Vulnerability-Lookup

CVE-2009-0590 (GCVE-0-2009-0590)

Vulnerability from cvelistv5 – Published: 2009-03-27 16:00 – Updated: 2024-08-07 04:40

Summary

The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://marc.info/?l=bugtraq&m=124464882609472&w=2	vendor-advisoryx_refsource_HP
	http://www.vupen.com/english/advisories/2009/0850	vdb-entryx_refsource_VUPEN
	http://securitytracker.com/id?1021905	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/34896	third-party-advisoryx_refsource_SECUNIA
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.vupen.com/english/advisories/2009/1175	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/42724	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/502429/100…	mailing-listx_refsource_BUGTRAQ
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://wiki.rpath.com/Advisories:rPSA-2009-0057	x_refsource_CONFIRM
	http://www.debian.org/security/2009/dsa-1763	vendor-advisoryx_refsource_DEBIAN
	http://secunia.com/advisories/38794	third-party-advisoryx_refsource_SECUNIA
	http://lists.vmware.com/pipermail/security-announ…	mailing-listx_refsource_MLIST
	http://sourceforge.net/project/shownotes.php?rele…	x_refsource_CONFIRM
	http://secunia.com/advisories/34960	third-party-advisoryx_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0057	x_refsource_MISC
	http://secunia.com/advisories/34666	third-party-advisoryx_refsource_SECUNIA
	http://www.ubuntu.com/usn/usn-750-1	vendor-advisoryx_refsource_UBUNTU
	http://security.FreeBSD.org/advisories/FreeBSD-SA…	vendor-advisoryx_refsource_FREEBSD
	http://marc.info/?l=bugtraq&m=124464882609472&w=2	vendor-advisoryx_refsource_HP
	http://www.vupen.com/english/advisories/2009/1020	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/35729	third-party-advisoryx_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2009-13…	vendor-advisoryx_refsource_REDHAT
	http://www.osvdb.org/52864	vdb-entryx_refsource_OSVDB
	http://secunia.com/advisories/34561	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/35380	third-party-advisoryx_refsource_SECUNIA
	http://marc.info/?l=bugtraq&m=127678688104458&w=2	vendor-advisoryx_refsource_HP
	http://secunia.com/advisories/42467	third-party-advisoryx_refsource_SECUNIA
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://secunia.com/advisories/35065	third-party-advisoryx_refsource_SECUNIA
	https://lists.balabit.com/pipermail/syslog-ng-ann…	mailing-listx_refsource_MLIST
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://secunia.com/advisories/36533	third-party-advisoryx_refsource_SECUNIA
	http://www.php.net/archive/2009.php#id2009-04-08-1	x_refsource_CONFIRM
	http://secunia.com/advisories/34411	third-party-advisoryx_refsource_SECUNIA
	ftp://ftp.netbsd.org/pub/NetBSD/security/advisori…	vendor-advisoryx_refsource_NETBSD
	http://www.securityfocus.com/archive/1/515055/100…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/34509	third-party-advisoryx_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://secunia.com/advisories/35181	third-party-advisoryx_refsource_SECUNIA
	http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT
	http://secunia.com/advisories/38834	third-party-advisoryx_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://lists.balabit.com/pipermail/syslog-ng-ann…	mailing-listx_refsource_MLIST
	http://www.vupen.com/english/advisories/2010/3126	vdb-entryx_refsource_VUPEN
	http://voodoo-circle.sourceforge.net/sa/sa-200903…	x_refsource_CONFIRM
	http://support.apple.com/kb/HT3865	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2009/1220	vdb-entryx_refsource_VUPEN
	http://www.openssl.org/news/secadv_20090325.txt	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2009/1548	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/36701	third-party-advisoryx_refsource_SECUNIA
	http://support.avaya.com/elmodocs2/security/ASA-2…	x_refsource_CONFIRM
	http://www.vmware.com/security/advisories/VMSA-20…	x_refsource_CONFIRM
	http://marc.info/?l=bugtraq&m=125017764422557&w=2	vendor-advisoryx_refsource_HP
	https://kb.bluecoat.com/index?page=content&id=SA50	x_refsource_CONFIRM
	http://secunia.com/advisories/34460	third-party-advisoryx_refsource_SECUNIA
	http://marc.info/?l=bugtraq&m=125017764422557&w=2	vendor-advisoryx_refsource_HP
	http://www.securityfocus.com/bid/34256	vdb-entryx_refsource_BID
	http://secunia.com/advisories/42733	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2010/0528	vdb-entryx_refsource_VUPEN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:40:04.972Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SSRT090059",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=124464882609472\u0026w=2"
          },
          {
            "name": "ADV-2009-0850",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0850"
          },
          {
            "name": "1021905",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1021905"
          },
          {
            "name": "34896",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34896"
          },
          {
            "name": "MDVSA-2009:087",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:087"
          },
          {
            "name": "ADV-2009-1175",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1175"
          },
          {
            "name": "42724",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42724"
          },
          {
            "name": "20090403 rPSA-2009-0057-1 m2crypto openssl openssl-scripts",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/502429/100/0/threaded"
          },
          {
            "name": "SUSE-SU-2011:0847",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0057"
          },
          {
            "name": "DSA-1763",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1763"
          },
          {
            "name": "38794",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38794"
          },
          {
            "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?release_id=671059\u0026group_id=116847"
          },
          {
            "name": "34960",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34960"
          },
          {
            "name": "openSUSE-SU-2011:0845",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0057"
          },
          {
            "name": "34666",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34666"
          },
          {
            "name": "USN-750-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-750-1"
          },
          {
            "name": "FreeBSD-SA-09:08",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-09:08.openssl.asc"
          },
          {
            "name": "HPSBUX02435",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=124464882609472\u0026w=2"
          },
          {
            "name": "ADV-2009-1020",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1020"
          },
          {
            "name": "35729",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35729"
          },
          {
            "name": "RHSA-2009:1335",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html"
          },
          {
            "name": "52864",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/52864"
          },
          {
            "name": "34561",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34561"
          },
          {
            "name": "35380",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35380"
          },
          {
            "name": "HPSBOV02540",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127678688104458\u0026w=2"
          },
          {
            "name": "42467",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42467"
          },
          {
            "name": "APPLE-SA-2009-09-10-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
          },
          {
            "name": "35065",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35065"
          },
          {
            "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
          },
          {
            "name": "oval:org.mitre.oval:def:10198",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10198"
          },
          {
            "name": "36533",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36533"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.php.net/archive/2009.php#id2009-04-08-1"
          },
          {
            "name": "34411",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34411"
          },
          {
            "name": "NetBSD-SA2009-008",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc"
          },
          {
            "name": "20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
          },
          {
            "name": "34509",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34509"
          },
          {
            "name": "openssl-asn1-stringprintex-dos(49431)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49431"
          },
          {
            "name": "35181",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35181"
          },
          {
            "name": "258048",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-258048-1"
          },
          {
            "name": "38834",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38834"
          },
          {
            "name": "SUSE-SR:2009:010",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
          },
          {
            "name": "oval:org.mitre.oval:def:6996",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6996"
          },
          {
            "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
          },
          {
            "name": "ADV-2010-3126",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3126"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3865"
          },
          {
            "name": "ADV-2009-1220",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1220"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20090325.txt"
          },
          {
            "name": "ADV-2009-1548",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1548"
          },
          {
            "name": "36701",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36701"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-172.htm"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
          },
          {
            "name": "HPSBMA02447",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=125017764422557\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
          },
          {
            "name": "34460",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34460"
          },
          {
            "name": "SSRT090062",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=125017764422557\u0026w=2"
          },
          {
            "name": "34256",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/34256"
          },
          {
            "name": "42733",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42733"
          },
          {
            "name": "ADV-2010-0528",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0528"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-03-25T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "SSRT090059",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=124464882609472\u0026w=2"
        },
        {
          "name": "ADV-2009-0850",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0850"
        },
        {
          "name": "1021905",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1021905"
        },
        {
          "name": "34896",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34896"
        },
        {
          "name": "MDVSA-2009:087",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:087"
        },
        {
          "name": "ADV-2009-1175",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1175"
        },
        {
          "name": "42724",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42724"
        },
        {
          "name": "20090403 rPSA-2009-0057-1 m2crypto openssl openssl-scripts",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/502429/100/0/threaded"
        },
        {
          "name": "SUSE-SU-2011:0847",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0057"
        },
        {
          "name": "DSA-1763",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1763"
        },
        {
          "name": "38794",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38794"
        },
        {
          "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?release_id=671059\u0026group_id=116847"
        },
        {
          "name": "34960",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34960"
        },
        {
          "name": "openSUSE-SU-2011:0845",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0057"
        },
        {
          "name": "34666",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34666"
        },
        {
          "name": "USN-750-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-750-1"
        },
        {
          "name": "FreeBSD-SA-09:08",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-09:08.openssl.asc"
        },
        {
          "name": "HPSBUX02435",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=124464882609472\u0026w=2"
        },
        {
          "name": "ADV-2009-1020",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1020"
        },
        {
          "name": "35729",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35729"
        },
        {
          "name": "RHSA-2009:1335",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html"
        },
        {
          "name": "52864",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/52864"
        },
        {
          "name": "34561",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34561"
        },
        {
          "name": "35380",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35380"
        },
        {
          "name": "HPSBOV02540",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127678688104458\u0026w=2"
        },
        {
          "name": "42467",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42467"
        },
        {
          "name": "APPLE-SA-2009-09-10-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
        },
        {
          "name": "35065",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35065"
        },
        {
          "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
        },
        {
          "name": "oval:org.mitre.oval:def:10198",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10198"
        },
        {
          "name": "36533",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36533"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.php.net/archive/2009.php#id2009-04-08-1"
        },
        {
          "name": "34411",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34411"
        },
        {
          "name": "NetBSD-SA2009-008",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc"
        },
        {
          "name": "20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
        },
        {
          "name": "34509",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34509"
        },
        {
          "name": "openssl-asn1-stringprintex-dos(49431)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49431"
        },
        {
          "name": "35181",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35181"
        },
        {
          "name": "258048",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-258048-1"
        },
        {
          "name": "38834",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38834"
        },
        {
          "name": "SUSE-SR:2009:010",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
        },
        {
          "name": "oval:org.mitre.oval:def:6996",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6996"
        },
        {
          "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
        },
        {
          "name": "ADV-2010-3126",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3126"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3865"
        },
        {
          "name": "ADV-2009-1220",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1220"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20090325.txt"
        },
        {
          "name": "ADV-2009-1548",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1548"
        },
        {
          "name": "36701",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36701"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-172.htm"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
        },
        {
          "name": "HPSBMA02447",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=125017764422557\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
        },
        {
          "name": "34460",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34460"
        },
        {
          "name": "SSRT090062",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=125017764422557\u0026w=2"
        },
        {
          "name": "34256",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/34256"
        },
        {
          "name": "42733",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42733"
        },
        {
          "name": "ADV-2010-0528",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0528"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2009-0590",
    "datePublished": "2009-03-27T16:00:00.000Z",
    "dateReserved": "2009-02-13T00:00:00.000Z",
    "dateUpdated": "2024-08-07T04:40:04.972Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2009-AVI-120

