Vulnerability-Lookup

CVE-2007-2052 (GCVE-0-2007-2052)

Vulnerability from cvelistv5 – Published: 2007-04-17 02:00 – Updated: 2024-08-07 13:23

Summary

Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://lists.vmware.com/pipermail/security-announ…	mailing-listx_refsource_MLIST
	http://secunia.com/advisories/28050	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/25190	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/25217	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/37471	third-party-advisoryx_refsource_SECUNIA
	http://www.python.org/download/releases/2.5.1/NEWS.txt	x_refsource_CONFIRM
	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416934	x_refsource_CONFIRM
	http://www.debian.org/security/2008/dsa-1551	vendor-advisoryx_refsource_DEBIAN
	http://www.vmware.com/security/advisories/VMSA-20…	x_refsource_CONFIRM
	http://secunia.com/advisories/29303	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2007/1465	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/29032	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/31492	third-party-advisoryx_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.securityfocus.com/archive/1/469294/30/…	mailing-listx_refsource_BUGTRAQ
	http://www.redhat.com/support/errata/RHSA-2008-06…	vendor-advisoryx_refsource_REDHAT
	http://www.redhat.com/support/errata/RHSA-2007-10…	vendor-advisoryx_refsource_REDHAT
	http://www.securityfocus.com/archive/1/488457/100…	mailing-listx_refsource_BUGTRAQ
	http://www.redhat.com/support/errata/RHSA-2007-10…	vendor-advisoryx_refsource_REDHAT
	http://www.securityfocus.com/archive/1/507985/100…	mailing-listx_refsource_BUGTRAQ
	http://www.vupen.com/english/advisories/2008/0637	vdb-entryx_refsource_VUPEN
	https://bugzilla.redhat.com/bugzilla/show_bug.cgi…	x_refsource_CONFIRM
	http://secunia.com/advisories/25353	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/25233	third-party-advisoryx_refsource_SECUNIA
	https://issues.rpath.com/browse/RPL-1358	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/usn-585-1	vendor-advisoryx_refsource_UBUNTU
	http://www.trustix.org/errata/2007/0019/	vendor-advisoryx_refsource_TRUSTIX
	http://secunia.com/advisories/28027	third-party-advisoryx_refsource_SECUNIA
	http://www.novell.com/linux/security/advisories/2…	vendor-advisoryx_refsource_SUSE
	http://secunia.com/advisories/31255	third-party-advisoryx_refsource_SECUNIA
	http://www.debian.org/security/2008/dsa-1620	vendor-advisoryx_refsource_DEBIAN
	http://secunia.com/advisories/25787	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/23887	vdb-entryx_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.vupen.com/english/advisories/2009/3316	vdb-entryx_refsource_VUPEN
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://secunia.com/advisories/29889	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:23:50.498Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[Security-announce] 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.vmware.com/pipermail/security-announce/2008/000005.html"
          },
          {
            "name": "28050",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28050"
          },
          {
            "name": "25190",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25190"
          },
          {
            "name": "25217",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25217"
          },
          {
            "name": "37471",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37471"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.python.org/download/releases/2.5.1/NEWS.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416934"
          },
          {
            "name": "DSA-1551",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1551"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
          },
          {
            "name": "29303",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29303"
          },
          {
            "name": "ADV-2007-1465",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1465"
          },
          {
            "name": "29032",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29032"
          },
          {
            "name": "31492",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31492"
          },
          {
            "name": "oval:org.mitre.oval:def:8353",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8353"
          },
          {
            "name": "20070521 FLEA-2007-0019-1: python",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/469294/30/6450/threaded"
          },
          {
            "name": "RHSA-2008:0629",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html"
          },
          {
            "name": "RHSA-2007:1077",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-1077.html"
          },
          {
            "name": "20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/488457/100/0/threaded"
          },
          {
            "name": "RHSA-2007:1076",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-1076.html"
          },
          {
            "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
          },
          {
            "name": "ADV-2008-0637",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0637"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235093"
          },
          {
            "name": "25353",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25353"
          },
          {
            "name": "25233",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25233"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-1358"
          },
          {
            "name": "USN-585-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-585-1"
          },
          {
            "name": "2007-0019",
            "tags": [
              "vendor-advisory",
              "x_refsource_TRUSTIX",
              "x_transferred"
            ],
            "url": "http://www.trustix.org/errata/2007/0019/"
          },
          {
            "name": "28027",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28027"
          },
          {
            "name": "SUSE-SR:2007:013",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_13_sr.html"
          },
          {
            "name": "31255",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31255"
          },
          {
            "name": "DSA-1620",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1620"
          },
          {
            "name": "25787",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25787"
          },
          {
            "name": "23887",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/23887"
          },
          {
            "name": "python-localemodule-information-disclosure(34060)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34060"
          },
          {
            "name": "oval:org.mitre.oval:def:11716",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11716"
          },
          {
            "name": "ADV-2009-3316",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3316"
          },
          {
            "name": "MDKSA-2007:099",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:099"
          },
          {
            "name": "29889",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29889"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-03-31T04:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T18:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[Security-announce] 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.vmware.com/pipermail/security-announce/2008/000005.html"
        },
        {
          "name": "28050",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28050"
        },
        {
          "name": "25190",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25190"
        },
        {
          "name": "25217",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25217"
        },
        {
          "name": "37471",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37471"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.python.org/download/releases/2.5.1/NEWS.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416934"
        },
        {
          "name": "DSA-1551",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1551"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
        },
        {
          "name": "29303",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29303"
        },
        {
