Vulnerability-Lookup

CVE-2009-5064 (GCVE-0-2009-5064)

Vulnerability from cvelistv5 – Published: 2011-03-30 22:00 – Updated: 2024-08-07 07:24 Disputed

Summary

ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks. NOTE: the GNU C Library vendor states "This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://openwall.com/lists/oss-security/2011/03/07/7	mailing-listx_refsource_MLIST
	http://openwall.com/lists/oss-security/2011/03/08/10	mailing-listx_refsource_MLIST
	https://bugzilla.redhat.com/show_bug.cgi?id=682998	x_refsource_MISC
	http://openwall.com/lists/oss-security/2011/03/08/7	mailing-listx_refsource_MLIST
	http://openwall.com/lists/oss-security/2011/03/08/3	mailing-listx_refsource_MLIST
	http://reverse.lostrealm.com/protect/ldd.html	x_refsource_MISC
	http://openwall.com/lists/oss-security/2011/03/07/10	mailing-listx_refsource_MLIST
	http://www.catonmat.net/blog/ldd-arbitrary-code-e…	x_refsource_MISC
	http://openwall.com/lists/oss-security/2011/03/08/2	mailing-listx_refsource_MLIST
	http://openwall.com/lists/oss-security/2011/03/07/13	mailing-listx_refsource_MLIST
	http://openwall.com/lists/oss-security/2011/03/08/1	mailing-listx_refsource_MLIST
	http://www.redhat.com/support/errata/RHSA-2011-15…	vendor-advisoryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=531160	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:24:54.063Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/07/7"
          },
          {
            "name": "[oss-security] 20110308 Re: ldd can execute an app unexpectedly",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/08/10"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=682998"
          },
          {
            "name": "[oss-security] 20110308 Re: ldd can execute an app unexpectedly",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/08/7"
          },
          {
            "name": "[oss-security] 20110308 Re: ldd can execute an app unexpectedly",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/08/3"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://reverse.lostrealm.com/protect/ldd.html"
          },
          {
            "name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/07/10"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.catonmat.net/blog/ldd-arbitrary-code-execution/"
          },
          {
            "name": "[oss-security] 20110307 Re: ldd can execute an app unexpectedly",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/08/2"
          },
          {
            "name": "[oss-security] 20110307 ldd can execute an app unexpectedly",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/07/13"
          },
          {
            "name": "[oss-security] 20110308 Re: ldd can execute an app unexpectedly",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/08/1"
          },
          {
            "name": "RHSA-2011:1526",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-1526.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=531160"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-10-26T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks.  NOTE: the GNU C Library vendor states \"This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-01-19T10:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/07/7"
        },
        {
          "name": "[oss-security] 20110308 Re: ldd can execute an app unexpectedly",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/08/10"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=682998"
        },
        {
          "name": "[oss-security] 20110308 Re: ldd can execute an app unexpectedly",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/08/7"
        },
        {
          "name": "[oss-security] 20110308 Re: ldd can execute an app unexpectedly",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/08/3"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://reverse.lostrealm.com/protect/ldd.html"
        },
        {
          "name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/07/10"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.catonmat.net/blog/ldd-arbitrary-code-execution/"
        },
        {
          "name": "[oss-security] 20110307 Re: ldd can execute an app unexpectedly",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/08/2"
        },
        {
          "name": "[oss-security] 20110307 ldd can execute an app unexpectedly",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/07/13"
        },
        {
          "name": "[oss-security] 20110308 Re: ldd can execute an app unexpectedly",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/08/1"
        },
        {
          "name": "RHSA-2011:1526",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-1526.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=531160"
        }
      ],
      "tags": [
        "disputed"
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-5064",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "** DISPUTED ** ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks.  NOTE: the GNU C Library vendor states \"This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/03/07/7"
            },
            {
              "name": "[oss-security] 20110308 Re: ldd can execute an app unexpectedly",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/03/08/10"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=682998",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=682998"
            },
            {
              "name": "[oss-security] 20110308 Re: ldd can execute an app unexpectedly",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/03/08/7"
            },
            {
              "name": "[oss-security] 20110308 Re: ldd can execute an app unexpectedly",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/03/08/3"
            },
            {
              "name": "http://reverse.lostrealm.com/protect/ldd.html",
              "refsource": "MISC",
              "url": "http://reverse.lostrealm.com/protect/ldd.html"
            },
            {
              "name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/03/07/10"
            },
            {
              "name": "http://www.catonmat.net/blog/ldd-arbitrary-code-execution/",
              "refsource": "MISC",
              "url": "http://www.catonmat.net/blog/ldd-arbitrary-code-execution/"
            },
            {
              "name": "[oss-security] 20110307 Re: ldd can execute an app unexpectedly",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/03/08/2"
            },
            {
              "name": "[oss-security] 20110307 ldd can execute an app unexpectedly",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/03/07/13"
            },
            {
              "name": "[oss-security] 20110308 Re: ldd can execute an app unexpectedly",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/03/08/1"
            },
            {
              "name": "RHSA-2011:1526",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2011-1526.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=531160",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=531160"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-5064",
    "datePublished": "2011-03-30T22:00:00.000Z",
    "dateReserved": "2011-03-30T00:00:00.000Z",
    "dateUpdated": "2024-08-07T07:24:54.063Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2012-AVI-759

