exploits will completely compromise affected computers. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability intelligence source on the market.
Implement it through Secunia.
For more information visit: http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com
TITLE: IBM Informix Products Setnet32 Utility ".nfx" Processing Buffer Overflow
SECUNIA ADVISORY ID: SA36949
VERIFY ADVISORY: http://secunia.com/advisories/36949/
DESCRIPTION: bruiser has discovered a vulnerability in IBM Informix Client Software Development Kit (CSDK) and IBM Informix Connect, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error in the processing of ".nfx" files. This can be exploited to cause a stack-based buffer overflow when an ".nfx" file having e.g. an overly long "HostList" entry is opened.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in setnet32.exe version 3.50.0.13752 included in IBM Informix CSDK version 3.50. Other versions may also be affected.
SOLUTION: Do not open untrusted ".nfx" files.
PROVIDED AND/OR DISCOVERED BY: Nine:Situations:Group::bruiser
ORIGINAL ADVISORY: http://retrogod.altervista.org/9sg_ibm_setnet32.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
.
SOLUTION: Update to version 3.0.8.
PROVIDED AND/OR DISCOVERED BY: The vendor credits Thomas Biege of SUSE Linux. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201001-04
http://security.gentoo.org/
Severity: Normal Title: VirtualBox: Multiple vulnerabilities Date: January 13, 2010 Bugs: #288836, #294678 ID: 201001-04
Synopsis
Multiple vulnerabilities in VirtualBox were found, the worst of which allowing for privilege escalation.
Background
The VirtualBox family provides powerful x86 virtualization products. -------------------------------------------------------------------
Description
Thomas Biege of SUSE discovered multiple vulnerabilities:
-
A shell metacharacter injection in popen() (CVE-2009-3692) and a possible buffer overflow in strncpy() in the VBoxNetAdpCtl configuration tool.
-
An unspecified vulnerability in VirtualBox Guest Additions (CVE-2009-3940). A guest OS local user could cause a Denial of Service (memory consumption) on the guest OS via unknown vectors.
Workaround
There is no known workaround at this time.
Resolution
All users of the binary version of VirtualBox should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=app-emulation/virtualbox-bin-3.0.12"
All users of the Open Source version of VirtualBox should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=app-emulation/virtualbox-ose-3.0.12"
All users of the binary VirtualBox Guest Additions should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=app-emulation/virtualbox-guest-additions-3.0.12"
All users of the Open Source VirtualBox Guest Additions should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=app-emulation/virtualbox-ose-additions-3.0.12"
References
[ 1 ] CVE-2009-3692 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3692 [ 2 ] CVE-2009-3940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3940
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201001-04.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200910-0199",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "virtualbox",
"scope": "eq",
"trust": 1.9,
"vendor": "sun",
"version": "3.0.6"
},
{
"model": "virtualbox",
"scope": "eq",
"trust": 1.9,
"vendor": "sun",
"version": "3.0.4"
},
{
"model": "virtualbox",
"scope": "eq",
"trust": 1.9,
"vendor": "sun",
"version": "3.0.2"
},
{
"model": "virtualbox",
"scope": "eq",
"trust": 1.6,
"vendor": "sun",
"version": "3.0.0"
},
{
"model": "virtualbox",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "3.0.8"
},
{
"model": "virtualbox",
"scope": "lt",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "3.0.x"
},
{
"model": "informix csdk",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.50"
},
{
"model": "informix connect",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"model": "virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "3.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "pardus",
"version": "20090"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "virtualbox",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": "3.0.8"
}
],
"sources": [
{
"db": "BID",
"id": "36588"
},
{
"db": "BID",
"id": "36604"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006423"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-203"
},
{
"db": "NVD",
"id": "CVE-2009-3692"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:sun:virtualbox",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-006423"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Thomas Biege of SUSE Linux",
"sources": [
{
"db": "BID",
"id": "36604"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-203"
}
],
"trust": 0.9
},
"cve": "CVE-2009-3692",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2009-3692",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-41138",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-3692",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2009-3692",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200910-203",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-41138",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41138"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006423"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-203"
},
{
"db": "NVD",