Vulnerability from certfr_avis - Published: 2009-03-26 - Updated: 2009-06-17

Plusieurs vulnérabilités dans OpenSSL permettent à une personne malintentionnée d'effectuer un déni de service à distance ou de contouner la politique de sécurité.

Description

Plusieurs vulnérabilités ont été découvertes dans OpenSSL :

une erreur dans la fonction ASN1_STRING_print_ex() permet de provoquer un arrêt inopiné de l'application (crash) ;
une vulnérabilité dans la gestion des erreurs permet dans certaines conditions de faire passer une fausse signature pour valide ;
une erreur dans la gestion des structures ANS1 mal formées permet de provoquer un arrêt inopiné de l'application (crash).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

OpenSSL versions antérieures à la 0.9.8k.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité OpenSSL du 25 mars 2009	None	vendor-advisory
Bulletin de sécurité Gentoo GLSA-200904-08 du 07 avril 2009 :	-	other
Bulletin de sécurité Mandriva MDVSA-2009:087 du 03 avril 2009 :	-	other
Bulletin de sécurité FreeBSD FreeBSD-SA-09:08.opensll du 22 avril 2009 :	-	other
Bulletin de sécurité Sun #258048 du 04 mai 2009 :	-	other
Bulletin de sécurité OpenSuse SUSE-SR:2009:010 du 12 mai 2009 :	-	other
Bulletin de sécurité Debian DSA-1763 du 06 avril 2009 :	-	other
Bulletin de sécurité OpenBSD #012_OpenSSL du 08 avril 2009 :	-	other
Bulletin de sécurité HP SSRT090059 du 10 juin 2009 :	-	other
Bulletin de sécurité Ubuntu USN-750-1 du 30 mars 2009 :	-	other
Bulletin de sécurité OpenBSD #001_OpenSSL du 08 avril 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eOpenSSL versions ant\u00e9rieures \u00e0 la 0.9.8k.\u003c/P\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans OpenSSL :\n\n-   une erreur dans la fonction ASN1_STRING_print_ex() permet de\n    provoquer un arr\u00eat inopin\u00e9 de l\u0027application (crash) ;\n-   une vuln\u00e9rabilit\u00e9 dans la gestion des erreurs permet dans certaines\n    conditions de faire passer une fausse signature pour valide ;\n-   une erreur dans la gestion des structures ANS1 mal form\u00e9es permet de\n    provoquer un arr\u00eat inopin\u00e9 de l\u0027application (crash).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0789"
    },
    {
      "name": "CVE-2009-0591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0591"
    },
    {
      "name": "CVE-2009-0590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0590"
    }
  ],
  "initial_release_date": "2009-03-26T00:00:00",
  "last_revision_date": "2009-06-17T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA-200904-08 du 07 avril 2009    :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200904-08.xml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDVSA-2009:087 du 03 avril    2009 :",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:087"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 FreeBSD FreeBSD-SA-09:08.opensll du 22    avril 2009 :",
      "url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:08.opensll.asc"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Sun #258048 du 04 mai 2009 :",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-258048-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 OpenSuse SUSE-SR:2009:010 du 12 mai    2009 :",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-1763 du 06 avril 2009 :",
      "url": "http://www.debian.org/security/2009/dsa-1763"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 OpenBSD #012_OpenSSL du 08 avril 2009    :",
      "url": "http://www.openbsd.org/errata44.html#012_openssl"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 HP SSRT090059 du 10 juin 2009 :",
      "url": "https://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c017626423"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-750-1 du 30 mars 2009 :",
      "url": "http://www.ubuntu.com/usn/usn-750-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 OpenBSD #001_OpenSSL du 08 avril 2009    :",
      "url": "http://www.openbsd.org/errata45.html#001_openssl"
    }
  ],
  "reference": "CERTA-2009-AVI-120",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-03-26T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 Gentoo, Debian, Ubuntu, Sun, FreeBSD et OpenBSD.",
      "revision_date": "2009-05-11T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 Mandriva, HP et Suse.",
      "revision_date": "2009-06-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans OpenSSL permettent \u00e0 une personne\nmalintentionn\u00e9e d\u0027effectuer un d\u00e9ni de service \u00e0 distance ou de\ncontouner la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans OpenSSL",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 OpenSSL du 25 mars 2009",
      "url": "http://www.openssl.org/news/secadv_20090325.txt"
    }
  ]
}