Vulnerability from certfr_avis - Published: 2012-12-21 - Updated: 2012-12-21

De multiples vulnérabilités ont été corrigées dans VMware vCenter Server Appliance et VMware ESXi. Elles concernent des téléchargement de fichiers arbitraires.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	ESXi	VMware ESXi 5.0
VMware	ESXi	VMware ESXi 4.0
VMware	ESXi	VMware ESXi 4.1
VMware	vCenter Server	VMware vCenter Server Appliance 5.1
VMware	vCenter Server	VMware vCenter Server Appliance 5.0
VMware	ESXi	VMware ESXi 5.1

References

Title

Publication Time

Tags

Bulletin de sécurité VMSA-2012-0018 du 20 décembre 2012	None	vendor-advisory
Bulletin de sécurité VMware VMSA-2012-0018 du 20 décembre 2012 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware ESXi 5.0",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESXi 4.0",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESXi 4.1",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCenter Server Appliance 5.1",
      "product": {
        "name": "vCenter Server",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCenter Server Appliance 5.0",
      "product": {
        "name": "vCenter Server",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESXi 5.1",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-4609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4609"
    },
    {
      "name": "CVE-2009-5064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-5064"
    },
    {
      "name": "CVE-2009-5029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-5029"
    },
    {
      "name": "CVE-2012-3404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3404"
    },
    {
      "name": "CVE-2012-3406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3406"
    },
    {
      "name": "CVE-2010-0830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0830"
    },
    {
      "name": "CVE-2012-0864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0864"
    },
    {
      "name": "CVE-2012-3405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3405"
    },
    {
      "name": "CVE-2012-3480",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3480"
    },
    {
      "name": "CVE-2011-1089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1089"
    }
  ],
  "initial_release_date": "2012-12-21T00:00:00",
  "last_revision_date": "2012-12-21T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2012-0018 du 20 d\u00e9cembre    2012 :",
      "url": "http://www.vmware.com/security/advisories/VMSA-2012-0018.html"
    }
  ],
  "reference": "CERTA-2012-AVI-759",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-12-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eVMware vCenter Server Appliance\u003c/span\u003e et \u003cspan\nclass=\"textit\"\u003eVMware ESXi\u003c/span\u003e. Elles concernent des t\u00e9l\u00e9chargement\nde fichiers arbitraires.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMSA-2012-0018 du 20 d\u00e9cembre 2012",
      "url": null
    }
  ]
}