          "name": "ADV-2007-1465",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1465"
        },
        {
          "name": "29032",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29032"
        },
        {
          "name": "31492",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31492"
        },
        {
          "name": "oval:org.mitre.oval:def:8353",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8353"
        },
        {
          "name": "20070521 FLEA-2007-0019-1: python",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/469294/30/6450/threaded"
        },
        {
          "name": "RHSA-2008:0629",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html"
        },
        {
          "name": "RHSA-2007:1077",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-1077.html"
        },
        {
          "name": "20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/488457/100/0/threaded"
        },
        {
          "name": "RHSA-2007:1076",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-1076.html"
        },
        {
          "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
        },
        {
          "name": "ADV-2008-0637",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0637"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235093"
        },
        {
          "name": "25353",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25353"
        },
        {
          "name": "25233",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25233"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-1358"
        },
        {
          "name": "USN-585-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-585-1"
        },
        {
          "name": "2007-0019",
          "tags": [
            "vendor-advisory",
            "x_refsource_TRUSTIX"
          ],
          "url": "http://www.trustix.org/errata/2007/0019/"
        },
        {
          "name": "28027",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28027"
        },
        {
          "name": "SUSE-SR:2007:013",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_13_sr.html"
        },
        {
          "name": "31255",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31255"
        },
        {
          "name": "DSA-1620",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1620"
        },
        {
          "name": "25787",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25787"
        },
        {
          "name": "23887",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/23887"
        },
        {
          "name": "python-localemodule-information-disclosure(34060)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34060"
        },
        {
          "name": "oval:org.mitre.oval:def:11716",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11716"
        },
        {
          "name": "ADV-2009-3316",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3316"
        },
        {
          "name": "MDKSA-2007:099",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:099"
        },
        {
          "name": "29889",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29889"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-2052",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[Security-announce] 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates",
              "refsource": "MLIST",
              "url": "http://lists.vmware.com/pipermail/security-announce/2008/000005.html"
            },
            {
              "name": "28050",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28050"
            },
            {
              "name": "25190",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25190"
            },
            {
              "name": "25217",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25217"
            },
            {
              "name": "37471",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37471"
            },
            {
              "name": "http://www.python.org/download/releases/2.5.1/NEWS.txt",
              "refsource": "CONFIRM",
              "url": "http://www.python.org/download/releases/2.5.1/NEWS.txt"
            },
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416934",
              "refsource": "CONFIRM",
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416934"
            },
            {
              "name": "DSA-1551",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1551"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
            },
            {
              "name": "29303",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29303"
            },
            {
              "name": "ADV-2007-1465",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/1465"
            },
            {
              "name": "29032",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29032"
            },
            {
              "name": "31492",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31492"
            },
            {
              "name": "oval:org.mitre.oval:def:8353",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8353"
            },
            {
              "name": "20070521 FLEA-2007-0019-1: python",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/469294/30/6450/threaded"
            },
            {
              "name": "RHSA-2008:0629",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html"
            },
            {
              "name": "RHSA-2007:1077",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-1077.html"
            },
            {
              "name": "20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/488457/100/0/threaded"
            },
            {
              "name": "RHSA-2007:1076",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-1076.html"
            },
            {
              "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
            },
            {
              "name": "ADV-2008-0637",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0637"
            },
            {
              "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235093",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235093"
            },
            {
              "name": "25353",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25353"
            },
            {
              "name": "25233",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25233"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-1358",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-1358"
            },
            {
              "name": "USN-585-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-585-1"
            },
            {
              "name": "2007-0019",
              "refsource": "TRUSTIX",
              "url": "http://www.trustix.org/errata/2007/0019/"
            },
            {
              "name": "28027",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28027"
            },
            {
              "name": "SUSE-SR:2007:013",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2007_13_sr.html"
            },
            {
              "name": "31255",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31255"
            },
            {
              "name": "DSA-1620",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1620"
            },
            {
              "name": "25787",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25787"
            },
            {
              "name": "23887",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/23887"
            },
            {
              "name": "python-localemodule-information-disclosure(34060)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34060"
            },
            {
              "name": "oval:org.mitre.oval:def:11716",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11716"
            },
            {
              "name": "ADV-2009-3316",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3316"
            },
            {
              "name": "MDKSA-2007:099",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:099"
            },
            {
              "name": "29889",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29889"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-2052",
    "datePublished": "2007-04-17T02:00:00.000Z",
    "dateReserved": "2007-04-16T04:00:00.000Z",
    "dateUpdated": "2024-08-07T13:23:50.498Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