CERTA-2010-AVI-106

Vulnerability from certfr_avis - Published: 2010-03-04 - Updated: 2010-03-04

Plusieurs vulnérabilités découvertes dans les produits VMware peuvent être exploitées à distance par un utilisateur malintentionné afin de compromettre le système ou d'entraver son bon fonctionnement.

Description

Les vulnérabilités présentes dans les produits VMware peuvent être exploitées afin de porter atteinte à l'intégrité et à la confidentialité des données, de réaliser un déni de service, d'injecter et d'exécuter indirectement du code arbitraire, d'élever ses privilèges ou d'exécuter du code arbitraire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	VMware vMA 4.0 sans le patch 3.
VMware	N/A	VMware ESX 3.0.3 ;
VMware	N/A	VMware ESX 3.5 ;
VMware	N/A	VMware ESX 2.5.5 ;
VMware	N/A	VMware ESX 4.0 sans les patchs SX400-201002404-SG, SX400-201002406-SG, SX400-201002407-SG ;

References

Title

Publication Time

Tags

Bulletin de sécurité VMware du 03 mars 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware vMA 4.0 sans le patch 3.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX 3.0.3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX 3.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX 2.5.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX 4.0 sans les patchs SX400-201002404-SG, SX400-201002406-SG, SX400-201002407-SG ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nLes vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans les produits VMware peuvent \u00eatre\nexploit\u00e9es afin de porter atteinte \u00e0 l\u0027int\u00e9grit\u00e9 et \u00e0 la confidentialit\u00e9\ndes donn\u00e9es, de r\u00e9aliser un d\u00e9ni de service, d\u0027injecter et d\u0027ex\u00e9cuter\nindirectement du code arbitraire, d\u0027\u00e9lever ses privil\u00e8ges ou d\u0027ex\u00e9cuter\ndu code arbitraire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-2905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2905"
    },
    {
      "name": "CVE-2009-1387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1387"
    },
    {
      "name": "CVE-2009-3560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3560"
    },
    {
      "name": "CVE-2009-2849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2849"
    },
    {
      "name": "CVE-2009-3916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3916"
    },
    {
      "name": "CVE-2009-0115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0115"
    },
    {
      "name": "CVE-2009-1379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1379"
    },
    {
      "name": "CVE-2009-3613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3613"
    },
    {
      "name": "CVE-2009-4022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4022"
    },
    {
      "name": "CVE-2009-3563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3563"
    },
    {
      "name": "CVE-2009-3620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3620"
    },
    {
      "name": "CVE-2009-1189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1189"
    },
    {
      "name": "CVE-2009-3228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3228"
    },
    {
      "name": "CVE-2009-3547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3547"
    },
    {
      "name": "CVE-2009-2695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2695"
    },
    {
      "name": "CVE-2008-4316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4316"
    },
    {
      "name": "CVE-2009-1378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1378"
    },
    {
      "name": "CVE-2008-3916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3916"
    },
    {
      "name": "CVE-2009-1386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1386"
    },
    {
      "name": "CVE-2009-1377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1377"
    },
    {
      "name": "CVE-2009-0590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0590"
    },
    {
      "name": "CVE-2009-3286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3286"
    },
    {
      "name": "CVE-2008-4552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4552"
    },
    {
      "name": "CVE-2009-3612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3612"
    },
    {
      "name": "CVE-2009-3621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3621"
    },
    {
      "name": "CVE-2009-3720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3720"
    },
    {
      "name": "CVE-2009-2904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2904"
    },
    {
      "name": "CVE-2009-2908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2908"
    },
    {
      "name": "CVE-2009-3726",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3726"
    }
  ],
  "initial_release_date": "2010-03-04T00:00:00",
  "last_revision_date": "2010-03-04T00:00:00",
  "links": [],
  "reference": "CERTA-2010-AVI-106",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-03-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans les produits VMware peuvent\n\u00eatre exploit\u00e9es \u00e0 distance par un utilisateur malintentionn\u00e9 afin de\ncompromettre le syst\u00e8me ou d\u0027entraver son bon fonctionnement.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware du 03 mars 2010",
      "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
    }
  ]
}

CERTA-2010-AVI-627

Vulnerability from certfr_avis - Published: 2010-12-23 - Updated: 2010-12-23

De nombreuses vulnérabilités, liées à l'utilisation de versions anciennes du code OpenSSL, affectent Blue Coat Reporter. Les plus dommageables permettent à un utilisateur malveillant d'exécuter du code arbitraire à distance.

Description

Solution

Pour la version 9, la révision 9.2.4.1 remédie à ces vulnérabilités. Le correctif de la version 8 n'est pas encore disponible.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Blue Coat Reporter, versions 8.x et 9.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Blue Coat SA50 du 19 novembre 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eBlue Coat Reporter, versions 8.x et  9.x.\u003c/p\u003e",
  "content": "## Description\n\nDe nombreuses vuln\u00e9rabilit\u00e9s, li\u00e9es \u00e0 l\u0027utilisation de versions\nanciennes du code OpenSSL, affectent Blue Coat Reporter. Les plus\ndommageables permettent \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance.\n\n## Solution\n\nPour la version 9, la r\u00e9vision 9.2.4.1 rem\u00e9die \u00e0 ces vuln\u00e9rabilit\u00e9s. Le\ncorrectif de la version 8 n\u0027est pas encore disponible.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-1678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1678"
    },
    {
      "name": "CVE-2010-0433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0433"
    },
    {
      "name": "CVE-2010-0742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0742"
    },
    {
      "name": "CVE-2009-0789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0789"
    },
    {
      "name": "CVE-2009-1379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1379"
    },
    {
      "name": "CVE-2009-3555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3555"
    },
    {
      "name": "CVE-2009-0591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0591"
    },
    {
      "name": "CVE-2009-1378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1378"
    },
    {
      "name": "CVE-2009-1377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1377"
    },
    {
      "name": "CVE-2009-3245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3245"
    },
    {
      "name": "CVE-2010-0740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0740"
    },
    {
      "name": "CVE-2009-0590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0590"
    },
    {
      "name": "CVE-2009-4355",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4355"
    }
  ],
  "initial_release_date": "2010-12-23T00:00:00",
  "last_revision_date": "2010-12-23T00:00:00",
  "links": [],
  "reference": "CERTA-2010-AVI-627",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-12-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De nombreuses vuln\u00e9rabilit\u00e9s, li\u00e9es \u00e0 l\u0027utilisation de versions\nanciennes du code OpenSSL, affectent Blue Coat Reporter. Les plus\ndommageables permettent \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Blue Coat Reporter",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Blue Coat SA50 du 19 novembre 2010",
      "url": "http://kb.bluecoat.com/index?page=content\u0026id=SA50"
    }
  ]
}

CERTA-2010-AVI-268

Vulnerability from certfr_avis - Published: 2010-06-17 - Updated: 2010-06-17

De multiples vulnérabilités ont été découvertes dans HP SSL pour OpenVMS.