CERTA-2013-AVI-146

Vulnerability from certfr_avis - Published: 2013-02-22 - Updated: 2013-02-22

De multiples vulnérabilités ont été corrigées dans les produits VMware. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	VMware ESX version 4.0
VMware	N/A	VMware ESX version 4.1
VMware	vCenter Server	VMware vCenter Server version 5.1
VMware	ESXi	VMware ESXi version 3.5
VMware	ESXi	VMware ESXi version 5.0
VMware	ESXi	VMware ESXi version 5.1
VMware	N/A	VMware ESX version 3.5
VMware	ESXi	VMware ESXi version 4.1
VMware	ESXi	VMware ESXi version 4.0
VMware	vCenter Server	VMware vCenter Server version 5.0
VMware	N/A	VMware VirtualCenter version 4.0
VMware	vCenter Server	VMware vCenter Server version 4.0

References

Title

Publication Time

Tags

Bulletin de sécurité VMware VMSA-2012-0018 du 21 février 2013	None	vendor-advisory
Bulletin de sécurité VMware VMSA-2013-0003 du 21 février 2013	None	vendor-advisory
Bulletin de sécurité VMware VMSA-2013-0001 du 21 février 2013	None	vendor-advisory
Bulletin de sécurité VMware VMSA-2013-0003 VMSA-2012-0018 VMSA-2013-0001 du 21 février 2013	-	other
Bulletin de sécurité VMware VMSA-2013-0003 VMSA-2012-0018 VMSA-2013-0001 du 21 février 2013	-	other
Bulletin de sécurité VMware VMSA-2013-0003 VMSA-2012-0018 VMSA-2013-0001 du 21 février 2013	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware ESX version 4.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX version 4.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCenter Server version 5.1",
      "product": {
        "name": "vCenter Server",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESXi version 3.5",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESXi version 5.0",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESXi version 5.1",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX version 3.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESXi version 4.1",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESXi version 4.0",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCenter Server version 5.0",
      "product": {
        "name": "vCenter Server",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware VirtualCenter version 4.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCenter Server version 4.0",
      "product": {
        "name": "vCenter Server",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-4609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4609"
    },
    {
      "name": "CVE-2012-4244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-4244"
    },
    {
      "name": "CVE-2012-2110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2110"
    },
    {
      "name": "CVE-2009-5064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-5064"
    },
    {
      "name": "CVE-2009-5029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-5029"
    },
    {
      "name": "CVE-2011-3970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3970"
    },
    {
      "name": "CVE-2012-2871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2871"
    },
    {
      "name": "CVE-2012-3404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3404"
    },
    {
      "name": "CVE-2012-2870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2870"
    },
    {
      "name": "CVE-2013-1405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1405"
    },
    {
      "name": "CVE-2012-6324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6324"
    },
    {
      "name": "CVE-2011-3102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3102"
    },
    {
      "name": "CVE-2012-3406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3406"
    },
    {
      "name": "CVE-2010-0830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0830"
    },
    {
      "name": "CVE-2012-0864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0864"
    },
    {
      "name": "CVE-2012-6326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6326"
    },
    {
      "name": "CVE-2013-1659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1659"
    },
    {
      "name": "CVE-2012-2807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2807"
    },
    {
      "name": "CVE-2012-3405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3405"
    },
    {
      "name": "CVE-2012-3480",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3480"
    },
    {
      "name": "CVE-2012-6325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6325"
    },
    {
      "name": "CVE-2011-1202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1202"
    },
    {
      "name": "CVE-2011-1089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1089"
    },
    {
      "name": "CVE-2012-2825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2825"
    }
  ],
  "initial_release_date": "2013-02-22T00:00:00",
  "last_revision_date": "2013-02-22T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2013-0003 VMSA-2012-0018    VMSA-2013-0001 du 21 f\u00e9vrier 2013",
      "url": "http://www.vmware.com/security/advisories/VMSA-2012-0018.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2013-0003 VMSA-2012-0018    VMSA-2013-0001 du 21 f\u00e9vrier 2013",
      "url": "http://www.vmware.com/security/advisories/VMSA-2013-0001.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2013-0003 VMSA-2012-0018    VMSA-2013-0001 du 21 f\u00e9vrier 2013",
      "url": "http://www.vmware.com/security/advisories/VMSA-2013-0003.html"
    }
  ],
  "reference": "CERTA-2013-AVI-146",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-02-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eVMware\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2012-0018 du 21 f\u00e9vrier 2013",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2013-0003 du 21 f\u00e9vrier 2013",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2013-0001 du 21 f\u00e9vrier 2013",
      "url": null
    }
  ]
}