"id": "CVE-2009-3692"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors. Multiple IBM Informix products are prone to a buffer-overflow vulnerability because the software fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. \nAn attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. \nThis issue affects the following:\nIBM Informix Client Software Development Kit (CSDK) 3.5\nIBM Informix Connect 3.x\nOther products that use the Setnet32 3.50.0.13752 utility may also be vulnerable. Sun VirtualBox is prone to a local privilege-escalation vulnerability. Successful exploits will completely compromise affected computers. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management) \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nFor more information visit:\nhttp://secunia.com/advisories/business_solutions/\n\nAlternatively request a call from a Secunia representative today to\ndiscuss how we can help you with our capabilities contact us at:\nsales@secunia.com\n\n----------------------------------------------------------------------\n\nTITLE:\nIBM Informix Products Setnet32 Utility \".nfx\" Processing Buffer\nOverflow\n\nSECUNIA ADVISORY ID:\nSA36949\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/36949/\n\nDESCRIPTION:\nbruiser has discovered a vulnerability in IBM Informix Client\nSoftware Development Kit (CSDK) and IBM Informix Connect, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to a boundary error in the processing\nof \".nfx\" files. This can be exploited to cause a stack-based buffer\noverflow when an \".nfx\" file having e.g. an overly long \"HostList\"\nentry is opened. \n\nSuccessful exploitation allows execution of arbitrary code. \n\nThe vulnerability is confirmed in setnet32.exe version 3.50.0.13752\nincluded in IBM Informix CSDK version 3.50. Other versions may also\nbe affected. \n\nSOLUTION:\nDo not open untrusted \".nfx\" files. \n\nPROVIDED AND/OR DISCOVERED BY:\nNine:Situations:Group::bruiser\n\nORIGINAL ADVISORY:\nhttp://retrogod.altervista.org/9sg_ibm_setnet32.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\nSOLUTION:\nUpdate to version 3.0.8. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Thomas Biege of SUSE Linux. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201001-04\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: VirtualBox: Multiple vulnerabilities\n Date: January 13, 2010\n Bugs: #288836, #294678\n ID: 201001-04\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities in VirtualBox were found, the worst of which\nallowing for privilege escalation. \n\nBackground\n==========\n\nThe VirtualBox family provides powerful x86 virtualization products. \n -------------------------------------------------------------------\n\nDescription\n===========\n\nThomas Biege of SUSE discovered multiple vulnerabilities:\n\n* A shell metacharacter injection in popen() (CVE-2009-3692) and a\n possible buffer overflow in strncpy() in the VBoxNetAdpCtl\n configuration tool. \n\n* An unspecified vulnerability in VirtualBox Guest Additions\n (CVE-2009-3940). A guest OS local user could cause a Denial\nof Service (memory consumption) on the guest OS via unknown vectors. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll users of the binary version of VirtualBox should upgrade to the\nlatest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose\n\"\u003e=app-emulation/virtualbox-bin-3.0.12\"\n\nAll users of the Open Source version of VirtualBox should upgrade to\nthe latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose\n\"\u003e=app-emulation/virtualbox-ose-3.0.12\"\n\nAll users of the binary VirtualBox Guest Additions should upgrade to\nthe latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose\n\"\u003e=app-emulation/virtualbox-guest-additions-3.0.12\"\n\nAll users of the Open Source VirtualBox Guest Additions should upgrade\nto the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose\n\"\u003e=app-emulation/virtualbox-ose-additions-3.0.12\"\n\nReferences\n==========\n\n [ 1 ] CVE-2009-3692\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3692\n [ 2 ] CVE-2009-3940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3940\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201001-04.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2010 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-3692"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006423"
},
{
"db": "BID",
"id": "36588"
},
{
"db": "BID",
"id": "36604"
},
{
"db": "VULHUB",
"id": "VHN-41138"
},
{
"db": "PACKETSTORM",
"id": "81799"
},
{
"db": "PACKETSTORM",
"id": "81856"
},
{
"db": "PACKETSTORM",
"id": "85077"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-41138",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41138"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-3692",
"trust": 2.9
},
{
"db": "BID",
"id": "36604",
"trust": 1.4
},
{
"db": "SECUNIA",
"id": "36929",
"trust": 1.2
},
{
"db": "OSVDB",
"id": "58652",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2009-2845",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1022990",
"trust": 1.1
},
{
"db": "BID",
"id": "36588",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006423",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200910-203",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "36949",
"trust": 0.7
},
{
"db": "XF",
"id": "53644",
"trust": 0.6
},
{
"db": "SECTRACK",
"id": "1022985",
"trust": 0.6
},
{
"db": "OSVDB",
"id": "58530",
"trust": 0.6
},
{
"db": "VUPEN",