Description

De multiples vulnérabilités ont été découvertes dans HP SSL pour OpenVMS. Une personne malveillante peut exploiter ces vulnérabilités pour provoquer un déni de service à distance, ou contourner la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	HP SSL 1.3 pour OpenVMS Alpha versions 8.2 et supérieures ;
	N/A	N/A	HP SSL 1.3 pour OpenVMS Integrity versions 8.2-1 et supérieures.

References

Title

Publication Time

Tags

Bulletin de sécurité HP c02227287 du 16 juin 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "HP SSL 1.3 pour OpenVMS Alpha versions 8.2 et sup\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP SSL 1.3 pour OpenVMS Integrity versions 8.2-1 et sup\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans HP SSL pour\nOpenVMS. Une personne malveillante peut exploiter ces vuln\u00e9rabilit\u00e9s\npour provoquer un d\u00e9ni de service \u00e0 distance, ou contourner la politique\nde s\u00e9curit\u00e9.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0789"
    },
    {
      "name": "CVE-2009-0591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0591"
    },
    {
      "name": "CVE-2009-3245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3245"
    },
    {
      "name": "CVE-2009-0590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0590"
    },
    {
      "name": "CVE-2008-5077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5077"
    }
  ],
  "initial_release_date": "2010-06-17T00:00:00",
  "last_revision_date": "2010-06-17T00:00:00",
  "links": [],
  "reference": "CERTA-2010-AVI-268",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-06-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans HP SSL pour\nOpenVMS.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans HP SSL pour OpenVMS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP c02227287 du 16 juin 2010",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02227287"
    }
  ]
}

CERTA-2010-AVI-583

Vulnerability from certfr_avis - Published: 2010-12-09 - Updated: 2010-12-09

De multiples vulnérabilités affectant différents logiciels inclus dans VMware ESX Console OS ont été corrigées.

Description

Plusieurs logiciels vulnérables inclus dans VMware ESX Console OS ont été mis à jour par l'éditeur :

Samba est mis à jour pour corriger une vulnérabilité permettant à un utilisateur malveillant distant de provoquer un déni de service et potentiellement de l'exécution de code arbitraire (CVE-2010-3069) ;
bzip2 est mis à jour pour corriger une vulnérabilité permettant à un attaquant d'exécuter du code arbitraire à l'aide d'un fichier spécialement conçu (CVE-2010-0405) ;
OpenSSL est mis à jour pour corriger plusieurs vulnérabilités permettant de contourner la politique de sécurité (CVE-2009-0590, CVE-2009-2409 et CVE-2009-355).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	VMware	N/A	VMware ESX 3.x Console OS (COS).
	VMware	N/A	VMware ESX 4.x Console OS (COS) ;

References

Title

Publication Time

Tags

Avis de sécurité VMware VMSA-2010-0019 du 07 décembre 2010	None	vendor-advisory
Bulletin de sécurité VMware VMSA-2010-0019 du 07 décembre 2010 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware ESX 3.x Console OS (COS).",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX 4.x Console OS (COS) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs logiciels vuln\u00e9rables inclus dans VMware ESX Console OS ont\n\u00e9t\u00e9 mis \u00e0 jour par l\u0027\u00e9diteur :\n\n-   Samba est mis \u00e0 jour pour corriger une vuln\u00e9rabilit\u00e9 permettant \u00e0 un\n    utilisateur malveillant distant de provoquer un d\u00e9ni de service et\n    potentiellement de l\u0027ex\u00e9cution de code arbitraire (CVE-2010-3069) ;\n-   bzip2 est mis \u00e0 jour pour corriger une vuln\u00e9rabilit\u00e9 permettant \u00e0 un\n    attaquant d\u0027ex\u00e9cuter du code arbitraire \u00e0 l\u0027aide d\u0027un fichier\n    sp\u00e9cialement con\u00e7u (CVE-2010-0405) ;\n-   OpenSSL est mis \u00e0 jour pour corriger plusieurs vuln\u00e9rabilit\u00e9s\n    permettant de contourner la politique de s\u00e9curit\u00e9 (CVE-2009-0590,\n    CVE-2009-2409 et CVE-2009-355).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-3555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3555"
    },
    {
      "name": "CVE-2010-0405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0405"
    },
    {
      "name": "CVE-2009-0590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0590"
    },
    {
      "name": "CVE-2010-3069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3069"
    },
    {
      "name": "CVE-2009-2409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2409"
    }
  ],
  "initial_release_date": "2010-12-09T00:00:00",
  "last_revision_date": "2010-12-09T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2010-0019 du 07 d\u00e9cembre    2010 :",
      "url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
    }
  ],
  "reference": "CERTA-2010-AVI-583",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-12-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s affectant diff\u00e9rents logiciels inclus dans\nVMware ESX Console OS ont \u00e9t\u00e9 corrig\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware ESX",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 VMware VMSA-2010-0019 du 07 d\u00e9cembre 2010",
      "url": null
    }
  ]
}

CERTA-2009-AVI-382

Vulnerability from certfr_avis - Published: 2009-09-11 - Updated: 2009-09-11

De multiples vulnérabilités permettant entre autres l'exécution de code arbitraire à distance ont été corrigées dans MacOS X.

Description

Plusieurs vulnérabilités d'applications contenues dans MacOS X ont été corrigées. MacOS X 10.6 n'est concerné que par les failles affectant le plugin Flash Player. Les vulnérabilités permettent notamment l'exécution de code arbitraire à distance, l'élévation de privilèges et l'injection de code indirecte.