CERTA-2012-AVI-479

Vulnerability from certfr_avis - Published: 2012-09-03 - Updated: 2012-09-03

De multiples vulnérabilités ont été corrigées dans les produits VMware. Elles concernent les éléments d'éditeurs tiers implémentés dans les solutions. Les éléments suivants ont étés mis à jour :

Java Runtime Environment (JRE) ;
OpenSSL ;
le noyau ;
Perl ;
libxml2 ;
glibc ;
GnuTLS ;
popt et rpm ;
Apache struts.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	VMware ESX version 4.1 ;
VMware	N/A	VMware vCO version 4.0.
VMware	N/A	VMware vCenter version 5.0 ;
VMware	N/A	VMware vCOps version 1.0.x ;
VMware	ESXi	VMware ESXi version 3.5 ;
VMware	N/A	VMware Update Manager version 5.0 ;
VMware	N/A	VMware Update Manager version 4.0 ;
VMware	N/A	VMware vCO version 4.1 ;
VMware	ESXi	VMware ESXi version 4.1 ;
VMware	N/A	VMware vCenter version 4.0 ;
VMware	N/A	VMware vCenter version 4.1 ;
VMware	N/A	VMware vCOps version 5.0.2 ;
VMware	ESXi	VMware ESXi version 4.0 ;
VMware	N/A	VMware VirtualCenter version 2.5 ;
VMware	N/A	VMware Update Manager version 4.1 ;
VMware	ESXi	VMware ESXi version 5.0 ;
VMware	N/A	VMware ESX version 4.0 ;
VMware	N/A	VMware ESX version 3.5 ;