"id": "ADV-2009-2834",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "85077",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "82055",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-67009",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "9973",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-41138",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "81799",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "81856",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41138"
},
{
"db": "BID",
"id": "36588"
},
{
"db": "BID",
"id": "36604"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006423"
},
{
"db": "PACKETSTORM",
"id": "81799"
},
{
"db": "PACKETSTORM",
"id": "81856"
},
{
"db": "PACKETSTORM",
"id": "85077"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-203"
},
{
"db": "NVD",
"id": "CVE-2009-3692"
}
]
},
"id": "VAR-200910-0199",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-41138"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:42:34.849000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Sun Alert 268188",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/sun_alert_268188_security_vulnerability"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-006423"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-3692"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.5,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-268188-1"
},
{
"trust": 1.2,
"url": "http://www.virtualbox.org/wiki/changelog"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/36604"
},
{
"trust": 1.1,
"url": "http://www.osvdb.org/58652"
},
{
"trust": 1.1,
"url": "http://securitytracker.com/id?1022990"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/36929"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2009/2845"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53671"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3692"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3692"
},
{
"trust": 0.7,
"url": "http://retrogod.altervista.org/9sg_ibm_setnet32.html"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/53644"
},
{
"trust": 0.6,
"url": "http://www.vupen.com/english/advisories/2009/2834"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/36588"
},
{
"trust": 0.6,
"url": "http://www.osvdb.org/58530"
},
{
"trust": 0.6,
"url": "http://securitytracker.com/id?1022985"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/36949"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/software/data/informix/tools/csdk/"
},
{
"trust": 0.3,
"url": "http://xorl.wordpress.com/2009/10/13/cve-2009-3692-virtualbox-vboxnetadpctl-privilege-escalation/"
},
{
"trust": 0.3,
"url": "http://www.virtualbox.org/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/36949/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/36929/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3940"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3692"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3940"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201001-04.xml"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41138"
},
{
"db": "BID",
"id": "36588"
},
{
"db": "BID",
"id": "36604"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006423"
},
{
"db": "PACKETSTORM",
"id": "81799"
},
{
"db": "PACKETSTORM",
"id": "81856"
},
{
"db": "PACKETSTORM",
"id": "85077"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-203"
},
{
"db": "NVD",
"id": "CVE-2009-3692"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-41138"
},
{
"db": "BID",
"id": "36588"
},
{
"db": "BID",
"id": "36604"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006423"
},
{
"db": "PACKETSTORM",
"id": "81799"
},
{
"db": "PACKETSTORM",
"id": "81856"
},
{
"db": "PACKETSTORM",
"id": "85077"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-203"
},
{
"db": "NVD",
"id": "CVE-2009-3692"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-10-13T00:00:00",
"db": "VULHUB",
"id": "VHN-41138"
},
{
"date": "2009-10-01T00:00:00",
"db": "BID",
"id": "36588"
},
{
"date": "2009-10-06T00:00:00",
"db": "BID",
"id": "36604"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-006423"
},
{
"date": "2009-10-05T14:37:52",
"db": "PACKETSTORM",
"id": "81799"
},
{
"date": "2009-10-07T05:27:52",
"db": "PACKETSTORM",
"id": "81856"
},
{
"date": "2010-01-14T02:32:25",
"db": "PACKETSTORM",
"id": "85077"
},
{
"date": "2009-10-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200910-203"
},
{
"date": "2009-10-13T10:30:00.703000",
"db": "NVD",
"id": "CVE-2009-3692"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-17T00:00:00",
"db": "VULHUB",
"id": "VHN-41138"
},
{
"date": "2009-10-15T22:28:00",
"db": "BID",
"id": "36588"
},
{
"date": "2010-01-14T09:11:00",
"db": "BID",
"id": "36604"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-006423"
},
{
"date": "2009-10-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200910-203"
},
{
"date": "2024-11-21T01:07:58.290000",
"db": "NVD",
"id": "CVE-2009-3692"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "36604"
},
{
"db": "PACKETSTORM",
"id": "81856"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-203"
}
],
"trust": 1.0
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sun VirtualBox VBoxNetAdpCtl Configuration Tool Local Privilege Escalation Vulnerability",
"sources": [
{
"db": "BID",
"id": "36604"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-203"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200910-203"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…