Solution

Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	macOS	MacOS X Server 10.4.x (Universal) ;
Apple	macOS	MacOS X 10.5.8 ;
Apple	macOS	MacOS X 10.4.11 ;
Apple	macOS	MacOS X 10.6.
Apple	macOS	MacOS X Server 10.5 ;
Apple	macOS	MacOS X Server 10.4.x (PowerPC) ;

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT3865 du 10 septembre 2009	None	vendor-advisory
Bulletin de sécurité Apple HT3864 du 11 septembre 2009	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "MacOS X Server 10.4.x (Universal) ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "MacOS X 10.5.8 ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "MacOS X 10.4.11 ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "MacOS X 10.6.",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "MacOS X Server 10.5 ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "MacOS X Server 10.4.x (PowerPC) ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s d\u0027applications contenues dans MacOS X ont \u00e9t\u00e9\ncorrig\u00e9es. MacOS X 10.6 n\u0027est concern\u00e9 que par les failles affectant le\nplugin Flash Player. Les vuln\u00e9rabilit\u00e9s permettent notamment l\u0027ex\u00e9cution\nde code arbitraire \u00e0 distance, l\u0027\u00e9l\u00e9vation de privil\u00e8ges et l\u0027injection\nde code indirecte.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-1864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1864"
    },
    {
      "name": "CVE-2009-2804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2804"
    },
    {
      "name": "CVE-2009-1867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1867"
    },
    {
      "name": "CVE-2009-2813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2813"
    },
    {
      "name": "CVE-2009-0789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0789"
    },
    {
      "name": "CVE-2009-2805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2805"
    },
    {
      "name": "CVE-2009-0949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0949"
    },
    {
      "name": "CVE-2009-2800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2800"
    },
    {
      "name": "CVE-2009-1866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1866"
    },
    {
      "name": "CVE-2009-2468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2468"
    },
    {
      "name": "CVE-2008-2079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2079"
    },
    {
      "name": "CVE-2009-1865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1865"
    },
    {
      "name": "CVE-2009-1868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1868"
    },
    {
      "name": "CVE-2009-0591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0591"
    },
    {
      "name": "CVE-2008-5498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5498"
    },
    {
      "name": "CVE-2009-1372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1372"
    },
    {
      "name": "CVE-2009-2811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2811"
    },
    {
      "name": "CVE-2009-2809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2809"
    },
    {
      "name": "CVE-2009-1870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1870"
    },
    {
      "name": "CVE-2009-1862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1862"
    },
    {
      "name": "CVE-2009-2812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2812"
    },
    {
      "name": "CVE-2009-1272",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1272"
    },
    {
      "name": "CVE-2009-1241",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1241"
    },
    {
      "name": "CVE-2009-0590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0590"
    },
    {
      "name": "CVE-2009-1371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1371"
    },
    {
      "name": "CVE-2008-6680",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-6680"
    },
    {
      "name": "CVE-2009-1270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1270"
    },
    {
      "name": "CVE-2009-1271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1271"
    },
    {
      "name": "CVE-2009-2807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2807"
    },
    {
      "name": "CVE-2009-2814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2814"
    },
    {
      "name": "CVE-2009-1863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1863"
    },
    {
      "name": "CVE-2009-1869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1869"
    },
    {
      "name": "CVE-2009-2803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2803"
    }
  ],
  "initial_release_date": "2009-09-11T00:00:00",
  "last_revision_date": "2009-09-11T00:00:00",
  "links": [],
  "reference": "CERTA-2009-AVI-382",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-09-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s permettant entre autres l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan class=\"textit\"\u003eMacOS\nX\u003c/span\u003e.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans MacOS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT3865 du 10 septembre 2009",
      "url": "http://support.apple.com/kb/HT3865"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT3864 du 11 septembre 2009",
      "url": "http://support.apple.com/kb/HT3864"
    }
  ]
}

CERTA-2011-AVI-032

Vulnerability from certfr_avis - Published: 2011-01-26 - Updated: 2011-01-26

Plusieurs vulnérabilités sont présentes dans syslog-ng. Elles permettent de contourner la politique de sécurité ou de provoquer un déni de service à distance.

Description

Plusieurs vulnérabilités sont présentes dans syslog-ng.

L'une d'elles permet de contourner la politique de sécurité en raison d'un mauvais positionnement des droits d'accès sur des fichiers.

Les autres sont exploitables pour provoquer un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

syslog-ng Open Source Edition :

versions 3.0.x antérieures à la version 3.0.10 ;
versions 3.1.x antérieures à la version 3.1.4 ;
versions 3.2.x antérieures à la version 3.2.2.

syslog-ng Premium Edition :

versions 3.0.x antérieures à la version 3.0.6a ;
versions 3.2.x antérieures à la version 3.2.1a.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Annonces des versions de syslog-ng des 07, 14 et 16 janvier 2011	None	vendor-advisory
Annonces des versions de syslog-ng du 14 janvier 2011 :	-	other
Annonces des versions de syslog-ng du 14 janvier 2011 :	-	other
Annonces des versions de syslog-ng du 16 janvier 2011 :	-	other
Annonces des versions de syslog-ng du 07 janvier 2011 :	-	other
Annonces des versions de syslog-ng du 07 janvier 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003esyslog-ng Open Source Edition :  \u003cUL\u003e    \u003cLI\u003eversions 3.0.x ant\u00e9rieures \u00e0 la version 3.0.10 ;\u003c/LI\u003e    \u003cLI\u003eversions 3.1.x ant\u00e9rieures \u00e0 la version 3.1.4 ;\u003c/LI\u003e    \u003cLI\u003eversions 3.2.x ant\u00e9rieures \u00e0 la version 3.2.2.\u003c/LI\u003e  \u003c/UL\u003e  \u003cP\u003esyslog-ng Premium Edition :\u003c/P\u003e  \u003cUL\u003e    \u003cLI\u003eversions 3.0.x ant\u00e9rieures \u00e0 la version 3.0.6a ;\u003c/LI\u003e    \u003cLI\u003eversions 3.2.x ant\u00e9rieures \u00e0 la version 3.2.1a.\u003c/LI\u003e  \u003c/UL\u003e\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans syslog-ng.\n\nL\u0027une d\u0027elles permet de contourner la politique de s\u00e9curit\u00e9 en raison\nd\u0027un mauvais positionnement des droits d\u0027acc\u00e8s sur des fichiers.\n\nLes autres sont exploitables pour provoquer un d\u00e9ni de service \u00e0\ndistance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-0433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0433"
    },
    {
      "name": "CVE-2010-0742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0742"
    },
    {
      "name": "CVE-2011-0343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0343"
    },
    {
      "name": "CVE-2009-3245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3245"
    },
    {
      "name": "CVE-2010-0740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0740"
    },
    {
      "name": "CVE-2009-0590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0590"
    },
    {
      "name": "CVE-2010-3864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3864"
    },
    {
      "name": "CVE-2009-2409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2409"
    }
  ],
  "initial_release_date": "2011-01-26T00:00:00",
  "last_revision_date": "2011-01-26T00:00:00",
  "links": [
    {
      "title": "Annonces des versions de syslog-ng du 14 janvier 2011 :",
      "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000103.html"
    },
    {
      "title": "Annonces des versions de syslog-ng du 14 janvier 2011 :",
      "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000104.html"
    },
    {
      "title": "Annonces des versions de syslog-ng du 16 janvier 2011 :",
      "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000105.html"
    },
    {
      "title": "Annonces des versions de syslog-ng du 07 janvier 2011 :",
      "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
    },
    {
      "title": "Annonces des versions de syslog-ng du 07 janvier 2011 :",
      "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
    }
  ],
  "reference": "CERTA-2011-AVI-032",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-01-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans syslog-ng. Elles permettent\nde contourner la politique de s\u00e9curit\u00e9 ou de provoquer un d\u00e9ni de\nservice \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans syslog-ng",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Annonces des versions de syslog-ng des 07, 14 et 16 janvier 2011",
      "url": null
    }
  ]
}