References

Title

Publication Time

Tags

Bulletin de sécurité VMware VMSA-2012-0013 du 30 août 2012

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware ESX version 4.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCO version 4.0.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCenter version 5.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCOps version 1.0.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESXi version 3.5 ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Update Manager version 5.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Update Manager version 4.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCO version 4.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESXi version 4.1 ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCenter version 4.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCenter version 4.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCOps version 5.0.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESXi version 4.0 ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware VirtualCenter version 2.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Update Manager version 4.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESXi version 5.0 ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX version 4.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX version 3.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-1833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1833"
    },
    {
      "name": "CVE-2012-0050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0050"
    },
    {
      "name": "CVE-2011-4132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4132"
    },
    {
      "name": "CVE-2011-4609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4609"
    },
    {
      "name": "CVE-2012-0207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0207"
    },
    {
      "name": "CVE-2011-5057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-5057"
    },
    {
      "name": "CVE-2010-4252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4252"
    },
    {
      "name": "CVE-2011-4619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4619"
    },
    {
      "name": "CVE-2012-2110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2110"
    },
    {
      "name": "CVE-2011-4576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4576"
    },
    {
      "name": "CVE-2011-2496",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2496"
    },
    {
      "name": "CVE-2009-5064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-5064"
    },
    {
      "name": "CVE-2011-4577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4577"
    },
    {
      "name": "CVE-2009-5029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-5029"
    },
    {
      "name": "CVE-2012-1569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1569"
    },
    {
      "name": "CVE-2011-4324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4324"
    },
    {
      "name": "CVE-2011-4110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4110"
    },
    {
      "name": "CVE-2011-4108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4108"
    },
    {
      "name": "CVE-2012-1583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1583"
    },
    {
      "name": "CVE-2010-2761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2761"
    },
    {
      "name": "CVE-2012-0060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0060"
    },
    {
      "name": "CVE-2012-0391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0391"
    },
    {
      "name": "CVE-2011-4325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4325"
    },
    {
      "name": "CVE-2010-0830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0830"
    },
    {
      "name": "CVE-2012-0061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0061"
    },
    {
      "name": "CVE-2010-4180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4180"
    },
    {
      "name": "CVE-2012-0864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0864"
    },
    {
      "name": "CVE-2011-3209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3209"
    },
    {
      "name": "CVE-2010-4410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4410"
    },
    {
      "name": "CVE-2012-0392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0392"
    },
    {
      "name": "CVE-2012-0394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0394"
    },
    {
      "name": "CVE-2012-0815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0815"
    },
    {
      "name": "CVE-2011-3188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3188"
    },
    {
      "name": "CVE-2011-1020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1020"
    },
    {
      "name": "CVE-2011-4109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4109"
    },
    {
      "name": "CVE-2012-1573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1573"
    },
    {
      "name": "CVE-2011-4128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4128"
    },
    {
      "name": "CVE-2012-0841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0841"
    },
    {
      "name": "CVE-2011-2484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2484"
    },
    {
      "name": "CVE-2012-0393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0393"
    },
    {
      "name": "CVE-2011-3597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3597"
    },
    {
      "name": "CVE-2011-3363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3363"
    },
    {
      "name": "CVE-2011-2699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2699"
    },
    {
      "name": "CVE-2011-0014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0014"
    },
    {
      "name": "CVE-2011-1089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1089"
    }
  ],
  "initial_release_date": "2012-09-03T00:00:00",
  "last_revision_date": "2012-09-03T00:00:00",
  "links": [],
  "reference": "CERTA-2012-AVI-479",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-09-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eVMware\u003c/span\u003e. Elles concernent les \u00e9l\u00e9ments d\u0027\u00e9diteurs\ntiers impl\u00e9ment\u00e9s dans les solutions. Les \u00e9l\u00e9ments suivants ont \u00e9t\u00e9s mis\n\u00e0 jour :\n\n-   Java Runtime Environment (JRE) ;\n-   OpenSSL ;\n-   le noyau ;\n-   Perl ;\n-   libxml2 ;\n-   glibc ;\n-   GnuTLS ;\n-   popt et rpm ;\n-   Apache struts.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2012-0013 du 30 ao\u00fbt 2012",
      "url": "http://www.vmware.com/security/advisories/VMSA-2012-0013.html"
    }
  ]
}

CERTA-2013-AVI-267

Vulnerability from certfr_avis - Published: 2013-04-23 - Updated: 2013-04-23

De multiples vulnérabilités ont été corrigées dans Avaya Communication Manager. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Avaya Communication Manager versions antérieures à 5.2

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Avaya du 19 avril 2013	None	vendor-advisory
Bulletin de sécurité Avaya ASA-2012-094 du 19 avril 2013	-	other
Bulletin de sécurité Avaya ASA-2012-155 du 19 avril 2013	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eAvaya Communication Manager versions ant\u00e9rieures \u00e0 5.2\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-4609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4609"
    },
    {
      "name": "CVE-2011-4619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4619"
    },
    {
      "name": "CVE-2011-4576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4576"
    },
    {
      "name": "CVE-2009-5064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-5064"
    },
    {
      "name": "CVE-2009-5029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-5029"
    },
    {
      "name": "CVE-2011-1659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1659"
    },
    {
      "name": "CVE-2010-0296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0296"
    },
    {
      "name": "CVE-2010-0830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0830"
    },
    {
      "name": "CVE-2011-1071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1071"
    },
    {
      "name": "CVE-2011-1095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1095"
    },
    {
      "name": "CVE-2011-1089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1089"
    }
  ],
  "initial_release_date": "2013-04-23T00:00:00",
  "last_revision_date": "2013-04-23T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Avaya ASA-2012-094 du 19 avril 2013",
      "url": "https://downloads.avaya.com/css/P8/documents/100157565"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Avaya ASA-2012-155 du 19 avril 2013",
      "url": "https://downloads.avaya.com/css/P8/documents/100160531"
    }
  ],
  "reference": "CERTA-2013-AVI-267",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-04-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eAvaya Communication Manager\u003c/span\u003e. Certaines d\u0027entre\nelles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement\nde la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Avaya Communication Manager",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Avaya du 19 avril 2013",
      "url": null
    }
  ]
}