FKIE_CVE-2007-2052

Vulnerability from fkie_nvd - Published: 2007-04-16 22:19 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416934	Third Party Advisory
cve@mitre.org	http://lists.vmware.com/pipermail/security-announce/2008/000005.html	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/25190	Broken Link
cve@mitre.org	http://secunia.com/advisories/25217	Broken Link
cve@mitre.org	http://secunia.com/advisories/25233	Broken Link
cve@mitre.org	http://secunia.com/advisories/25353	Broken Link
cve@mitre.org	http://secunia.com/advisories/25787	Broken Link
cve@mitre.org	http://secunia.com/advisories/28027	Broken Link
cve@mitre.org	http://secunia.com/advisories/28050	Broken Link
cve@mitre.org	http://secunia.com/advisories/29032	Broken Link
cve@mitre.org	http://secunia.com/advisories/29303	Broken Link
cve@mitre.org	http://secunia.com/advisories/29889	Broken Link
cve@mitre.org	http://secunia.com/advisories/31255	Broken Link
cve@mitre.org	http://secunia.com/advisories/31492	Broken Link
cve@mitre.org	http://secunia.com/advisories/37471	Third Party Advisory
cve@mitre.org	http://www.debian.org/security/2008/dsa-1551	Third Party Advisory
cve@mitre.org	http://www.debian.org/security/2008/dsa-1620	Third Party Advisory
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDKSA-2007:099	Broken Link, Third Party Advisory
cve@mitre.org	http://www.novell.com/linux/security/advisories/2007_13_sr.html	Third Party Advisory
cve@mitre.org	http://www.python.org/download/releases/2.5.1/NEWS.txt	Broken Link, Vendor Advisory
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2007-1076.html	Third Party Advisory
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2007-1077.html	Third Party Advisory
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2008-0629.html	Third Party Advisory
cve@mitre.org	http://www.securityfocus.com/archive/1/469294/30/6450/threaded	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securityfocus.com/archive/1/488457/100/0/threaded	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securityfocus.com/archive/1/507985/100/0/threaded	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securityfocus.com/bid/23887	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.trustix.org/errata/2007/0019/	Third Party Advisory
cve@mitre.org	http://www.ubuntu.com/usn/usn-585-1	Third Party Advisory
cve@mitre.org	http://www.vmware.com/security/advisories/VMSA-2009-0016.html	Broken Link, Third Party Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2007/1465	Broken Link, Third Party Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0637	Broken Link, Third Party Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2009/3316	Broken Link, Third Party Advisory
cve@mitre.org	https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235093	Issue Tracking
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/34060	VDB Entry
cve@mitre.org	https://issues.rpath.com/browse/RPL-1358	Third Party Advisory
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11716	Broken Link
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8353	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416934	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.vmware.com/pipermail/security-announce/2008/000005.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25190	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25217	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25233	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25353	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25787	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28027	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28050	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29032	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29303	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29889	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31255	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31492	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37471	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2008/dsa-1551	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2008/dsa-1620	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDKSA-2007:099	Broken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2007_13_sr.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.python.org/download/releases/2.5.1/NEWS.txt	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2007-1076.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2007-1077.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2008-0629.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/469294/30/6450/threaded	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/488457/100/0/threaded	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/507985/100/0/threaded	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/23887	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.trustix.org/errata/2007/0019/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-585-1	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/security/advisories/VMSA-2009-0016.html	Broken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/1465	Broken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0637	Broken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/3316	Broken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235093	Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/34060	VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://issues.rpath.com/browse/RPL-1358	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11716	Broken Link
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8353	Broken Link