FKIE_CVE-2009-0590

Vulnerability from fkie_nvd - Published: 2009-03-27 16:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc	Third Party Advisory
secalert@redhat.com	http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html	Mailing List, Third Party Advisory
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html	Mailing List, Third Party Advisory
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html	Mailing List, Third Party Advisory
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html	Mailing List, Third Party Advisory
secalert@redhat.com	http://lists.vmware.com/pipermail/security-announce/2010/000082.html	Third Party Advisory
secalert@redhat.com	http://marc.info/?l=bugtraq&m=124464882609472&w=2	Mailing List, Third Party Advisory
secalert@redhat.com	http://marc.info/?l=bugtraq&m=125017764422557&w=2	Mailing List, Third Party Advisory
secalert@redhat.com	http://marc.info/?l=bugtraq&m=127678688104458&w=2	Mailing List, Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/34411	Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/34460	Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/34509	Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/34561	Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/34666	Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/34896	Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/34960	Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/35065	Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/35181	Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/35380	Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/35729	Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/36533	Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/36701	Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/38794	Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/38834	Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/42467	Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/42724	Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/42733	Third Party Advisory
secalert@redhat.com	http://security.FreeBSD.org/advisories/FreeBSD-SA-09:08.openssl.asc	Third Party Advisory
secalert@redhat.com	http://securitytracker.com/id?1021905	Third Party Advisory, VDB Entry
secalert@redhat.com	http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847	Patch, Third Party Advisory
secalert@redhat.com	http://sunsolve.sun.com/search/document.do?assetkey=1-26-258048-1	Broken Link
secalert@redhat.com	http://support.apple.com/kb/HT3865	Third Party Advisory
secalert@redhat.com	http://support.avaya.com/elmodocs2/security/ASA-2009-172.htm	Third Party Advisory
secalert@redhat.com	http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html	Third Party Advisory
secalert@redhat.com	http://wiki.rpath.com/Advisories:rPSA-2009-0057	Broken Link
secalert@redhat.com	http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0057	Broken Link
secalert@redhat.com	http://www.debian.org/security/2009/dsa-1763	Third Party Advisory
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2009:087	Third Party Advisory
secalert@redhat.com	http://www.openssl.org/news/secadv_20090325.txt	Vendor Advisory
secalert@redhat.com	http://www.osvdb.org/52864	Broken Link
secalert@redhat.com	http://www.php.net/archive/2009.php#id2009-04-08-1	Third Party Advisory
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2009-1335.html	Third Party Advisory
secalert@redhat.com	http://www.securityfocus.com/archive/1/502429/100/0/threaded	Third Party Advisory, VDB Entry
secalert@redhat.com	http://www.securityfocus.com/archive/1/515055/100/0/threaded	Third Party Advisory, VDB Entry
secalert@redhat.com	http://www.securityfocus.com/bid/34256	Patch, Third Party Advisory, VDB Entry
secalert@redhat.com	http://www.ubuntu.com/usn/usn-750-1	Third Party Advisory
secalert@redhat.com	http://www.vmware.com/security/advisories/VMSA-2010-0019.html	Third Party Advisory
secalert@redhat.com	http://www.vupen.com/english/advisories/2009/0850	Permissions Required
secalert@redhat.com	http://www.vupen.com/english/advisories/2009/1020	Permissions Required
secalert@redhat.com	http://www.vupen.com/english/advisories/2009/1175	Permissions Required
secalert@redhat.com	http://www.vupen.com/english/advisories/2009/1220	Permissions Required
secalert@redhat.com	http://www.vupen.com/english/advisories/2009/1548	Permissions Required
secalert@redhat.com	http://www.vupen.com/english/advisories/2010/0528	Permissions Required
secalert@redhat.com	http://www.vupen.com/english/advisories/2010/3126	Permissions Required
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/49431	Third Party Advisory, VDB Entry
secalert@redhat.com	https://kb.bluecoat.com/index?page=content&id=SA50	Third Party Advisory
secalert@redhat.com	https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html	Third Party Advisory
secalert@redhat.com	https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html	Third Party Advisory
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10198	Third Party Advisory
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6996	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.vmware.com/pipermail/security-announce/2010/000082.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=124464882609472&w=2	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=125017764422557&w=2	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=127678688104458&w=2	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34411	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34460	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34509	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34561	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34666	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34896	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34960	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35065	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35181	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35380	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35729	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36533	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36701	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38794	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38834	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/42467	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/42724	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/42733	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://security.FreeBSD.org/advisories/FreeBSD-SA-09:08.openssl.asc	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1021905	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-26-258048-1	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT3865	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.avaya.com/elmodocs2/security/ASA-2009-172.htm	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://wiki.rpath.com/Advisories:rPSA-2009-0057	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0057	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2009/dsa-1763	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2009:087	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openssl.org/news/secadv_20090325.txt	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/52864	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.php.net/archive/2009.php#id2009-04-08-1	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2009-1335.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/502429/100/0/threaded	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/515055/100/0/threaded	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/34256	Patch, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-750-1	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/security/advisories/VMSA-2010-0019.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/0850	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1020	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1175	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1220	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1548	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0528	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/3126	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/49431	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://kb.bluecoat.com/index?page=content&id=SA50	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10198	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6996	Third Party Advisory

Impacted products

Vendor	Product	Version
openssl	openssl	*
debian	debian_linux	4.0
debian	debian_linux	5.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B334F9E9-BA5E-48D3-8461-A417DCF24E46",
              "versionEndExcluding": "0.9.8k",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n ASN1_STRING_print_ex en OpenSSL versiones anteriores a v0.9.8k permite a atacantes remotos provocar una denegaci\u00f3n de servicio (acceso inv\u00e1lido a memoria y ca\u00edda de la aplicaci\u00f3n) mediante vectores que provocan la impresi\u00f3n de (1) BMPString o (2) UniversalString con una longitud de codificaci\u00f3n inv\u00e1lida."
    }
  ],
  "id": "CVE-2009-0590",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-03-27T16:30:00.170",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=124464882609472\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=125017764422557\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=127678688104458\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/34411"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/34460"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/34509"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/34561"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/34666"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/34896"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/34960"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/35065"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/35181"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/35380"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/35729"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/36533"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/36701"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/38794"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/38834"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/42467"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/42724"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/42733"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-09:08.openssl.asc"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1021905"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://sourceforge.net/project/shownotes.php?release_id=671059\u0026group_id=116847"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-258048-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://support.apple.com/kb/HT3865"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-172.htm"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0057"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0057"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2009/dsa-1763"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:087"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.openssl.org/news/secadv_20090325.txt"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.osvdb.org/52864"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.php.net/archive/2009.php#id2009-04-08-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/502429/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/34256"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/usn-750-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0850"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1020"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1175"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1220"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1548"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0528"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/3126"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49431"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10198"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6996"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=124464882609472\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=125017764422557\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=127678688104458\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/34411"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/34460"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/34509"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/34561"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/34666"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/34896"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/34960"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/35065"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/35181"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/35380"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/35729"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/36533"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/36701"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/38794"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/38834"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/42467"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/42724"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/42733"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-09:08.openssl.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1021905"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://sourceforge.net/project/shownotes.php?release_id=671059\u0026group_id=116847"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-258048-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://support.apple.com/kb/HT3865"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-172.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0057"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0057"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2009/dsa-1763"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:087"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.openssl.org/news/secadv_20090325.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.osvdb.org/52864"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.php.net/archive/2009.php#id2009-04-08-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/502429/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/34256"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/usn-750-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0850"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1020"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1175"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1220"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1548"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0528"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/3126"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49431"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10198"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6996"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vendorComments": [
    {
      "comment": "This issue was fixed in openssl packages in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2009-1335.html\n\nThis issue was fixed in openssl packages in Red Hat Enterprise Linux 3 and 4 via: https://rhn.redhat.com/errata/RHSA-2010-0163.html",
      "lastModified": "2010-03-25T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2009-0590