FKIE_CVE-2009-5064

Vulnerability from fkie_nvd - Published: 2011-03-30 22:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://openwall.com/lists/oss-security/2011/03/07/10	Exploit
cve@mitre.org	http://openwall.com/lists/oss-security/2011/03/07/13	Exploit, Patch
cve@mitre.org	http://openwall.com/lists/oss-security/2011/03/07/7	Exploit
cve@mitre.org	http://openwall.com/lists/oss-security/2011/03/08/1	Exploit, Patch
cve@mitre.org	http://openwall.com/lists/oss-security/2011/03/08/10	Exploit, Patch
cve@mitre.org	http://openwall.com/lists/oss-security/2011/03/08/2	Exploit, Patch
cve@mitre.org	http://openwall.com/lists/oss-security/2011/03/08/3	Exploit, Patch
cve@mitre.org	http://openwall.com/lists/oss-security/2011/03/08/7	Exploit, Patch
cve@mitre.org	http://reverse.lostrealm.com/protect/ldd.html	Exploit
cve@mitre.org	http://www.catonmat.net/blog/ldd-arbitrary-code-execution/	Exploit
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2011-1526.html
cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=531160	Exploit, Patch
cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=682998	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2011/03/07/10	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2011/03/07/13	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2011/03/07/7	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2011/03/08/1	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2011/03/08/10	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2011/03/08/2	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2011/03/08/3	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2011/03/08/7	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://reverse.lostrealm.com/protect/ldd.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.catonmat.net/blog/ldd-arbitrary-code-execution/	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2011-1526.html
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=531160	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=682998	Exploit, Patch