Impacted products

	Vendor	Product	Version
	python	python	2.4.0
	python	python	2.5.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:python:python:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE315FF0-8715-4FF6-ADBD-AD99AB0D0882",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "690CBE11-2D97-4D59-A21C-2AC388E67273",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination."
    },
    {
      "lang": "es",
      "value": "Error de superaci\u00f3n de l\u00edmite (off-by-one) en la funci\u00f3n PyLocale_strxfrm de Modules/_localemodule.c para Python 2.4 y 2.5 provoca que se utilice un tama\u00f1o de b\u00fafer incorrecto para la funci\u00f3n strxfrm, lo cual permite a atacantes locales o remotos dependiendo del contexto leer porciones de memoria mediante manipulaciones desconocidas que disparan una lectura fuera de l\u00edmite del b\u00fafer debido a la falta de una terminaci\u00f3n null."
    }
  ],
  "id": "CVE-2007-2052",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-04-16T22:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416934"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.vmware.com/pipermail/security-announce/2008/000005.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/25190"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/25217"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/25233"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/25353"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/25787"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/28027"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/28050"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/29032"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/29303"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/29889"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/31255"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/31492"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/37471"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2008/dsa-1551"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2008/dsa-1620"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:099"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.novell.com/linux/security/advisories/2007_13_sr.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.python.org/download/releases/2.5.1/NEWS.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2007-1076.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2007-1077.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/469294/30/6450/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/488457/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/23887"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.trustix.org/errata/2007/0019/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/usn-585-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/1465"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0637"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3316"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235093"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34060"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://issues.rpath.com/browse/RPL-1358"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11716"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8353"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416934"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.vmware.com/pipermail/security-announce/2008/000005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/25190"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/25217"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/25233"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/25353"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/25787"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/28027"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/28050"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/29032"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/29303"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/29889"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/31255"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/31492"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/37471"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2008/dsa-1551"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2008/dsa-1620"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:099"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.novell.com/linux/security/advisories/2007_13_sr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.python.org/download/releases/2.5.1/NEWS.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2007-1076.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2007-1077.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/469294/30/6450/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/488457/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/23887"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.trustix.org/errata/2007/0019/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/usn-585-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/1465"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0637"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3316"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235093"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34060"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://issues.rpath.com/browse/RPL-1358"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11716"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8353"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Red Hat is aware of this issue and is tracking it via the following bug:\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235093\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.  More information regarding issue severity can be found here:\nhttp://www.redhat.com/security/updates/classification/\n",
      "lastModified": "2007-04-19T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-193"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2009-AVI-513

Vulnerability from certfr_avis - Published: 2009-11-24 - Updated: 2009-11-24

Plusieurs vulnérabilités découvertes dans les produits VMware peuvent être exploitées à distance par un utilisateur malintentionné afin de compromettre le système vulnérable ou encore d'entraver son bon fonctionnement.

Description

Les vulnérabilités présentes dans les produits VMware peuvent être exploitées afin de porter atteinte à l'intégrité et à la confidentialité des données, de réaliser un déni de service, d'injecter et d'exécuter indirectement du code arbitraire, d'élever ses privilèges ou d'exécuter du code arbitraire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	VMware Server 2.x ;
VMware	ESXi	VMware ESXi 3.x ;
VMware	N/A	VMware vMA 4.x.
VMware	N/A	VMware ESX Server 4.x ;
VMware	N/A	VMware ESX Server 2.x ;
VMware	N/A	VMware ESX Server 3.x ;
VMware	ESXi	VMware ESXi 4.x ;
VMware	vCenter Server	VMware vCenter Server 4.x ;
VMware	N/A	VMware VirtualCenter 2.x ;