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-0590

Aliases

CVE-2009-0590

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-0590",
    "description": "The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.",
    "id": "GSD-2009-0590",
    "references": [
      "https://www.suse.com/security/cve/CVE-2009-0590.html",
      "https://www.debian.org/security/2009/dsa-1763",
      "https://access.redhat.com/errata/RHSA-2010:0163",
      "https://access.redhat.com/errata/RHSA-2009:1335",
      "https://linux.oracle.com/cve/CVE-2009-0590.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-0590"
      ],
      "details": "The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.",
      "id": "GSD-2009-0590",
      "modified": "2023-12-13T01:19:44.506214Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2009-0590",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html",
            "refsource": "MISC",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
          },
          {
            "name": "http://secunia.com/advisories/35065",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/35065"
          },
          {
            "name": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc",
            "refsource": "MISC",
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc"
          },
          {
            "name": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html",
            "refsource": "MISC",
            "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
          },
          {
            "name": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html",
            "refsource": "MISC",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html"
          },
          {
            "name": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html",
            "refsource": "MISC",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html"
          },
          {
            "name": "http://marc.info/?l=bugtraq\u0026m=124464882609472\u0026w=2",
            "refsource": "MISC",
            "url": "http://marc.info/?l=bugtraq\u0026m=124464882609472\u0026w=2"
          },
          {
            "name": "http://marc.info/?l=bugtraq\u0026m=127678688104458\u0026w=2",
            "refsource": "MISC",
            "url": "http://marc.info/?l=bugtraq\u0026m=127678688104458\u0026w=2"
          },
          {
            "name": "http://secunia.com/advisories/34411",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/34411"
          },
          {
            "name": "http://secunia.com/advisories/34460",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/34460"
          },
          {
            "name": "http://secunia.com/advisories/34666",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/34666"
          },
          {
            "name": "http://secunia.com/advisories/35380",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/35380"
          },
          {
            "name": "http://secunia.com/advisories/35729",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/35729"
          },
          {
            "name": "http://secunia.com/advisories/36701",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/36701"
          },
          {
            "name": "http://secunia.com/advisories/42724",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/42724"
          },
          {
            "name": "http://secunia.com/advisories/42733",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/42733"
          },
          {
            "name": "http://sourceforge.net/project/shownotes.php?release_id=671059\u0026group_id=116847",
            "refsource": "MISC",
            "url": "http://sourceforge.net/project/shownotes.php?release_id=671059\u0026group_id=116847"
          },
          {
            "name": "http://support.apple.com/kb/HT3865",
            "refsource": "MISC",
            "url": "http://support.apple.com/kb/HT3865"
          },
          {
            "name": "http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html",
            "refsource": "MISC",
            "url": "http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html"
          },
          {
            "name": "http://www.openssl.org/news/secadv_20090325.txt",
            "refsource": "MISC",
            "url": "http://www.openssl.org/news/secadv_20090325.txt"
          },
          {
            "name": "http://www.php.net/archive/2009.php#id2009-04-08-1",
            "refsource": "MISC",
            "url": "http://www.php.net/archive/2009.php#id2009-04-08-1"
          },
          {
            "name": "http://www.securityfocus.com/bid/34256",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/34256"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2009/0850",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2009/0850"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2009/1020",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2009/1020"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2009/1175",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2009/1175"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2009/1548",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2009/1548"
          },
          {
            "name": "https://kb.bluecoat.com/index?page=content\u0026id=SA50",
            "refsource": "MISC",
            "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
          },
          {
            "name": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html",
            "refsource": "MISC",
            "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
          },
          {
            "name": "http://secunia.com/advisories/36533",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/36533"
          },
          {
            "name": "http://secunia.com/advisories/38794",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/38794"
          },
          {
            "name": "http://secunia.com/advisories/38834",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/38834"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2009-1335.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2010/0528",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2010/0528"
          },
          {
            "name": "http://marc.info/?l=bugtraq\u0026m=125017764422557\u0026w=2",
            "refsource": "MISC",
            "url": "http://marc.info/?l=bugtraq\u0026m=125017764422557\u0026w=2"
          },
          {
            "name": "http://www.securityfocus.com/archive/1/515055/100/0/threaded",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
          },
          {
            "name": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html",
            "refsource": "MISC",
            "url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2010/3126",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2010/3126"
          },
          {
            "name": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html",
            "refsource": "MISC",
            "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
          },
          {
            "name": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html",
            "refsource": "MISC",
            "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
          },
          {
            "name": "http://secunia.com/advisories/34509",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/34509"
          },
          {
            "name": "http://secunia.com/advisories/34561",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/34561"
          },
          {
            "name": "http://secunia.com/advisories/34896",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/34896"
          },
          {
            "name": "http://secunia.com/advisories/34960",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/34960"
          },
          {
            "name": "http://secunia.com/advisories/35181",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/35181"
          },
          {
            "name": "http://secunia.com/advisories/42467",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/42467"
          },
          {
            "name": "http://security.FreeBSD.org/advisories/FreeBSD-SA-09:08.openssl.asc",
            "refsource": "MISC",
            "url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-09:08.openssl.asc"
          },
          {
            "name": "http://securitytracker.com/id?1021905",
            "refsource": "MISC",
            "url": "http://securitytracker.com/id?1021905"
          },
          {
            "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-258048-1",
            "refsource": "MISC",
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-258048-1"
          },
          {
            "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-172.htm",
            "refsource": "MISC",
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-172.htm"
          },
          {
            "name": "http://wiki.rpath.com/Advisories:rPSA-2009-0057",
            "refsource": "MISC",
            "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0057"
          },
          {
            "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0057",
            "refsource": "MISC",
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0057"
          },
          {
            "name": "http://www.debian.org/security/2009/dsa-1763",
            "refsource": "MISC",
            "url": "http://www.debian.org/security/2009/dsa-1763"
          },
          {
            "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:087",
            "refsource": "MISC",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:087"
          },
          {
            "name": "http://www.osvdb.org/52864",
            "refsource": "MISC",
            "url": "http://www.osvdb.org/52864"
          },
          {
            "name": "http://www.securityfocus.com/archive/1/502429/100/0/threaded",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/502429/100/0/threaded"
          },
          {
            "name": "http://www.ubuntu.com/usn/usn-750-1",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/usn-750-1"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2009/1220",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2009/1220"
          },
          {
            "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49431",
            "refsource": "MISC",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49431"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10198",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10198"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6996",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6996"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.9.8k",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2009-0590"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "34256",
              "refsource": "BID",
              "tags": [
                "Patch",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/34256"
            },
            {
              "name": "1021905",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://securitytracker.com/id?1021905"
            },
            {
              "name": "http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html"
            },
            {
              "name": "52864",
              "refsource": "OSVDB",
              "tags": [
                "Broken Link"
              ],
              "url": "http://www.osvdb.org/52864"
            },
            {
              "name": "ADV-2009-0850",
              "refsource": "VUPEN",
              "tags": [
                "Permissions Required"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/0850"
            },
            {
              "name": "34411",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/34411"
            },
            {
              "name": "34460",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/34460"
            },
            {
              "name": "http://www.openssl.org/news/secadv_20090325.txt",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.openssl.org/news/secadv_20090325.txt"
            },
            {
              "name": "http://sourceforge.net/project/shownotes.php?release_id=671059\u0026group_id=116847",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "http://sourceforge.net/project/shownotes.php?release_id=671059\u0026group_id=116847"
            },
            {
              "name": "USN-750-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.ubuntu.com/usn/usn-750-1"
            },
            {
              "name": "34509",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/34509"
            },
            {
              "name": "MDVSA-2009:087",
              "refsource": "MANDRIVA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:087"
            },
            {
              "name": "34666",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/34666"
            },
            {
              "name": "http://www.php.net/archive/2009.php#id2009-04-08-1",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.php.net/archive/2009.php#id2009-04-08-1"
            },
            {
              "name": "DSA-1763",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.debian.org/security/2009/dsa-1763"
            },
            {
              "name": "ADV-2009-1020",
              "refsource": "VUPEN",
              "tags": [
                "Permissions Required"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1020"
            },
            {
              "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0057",
              "refsource": "MISC",
              "tags": [
                "Broken Link"
              ],
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0057"
            },
            {
              "name": "34561",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/34561"
            },
            {
              "name": "34896",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/34896"
            },
            {
              "name": "FreeBSD-SA-09:08",
              "refsource": "FREEBSD",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-09:08.openssl.asc"
            },
            {
              "name": "http://wiki.rpath.com/Advisories:rPSA-2009-0057",
              "refsource": "CONFIRM",
              "tags": [
                "Broken Link"
              ],
              "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0057"
            },
            {
              "name": "ADV-2009-1175",
              "refsource": "VUPEN",
              "tags": [
                "Permissions Required"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1175"
            },
            {
              "name": "34960",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/34960"
            },
            {
              "name": "258048",
              "refsource": "SUNALERT",
              "tags": [
                "Broken Link"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-258048-1"
            },
            {
              "name": "ADV-2009-1220",
              "refsource": "VUPEN",
              "tags": [
                "Permissions Required"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1220"
            },
            {
              "name": "SUSE-SR:2009:010",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
            },
            {
              "name": "35065",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/35065"
            },
            {
              "name": "35181",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/35181"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-172.htm",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-172.htm"
            },
            {
              "name": "ADV-2009-1548",
              "refsource": "VUPEN",
              "tags": [
                "Permissions Required"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1548"
            },
            {
              "name": "SSRT090059",
              "refsource": "HP",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=124464882609472\u0026w=2"
            },
            {
              "name": "35380",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/35380"
            },
            {
              "name": "NetBSD-SA2009-008",
              "refsource": "NETBSD",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc"
            },
            {
              "name": "35729",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/35729"
            },
            {
              "name": "HPSBMA02447",
              "refsource": "HP",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=125017764422557\u0026w=2"
            },
            {
              "name": "http://support.apple.com/kb/HT3865",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://support.apple.com/kb/HT3865"
            },
            {
              "name": "36701",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/36701"
            },
            {
              "name": "APPLE-SA-2009-09-10-2",
              "refsource": "APPLE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
            },
            {
              "name": "38794",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/38794"
            },
            {
              "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
              "refsource": "MLIST",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
            },
            {
              "name": "ADV-2010-0528",
              "refsource": "VUPEN",
              "tags": [
                "Permissions Required"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/0528"
            },
            {
              "name": "38834",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/38834"
            },
            {
              "name": "ADV-2010-3126",
              "refsource": "VUPEN",
              "tags": [
                "Permissions Required"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/3126"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
            },
            {
              "name": "42467",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/42467"
            },
            {
              "name": "42733",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/42733"
            },
            {
              "name": "42724",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/42724"
            },
            {
              "name": "https://kb.bluecoat.com/index?page=content\u0026id=SA50",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
            },
            {
              "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released",
              "refsource": "MLIST",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
            },
            {
              "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released",
              "refsource": "MLIST",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
            },
            {
              "name": "openSUSE-SU-2011:0845",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html"
            },
            {
              "name": "SUSE-SU-2011:0847",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html"
            },
            {
              "name": "RHSA-2009:1335",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html"
            },
            {
              "name": "36533",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/36533"
            },
            {
              "name": "HPSBOV02540",
              "refsource": "HP",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=127678688104458\u0026w=2"
            },
            {
              "name": "openssl-asn1-stringprintex-dos(49431)",
              "refsource": "XF",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49431"
            },
            {
              "name": "oval:org.mitre.oval:def:6996",
              "refsource": "OVAL",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6996"
            },
            {
              "name": "oval:org.mitre.oval:def:10198",
              "refsource": "OVAL",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10198"
            },
            {
              "name": "20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console",
              "refsource": "BUGTRAQ",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
            },
            {
              "name": "20090403 rPSA-2009-0057-1 m2crypto openssl openssl-scripts",
              "refsource": "BUGTRAQ",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/archive/1/502429/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2020-11-03T17:38Z",
      "publishedDate": "2009-03-27T16:30Z"
    }
  }
}