Impacted products

Vendor	Product	Version
gnu	glibc	*
gnu	glibc	1.00
gnu	glibc	1.01
gnu	glibc	1.02
gnu	glibc	1.03
gnu	glibc	1.04
gnu	glibc	1.05
gnu	glibc	1.06
gnu	glibc	1.07
gnu	glibc	1.08
gnu	glibc	1.09
gnu	glibc	1.09.1
gnu	glibc	2.0
gnu	glibc	2.0.1
gnu	glibc	2.0.2
gnu	glibc	2.0.3
gnu	glibc	2.0.4
gnu	glibc	2.0.5
gnu	glibc	2.0.6
gnu	glibc	2.1
gnu	glibc	2.1.1
gnu	glibc	2.1.1.6
gnu	glibc	2.1.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0648C0D-93C6-4A74-89E2-377E5456E2F0",
              "versionEndIncluding": "2.1.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:1.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA23C241-132B-423E-A22A-7206A8074D10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:1.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "F79978B1-8831-4169-B815-80138C85832C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:1.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "991EB676-F043-418D-BD81-0BB937236D40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:1.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA0C5DB0-602E-4296-884C-60E24FC80458",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:1.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "3211F47C-DF6D-4355-95F8-DED317700621",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:1.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "229BFD88-A90F-4D2B-97B9-822A7D87EAEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:1.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE253B0-D8E0-4099-8CA7-8925B4809F88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:1.07:*:*:*:*:*:*:*",
              "matchCriteriaId": "D640F556-8181-4F15-B2F7-7EC7E8869FB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:1.08:*:*:*:*:*:*:*",
              "matchCriteriaId": "061383CD-B9AD-41C6-8C46-F79870B9CD22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:1.09:*:*:*:*:*:*:*",
              "matchCriteriaId": "9897B03F-A457-4B29-9C5E-FEA084D3BF0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:1.09.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7C3684B-CE01-46B5-9E41-BF58E6A5AA64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5C0577C-6BC7-418F-B2C5-B74800D43418",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEA795F7-8AAC-42BA-971B-601346704BD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CADA314-C0D0-40F8-9019-884F17D0B54A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "255E0C0D-0B70-4C10-BF7C-34193AA24C42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F424F2F5-D7E4-4A13-A8CF-32D466610BDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DC4E7AE-BDC4-48F1-9FDE-3F3FAA3F40F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1329215-C53A-40D5-8E9C-F457D092E483",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E2A0F12-FD00-40B9-86AD-7D082385E5DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ED8F0E8-A969-4F7F-A100-662F4A5426FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9416576F-A605-45BE-AA01-FEF357A66979",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE582B8F-4E31-4D0F-B2F9-AC83C855F751",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [
    {
      "sourceIdentifier": "cve@mitre.org",
      "tags": [
        "disputed"
      ]
    }
  ],
  "descriptions": [
    {
      "lang": "en",
      "value": "ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks.  NOTE: the GNU C Library vendor states \"This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc."
    },
    {
      "lang": "es",
      "value": "**DISPUTADA**  ldd en la Biblioteca de C de GNU (tambi\u00e9n conocida como glibc o libc6) v2.13 y anteriores permite a usuarios locales conseguir privilegios a trav\u00e9s de un troyano ejecutable enlazado con un cargador modificado que omite los controles LD_TRACE_LOADED_OBJECTS determinados.  NOTA: El desarrollador de la libre\u00eda C de GNU dice \"Esto es un sinsentido. Hay tropecientas formas de introducir c\u00f3digo si la gente est\u00e1 descargando archivos binarios y los instala en directorios adecuados o establece LD_LIBRARY_PATH, etc. \""
    }
  ],
  "id": "CVE-2009-5064",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-03-30T22:55:01.330",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/03/07/10"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/03/07/13"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/03/07/7"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/03/08/1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/03/08/10"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/03/08/2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/03/08/3"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/03/08/7"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://reverse.lostrealm.com/protect/ldd.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.catonmat.net/blog/ldd-arbitrary-code-execution/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-1526.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=531160"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=682998"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/03/07/10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/03/07/13"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/03/07/7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/03/08/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/03/08/10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/03/08/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/03/08/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/03/08/7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://reverse.lostrealm.com/protect/ldd.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.catonmat.net/blog/ldd-arbitrary-code-execution/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-1526.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=531160"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=682998"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2009-5064

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

** DISPUTED ** ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks. NOTE: the GNU C Library vendor states "This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc."