References

Title

Publication Time

Tags

Bulletin de sécurité VMware du 20 novembre 2009

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware Server 2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESXi 3.x ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vMA 4.x.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX Server 4.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX Server 2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX Server 3.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESXi 4.x ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCenter Server 4.x ;",
      "product": {
        "name": "vCenter Server",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware VirtualCenter 2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nLes vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans les produits VMware peuvent \u00eatre\nexploit\u00e9es afin de porter atteinte \u00e0 l\u0027int\u00e9grit\u00e9 et \u00e0 la confidentialit\u00e9\ndes donn\u00e9es, de r\u00e9aliser un d\u00e9ni de service, d\u0027injecter et d\u0027ex\u00e9cuter\nindirectement du code arbitraire, d\u0027\u00e9lever ses privil\u00e8ges ou d\u0027ex\u00e9cuter\ndu code arbitraire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-2724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2724"
    },
    {
      "name": "CVE-2009-0676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0676"
    },
    {
      "name": "CVE-2009-2721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2721"
    },
    {
      "name": "CVE-2008-3143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3143"
    },
    {
      "name": "CVE-2009-2692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2692"
    },
    {
      "name": "CVE-2009-2406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2406"
    },
    {
      "name": "CVE-2009-1389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1389"
    },
    {
      "name": "CVE-2008-0002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0002"
    },
    {
      "name": "CVE-2009-1106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1106"
    },
    {
      "name": "CVE-2009-1072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1072"
    },
    {
      "name": "CVE-2008-4307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4307"
    },
    {
      "name": "CVE-2009-1104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1104"
    },
    {
      "name": "CVE-2009-2407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2407"
    },
    {
      "name": "CVE-2008-3142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3142"
    },
    {
      "name": "CVE-2009-1101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1101"
    },
    {
      "name": "CVE-2009-2416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2416"
    },
    {
      "name": "CVE-2009-1385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1385"
    },
    {
      "name": "CVE-2009-0746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0746"
    },
    {
      "name": "CVE-2009-2673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2673"
    },
    {
      "name": "CVE-2007-5966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5966"
    },
    {
      "name": "CVE-2009-2719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2719"
    },
    {
      "name": "CVE-2008-4864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4864"
    },
    {
      "name": "CVE-2009-2417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2417"
    },
    {
      "name": "CVE-2009-1439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1439"
    },
    {
      "name": "CVE-2009-0322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0322"
    },
    {
      "name": "CVE-2009-1895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1895"
    },
    {
      "name": "CVE-2009-1094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1094"
    },
    {
      "name": "CVE-2009-0748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0748"
    },
    {
      "name": "CVE-2008-3144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3144"
    },
    {
      "name": "CVE-2009-0747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0747"
    },
    {
      "name": "CVE-2009-0580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0580"
    },
    {
      "name": "CVE-2009-1095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1095"
    },
    {
      "name": "CVE-2009-2672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2672"
    },
    {
      "name": "CVE-2009-0675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0675"
    },
    {
      "name": "CVE-2007-5461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5461"
    },
    {
      "name": "CVE-2009-2670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2670"
    },
    {
      "name": "CVE-2009-1102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1102"
    },
    {
      "name": "CVE-2009-1630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1630"
    },
    {
      "name": "CVE-2009-0269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0269"
    },
    {
      "name": "CVE-2008-3528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3528"
    },
    {
      "name": "CVE-2008-5031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5031"
    },
    {
      "name": "CVE-2008-1721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1721"
    },
    {
      "name": "CVE-2009-1388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1388"
    },
    {
      "name": "CVE-2009-1192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1192"
    },
    {
      "name": "CVE-2009-2720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2720"
    },
    {
      "name": "CVE-2009-0834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0834"
    },
    {
      "name": "CVE-2009-2671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2671"
    },
    {
      "name": "CVE-2009-2848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2848"
    },
    {
      "name": "CVE-2009-2675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2675"
    },
    {
      "name": "CVE-2008-1232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1232"
    },
    {
      "name": "CVE-2009-0159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0159"
    },
    {
      "name": "CVE-2009-0778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0778"
    },
    {
      "name": "CVE-2009-2625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2625"
    },
    {
      "name": "CVE-2009-1099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1099"
    },
    {
      "name": "CVE-2009-1252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1252"
    },
    {
      "name": "CVE-2009-2698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2698"
    },
    {
      "name": "CVE-2008-2370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2370"
    },
    {
      "name": "CVE-2009-0033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0033"
    },
    {
      "name": "CVE-2009-2723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2723"
    },
    {
      "name": "CVE-2009-1107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1107"
    },
    {
      "name": "CVE-2009-2716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2716"
    },
    {
      "name": "CVE-2007-5333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5333"
    },
    {
      "name": "CVE-2008-1947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1947"
    },
    {
      "name": "CVE-2009-1105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1105"
    },
    {
      "name": "CVE-2007-6286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6286"
    },
    {
      "name": "CVE-2009-0028",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0028"
    },
    {
      "name": "CVE-2009-1337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1337"
    },
    {
      "name": "CVE-2009-0781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0781"
    },
    {
      "name": "CVE-2009-2414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2414"
    },
    {
      "name": "CVE-2007-2052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2052"
    },
    {
      "name": "CVE-2009-1336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1336"
    },
    {
      "name": "CVE-2009-0783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0783"
    },
    {
      "name": "CVE-2008-5515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5515"
    },
    {
      "name": "CVE-2007-4965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4965"
    },
    {
      "name": "CVE-2009-1633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1633"
    },
    {
      "name": "CVE-2009-2722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2722"
    },
    {
      "name": "CVE-2008-5700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5700"
    },
    {
      "name": "CVE-2009-1103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1103"
    },
    {
      "name": "CVE-2009-1100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1100"
    },
    {
      "name": "CVE-2009-2676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2676"
    },
    {
      "name": "CVE-2007-5342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5342"
    },
    {
      "name": "CVE-2009-1096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1096"
    },
    {
      "name": "CVE-2009-1098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1098"
    },
    {
      "name": "CVE-2009-0787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0787"
    },
    {
      "name": "CVE-2008-1887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1887"
    },
    {
      "name": "CVE-2009-1097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1097"
    },
    {
      "name": "CVE-2009-2847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2847"
    },
    {
      "name": "CVE-2008-2315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2315"
    },
    {
      "name": "CVE-2009-0696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0696"
    },
    {
      "name": "CVE-2009-2718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2718"
    },
    {
      "name": "CVE-2009-0745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0745"
    },
    {
      "name": "CVE-2009-1093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1093"
    }
  ],
  "initial_release_date": "2009-11-24T00:00:00",
  "last_revision_date": "2009-11-24T00:00:00",
  "links": [],
  "reference": "CERTA-2009-AVI-513",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-11-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans les produits VMware peuvent\n\u00eatre exploit\u00e9es \u00e0 distance par un utilisateur malintentionn\u00e9 afin de\ncompromettre le syst\u00e8me vuln\u00e9rable ou encore d\u0027entraver son bon\nfonctionnement.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware du 20 novembre 2009",
      "url": "http://lists.vmware.com/pipermail/security-announce/2009/000070.html"
    }
  ]
}

CERTA-2008-AVI-103

Vulnerability from certfr_avis - Published: 2008-02-22 - Updated: 2008-02-28

Plusieurs vulnérabilités dans VMware ESX Server permettent à une personne malintentionnée d'élever ses privilèges, d'atteindre à la confidentialité des données, d'exécuter du code arbitraire ou de provoquer un déni de service.