GHSA-PVQM-JC37-37P5

Vulnerability from github – Published: 2022-05-03 03:20 – Updated: 2022-05-03 03:20

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-0590"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-03-27T16:30:00Z",
    "severity": "MODERATE"
  },
  "details": "The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.",
  "id": "GHSA-pvqm-jc37-37p5",
  "modified": "2022-05-03T03:20:22Z",
  "published": "2022-05-03T03:20:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0590"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49431"
    },
    {
      "type": "WEB",
      "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
    },
    {
      "type": "WEB",
      "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10198"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6996"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=124464882609472\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=125017764422557\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=127678688104458\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34411"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34460"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34509"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34561"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34666"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34896"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34960"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35065"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35181"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35380"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35729"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36533"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36701"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38794"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38834"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/42467"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/42724"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/42733"
    },
    {
      "type": "WEB",
      "url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-09:08.openssl.asc"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1021905"
    },
    {
      "type": "WEB",
      "url": "http://sourceforge.net/project/shownotes.php?release_id=671059\u0026group_id=116847"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-258048-1"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT3865"
    },
    {
      "type": "WEB",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-172.htm"
    },
    {
      "type": "WEB",
      "url": "http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html"
    },
    {
      "type": "WEB",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0057"
    },
    {
      "type": "WEB",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0057"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2009/dsa-1763"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:087"
    },
    {
      "type": "WEB",
      "url": "http://www.openssl.org/news/secadv_20090325.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/52864"
    },
    {
      "type": "WEB",
      "url": "http://www.php.net/archive/2009.php#id2009-04-08-1"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/502429/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/34256"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-750-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/0850"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/1020"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/1175"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/1220"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/1548"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/0528"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/3126"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-0590 (GCVE-0-2009-0590)

Description

Solution

Description

Solution

Description

Solution

Description

Solution

Description

Solution

Description

Solution

Description

Solution

Tags

Sightings

Nomenclature