Description

Plusieurs vulnérabilités dans VMware ESX Server ont été découvertes :

une erreur dans le pilote aacraid SCSI permet à un utilisateur local de provoquer un déni de service ou une élévation de privilèges ;
une vulnérabilité dans Samba permet à une personne malveillante ayant accès à la console de service de provoquer un déni de service ou d'exécuter du code arbitraire à distance ;
plusieurs vunérabilités dans le module python permettent de provoquer un déni de service, d'exécuter du code arbitraire ou d'atteindre à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de VMware pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	VMware	N/A	VMware ESX Server 2.x ;
	VMware	N/A	VMware ESX Server 3.x.

References

Title

Publication Time

Tags

Bulletin de sécurité VMware VMSA-2008-0003 du 04 février 2008	None	vendor-advisory
Bulletin de sécurité VMware VMSA-2008-0003 du 04 février 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware ESX Server 2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX Server 3.x.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s dans VMware ESX Server ont \u00e9t\u00e9 d\u00e9couvertes :\n\n-   une erreur dans le pilote aacraid SCSI permet \u00e0 un utilisateur local\n    de provoquer un d\u00e9ni de service ou une \u00e9l\u00e9vation de privil\u00e8ges ;\n-   une vuln\u00e9rabilit\u00e9 dans Samba permet \u00e0 une personne malveillante\n    ayant acc\u00e8s \u00e0 la console de service de provoquer un d\u00e9ni de service\n    ou d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance ;\n-   plusieurs vun\u00e9rabilit\u00e9s dans le module python permettent de\n    provoquer un d\u00e9ni de service, d\u0027ex\u00e9cuter du code arbitraire ou\n    d\u0027atteindre \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de VMware pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-6015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6015"
    },
    {
      "name": "CVE-2006-7228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-7228"
    },
    {
      "name": "CVE-2007-4308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4308"
    },
    {
      "name": "CVE-2007-2052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2052"
    },
    {
      "name": "CVE-2007-4965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4965"
    }
  ],
  "initial_release_date": "2008-02-22T00:00:00",
  "last_revision_date": "2008-02-28T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2008-0003 du 04 f\u00e9vrier    2008 :",
      "url": "http://www.vmware.com/security/advisories/VMSA-2008-0003.html"
    }
  ],
  "reference": "CERTA-2008-AVI-103",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-02-22T00:00:00.000000"
    },
    {
      "description": "correction du lien vers le bulletin de s\u00e9curit\u00e9 VMware.",
      "revision_date": "2008-02-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans VMware ESX Server permettent \u00e0 une\npersonne malintentionn\u00e9e d\u0027\u00e9lever ses privil\u00e8ges, d\u0027atteindre \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es, d\u0027ex\u00e9cuter du code arbitraire ou de\nprovoquer un d\u00e9ni de service.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware ESX Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2008-0003 du 04 f\u00e9vrier 2008",
      "url": null
    }
  ]
}

GHSA-7HCX-RXP8-J55G

Vulnerability from github – Published: 2022-05-01 17:59 – Updated: 2025-04-09 03:40

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-2052"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-193"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-04-16T22:19:00Z",
    "severity": "MODERATE"
  },
  "details": "Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination.",
  "id": "GHSA-7hcx-rxp8-j55g",
  "modified": "2025-04-09T03:40:15Z",
  "published": "2022-05-01T17:59:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2052"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235093"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34060"
    },
    {
      "type": "WEB",
      "url": "https://issues.rpath.com/browse/RPL-1358"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11716"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8353"
    },
    {
      "type": "WEB",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416934"
    },
    {
      "type": "WEB",
      "url": "http://lists.vmware.com/pipermail/security-announce/2008/000005.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25190"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25217"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25233"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25353"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25787"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28027"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28050"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29032"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29303"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29889"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31255"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31492"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/37471"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2008/dsa-1551"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2008/dsa-1620"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:099"
    },
    {
      "type": "WEB",
      "url": "http://www.novell.com/linux/security/advisories/2007_13_sr.html"
    },
    {
      "type": "WEB",
      "url": "http://www.python.org/download/releases/2.5.1/NEWS.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-1076.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-1077.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/469294/30/6450/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/488457/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/23887"
    },
    {
      "type": "WEB",
      "url": "http://www.trustix.org/errata/2007/0019"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-585-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/1465"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0637"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/3316"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2007-2052

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-2052

Aliases

CVE-2007-2052

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-2052",
    "description": "Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination.",
    "id": "GSD-2007-2052",
    "references": [
      "https://www.suse.com/security/cve/CVE-2007-2052.html",
      "https://www.debian.org/security/2008/dsa-1620",
      "https://www.debian.org/security/2008/dsa-1551",
      "https://access.redhat.com/errata/RHSA-2009:1176",
      "https://access.redhat.com/errata/RHSA-2008:0629",
      "https://access.redhat.com/errata/RHSA-2008:0525",
      "https://access.redhat.com/errata/RHSA-2008:0264",
      "https://access.redhat.com/errata/RHSA-2007:1077",
      "https://access.redhat.com/errata/RHSA-2007:1076",
      "https://linux.oracle.com/cve/CVE-2007-2052.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-2052"
      ],
      "details": "Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination.",
      "id": "GSD-2007-2052",
      "modified": "2023-12-13T01:21:38.062492Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-2052",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "[Security-announce] 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates",
            "refsource": "MLIST",
            "url": "http://lists.vmware.com/pipermail/security-announce/2008/000005.html"
          },
          {
            "name": "28050",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28050"
          },
          {
            "name": "25190",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/25190"
          },
          {
            "name": "25217",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/25217"
          },
          {
            "name": "37471",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/37471"
          },
          {
            "name": "http://www.python.org/download/releases/2.5.1/NEWS.txt",
            "refsource": "CONFIRM",
            "url": "http://www.python.org/download/releases/2.5.1/NEWS.txt"
          },
          {
            "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416934",
            "refsource": "CONFIRM",
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416934"
          },
          {
            "name": "DSA-1551",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2008/dsa-1551"
          },
          {
            "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
            "refsource": "CONFIRM",
            "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
          },
          {
            "name": "29303",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/29303"
          },
          {
            "name": "ADV-2007-1465",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/1465"
          },
          {
            "name": "29032",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/29032"
          },
          {
            "name": "31492",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31492"
          },
          {
            "name": "oval:org.mitre.oval:def:8353",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8353"
          },
          {
            "name": "20070521 FLEA-2007-0019-1: python",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/469294/30/6450/threaded"
          },
          {
            "name": "RHSA-2008:0629",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html"
          },
          {
            "name": "RHSA-2007:1077",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2007-1077.html"
          },
          {
            "name": "20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/488457/100/0/threaded"
          },
          {
            "name": "RHSA-2007:1076",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2007-1076.html"
          },
          {
            "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
          },
          {
            "name": "ADV-2008-0637",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/0637"
          },
          {
            "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235093",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235093"
          },
          {
            "name": "25353",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/25353"
          },
          {
            "name": "25233",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/25233"
          },
          {
            "name": "https://issues.rpath.com/browse/RPL-1358",
            "refsource": "CONFIRM",
            "url": "https://issues.rpath.com/browse/RPL-1358"
          },
          {
            "name": "USN-585-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/usn-585-1"
          },
          {
            "name": "2007-0019",
            "refsource": "TRUSTIX",
            "url": "http://www.trustix.org/errata/2007/0019/"
          },
          {
            "name": "28027",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28027"
          },
          {
            "name": "SUSE-SR:2007:013",
            "refsource": "SUSE",
            "url": "http://www.novell.com/linux/security/advisories/2007_13_sr.html"
          },
          {
            "name": "31255",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31255"
          },
          {
            "name": "DSA-1620",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2008/dsa-1620"
          },
          {
            "name": "25787",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/25787"
          },
          {
            "name": "23887",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/23887"
          },
          {
            "name": "python-localemodule-information-disclosure(34060)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34060"
          },
          {
            "name": "oval:org.mitre.oval:def:11716",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11716"
          },
          {
            "name": "ADV-2009-3316",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/3316"
          },
          {
            "name": "MDKSA-2007:099",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:099"
          },
          {
            "name": "29889",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/29889"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-2052"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-193"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416934",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416934"
            },
            {
              "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235093",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking"
              ],
              "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235093"
            },
            {
              "name": "http://www.python.org/download/releases/2.5.1/NEWS.txt",
              "refsource": "CONFIRM",
              "tags": [
                "Broken Link",
                "Vendor Advisory"
              ],
              "url": "http://www.python.org/download/releases/2.5.1/NEWS.txt"
            },
            {
              "name": "23887",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/23887"
            },
            {
              "name": "25190",
              "refsource": "SECUNIA",
              "tags": [
                "Broken Link"
              ],
              "url": "http://secunia.com/advisories/25190"
            },
            {
              "name": "25217",
              "refsource": "SECUNIA",
              "tags": [
                "Broken Link"
              ],
              "url": "http://secunia.com/advisories/25217"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-1358",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://issues.rpath.com/browse/RPL-1358"
            },
            {
              "name": "25233",
              "refsource": "SECUNIA",
              "tags": [
                "Broken Link"
              ],
              "url": "http://secunia.com/advisories/25233"
            },
            {
              "name": "MDKSA-2007:099",
              "refsource": "MANDRIVA",
              "tags": [
                "Broken Link",
                "Third Party Advisory"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:099"
            },
            {
              "name": "RHSA-2007:1076",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2007-1076.html"
            },
            {
              "name": "RHSA-2007:1077",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2007-1077.html"
            },
            {
              "name": "SUSE-SR:2007:013",
              "refsource": "SUSE",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2007_13_sr.html"
            },
            {
              "name": "2007-0019",
              "refsource": "TRUSTIX",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.trustix.org/errata/2007/0019/"
            },
            {
              "name": "25353",
              "refsource": "SECUNIA",
              "tags": [
                "Broken Link"
              ],
              "url": "http://secunia.com/advisories/25353"
            },
            {
              "name": "25787",
              "refsource": "SECUNIA",
              "tags": [
                "Broken Link"
              ],
              "url": "http://secunia.com/advisories/25787"
            },
            {
              "name": "28027",
              "refsource": "SECUNIA",
              "tags": [
                "Broken Link"
              ],
              "url": "http://secunia.com/advisories/28027"
            },
            {
              "name": "28050",
              "refsource": "SECUNIA",
              "tags": [
                "Broken Link"
              ],
              "url": "http://secunia.com/advisories/28050"
            },
            {
              "name": "[Security-announce] 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates",
              "refsource": "MLIST",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://lists.vmware.com/pipermail/security-announce/2008/000005.html"
            },
            {
              "name": "29032",
              "refsource": "SECUNIA",
              "tags": [
                "Broken Link"
              ],
              "url": "http://secunia.com/advisories/29032"
            },
            {
              "name": "USN-585-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.ubuntu.com/usn/usn-585-1"
            },
            {
              "name": "29303",
              "refsource": "SECUNIA",
              "tags": [
                "Broken Link"
              ],
              "url": "http://secunia.com/advisories/29303"
            },
            {
              "name": "DSA-1551",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.debian.org/security/2008/dsa-1551"
            },
            {
              "name": "29889",
              "refsource": "SECUNIA",
              "tags": [
                "Broken Link"
              ],
              "url": "http://secunia.com/advisories/29889"
            },
            {
              "name": "DSA-1620",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.debian.org/security/2008/dsa-1620"
            },
            {
              "name": "31255",
              "refsource": "SECUNIA",
              "tags": [
                "Broken Link"
              ],
              "url": "http://secunia.com/advisories/31255"
            },
            {
              "name": "RHSA-2008:0629",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html"
            },
            {
              "name": "31492",
              "refsource": "SECUNIA",
              "tags": [
                "Broken Link"
              ],
              "url": "http://secunia.com/advisories/31492"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
              "refsource": "CONFIRM",
              "tags": [
                "Broken Link",
                "Third Party Advisory"
              ],
              "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
            },
            {
              "name": "ADV-2009-3316",
              "refsource": "VUPEN",
              "tags": [
                "Broken Link",
                "Third Party Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/3316"
            },
            {
              "name": "37471",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/37471"
            },
            {
              "name": "ADV-2007-1465",
              "refsource": "VUPEN",
              "tags": [
                "Broken Link",
                "Third Party Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1465"
            },
            {
              "name": "ADV-2008-0637",
              "refsource": "VUPEN",
              "tags": [
                "Broken Link",
                "Third Party Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0637"
            },
            {
              "name": "python-localemodule-information-disclosure(34060)",
              "refsource": "XF",
              "tags": [
                "VDB Entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34060"
            },
            {
              "name": "oval:org.mitre.oval:def:8353",
              "refsource": "OVAL",
              "tags": [
                "Broken Link"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8353"
            },
            {
              "name": "oval:org.mitre.oval:def:11716",
              "refsource": "OVAL",
              "tags": [
                "Broken Link"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11716"
            },
            {
              "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
              "refsource": "BUGTRAQ",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
            },
            {
              "name": "20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates",
              "refsource": "BUGTRAQ",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/archive/1/488457/100/0/threaded"
            },
            {
              "name": "20070521 FLEA-2007-0019-1: python",
              "refsource": "BUGTRAQ",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/archive/1/469294/30/6450/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2023-08-02T18:04Z",
      "publishedDate": "2007-04-16T22:19Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-2052 (GCVE-0-2007-2052)

FKIE_CVE-2007-2052

CERTA-2009-AVI-513

Description

Solution

CERTA-2008-AVI-103

Description

Solution

GHSA-7HCX-RXP8-J55G

GSD-2007-2052

Tags

Sightings

Nomenclature