Aliases

CVE-2009-5064

Aliases

CVE-2009-5064

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-5064",
    "description": "** DISPUTED ** ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks.  NOTE: the GNU C Library vendor states \"This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc.\"",
    "id": "GSD-2009-5064",
    "references": [
      "https://www.suse.com/security/cve/CVE-2009-5064.html",
      "https://access.redhat.com/errata/RHSA-2012:0126",
      "https://access.redhat.com/errata/RHSA-2012:0125",
      "https://access.redhat.com/errata/RHSA-2011:1526",
      "https://linux.oracle.com/cve/CVE-2009-5064.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-5064"
      ],
      "details": "** DISPUTED ** ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks.  NOTE: the GNU C Library vendor states \"This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc.\"",
      "id": "GSD-2009-5064",
      "modified": "2023-12-13T01:19:48.697880Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-5064",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** DISPUTED ** ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks.  NOTE: the GNU C Library vendor states \"This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
            "refsource": "MLIST",
            "url": "http://openwall.com/lists/oss-security/2011/03/07/7"
          },
          {
            "name": "[oss-security] 20110308 Re: ldd can execute an app unexpectedly",
            "refsource": "MLIST",
            "url": "http://openwall.com/lists/oss-security/2011/03/08/10"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=682998",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=682998"
          },
          {
            "name": "[oss-security] 20110308 Re: ldd can execute an app unexpectedly",
            "refsource": "MLIST",
            "url": "http://openwall.com/lists/oss-security/2011/03/08/7"
          },
          {
            "name": "[oss-security] 20110308 Re: ldd can execute an app unexpectedly",
            "refsource": "MLIST",
            "url": "http://openwall.com/lists/oss-security/2011/03/08/3"
          },
          {
            "name": "http://reverse.lostrealm.com/protect/ldd.html",
            "refsource": "MISC",
            "url": "http://reverse.lostrealm.com/protect/ldd.html"
          },
          {
            "name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
            "refsource": "MLIST",
            "url": "http://openwall.com/lists/oss-security/2011/03/07/10"
          },
          {
            "name": "http://www.catonmat.net/blog/ldd-arbitrary-code-execution/",
            "refsource": "MISC",
            "url": "http://www.catonmat.net/blog/ldd-arbitrary-code-execution/"
          },
          {
            "name": "[oss-security] 20110307 Re: ldd can execute an app unexpectedly",
            "refsource": "MLIST",
            "url": "http://openwall.com/lists/oss-security/2011/03/08/2"
          },
          {
            "name": "[oss-security] 20110307 ldd can execute an app unexpectedly",
            "refsource": "MLIST",
            "url": "http://openwall.com/lists/oss-security/2011/03/07/13"
          },
          {
            "name": "[oss-security] 20110308 Re: ldd can execute an app unexpectedly",
            "refsource": "MLIST",
            "url": "http://openwall.com/lists/oss-security/2011/03/08/1"
          },
          {
            "name": "RHSA-2011:1526",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2011-1526.html"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=531160",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=531160"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B0648C0D-93C6-4A74-89E2-377E5456E2F0",
                    "versionEndIncluding": "2.1.3",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:gnu:glibc:1.00:*:*:*:*:*:*:*",
                    "matchCriteriaId": "AA23C241-132B-423E-A22A-7206A8074D10",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:gnu:glibc:1.01:*:*:*:*:*:*:*",
                    "matchCriteriaId": "F79978B1-8831-4169-B815-80138C85832C",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:gnu:glibc:1.02:*:*:*:*:*:*:*",
                    "matchCriteriaId": "991EB676-F043-418D-BD81-0BB937236D40",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:gnu:glibc:1.03:*:*:*:*:*:*:*",
                    "matchCriteriaId": "AA0C5DB0-602E-4296-884C-60E24FC80458",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:gnu:glibc:1.04:*:*:*:*:*:*:*",
                    "matchCriteriaId": "3211F47C-DF6D-4355-95F8-DED317700621",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:gnu:glibc:1.05:*:*:*:*:*:*:*",
                    "matchCriteriaId": "229BFD88-A90F-4D2B-97B9-822A7D87EAEA",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:gnu:glibc:1.06:*:*:*:*:*:*:*",
                    "matchCriteriaId": "FFE253B0-D8E0-4099-8CA7-8925B4809F88",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:gnu:glibc:1.07:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D640F556-8181-4F15-B2F7-7EC7E8869FB7",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:gnu:glibc:1.08:*:*:*:*:*:*:*",
                    "matchCriteriaId": "061383CD-B9AD-41C6-8C46-F79870B9CD22",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:gnu:glibc:1.09:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9897B03F-A457-4B29-9C5E-FEA084D3BF0F",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:gnu:glibc:1.09.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C7C3684B-CE01-46B5-9E41-BF58E6A5AA64",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E5C0577C-6BC7-418F-B2C5-B74800D43418",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "FEA795F7-8AAC-42BA-971B-601346704BD8",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5CADA314-C0D0-40F8-9019-884F17D0B54A",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*",
                    "matchCriteriaId": "255E0C0D-0B70-4C10-BF7C-34193AA24C42",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*",
                    "matchCriteriaId": "F424F2F5-D7E4-4A13-A8CF-32D466610BDF",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*",
                    "matchCriteriaId": "6DC4E7AE-BDC4-48F1-9FDE-3F3FAA3F40F4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*",
                    "matchCriteriaId": "F1329215-C53A-40D5-8E9C-F457D092E483",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "4E2A0F12-FD00-40B9-86AD-7D082385E5DB",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "8ED8F0E8-A969-4F7F-A100-662F4A5426FD",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9416576F-A605-45BE-AA01-FEF357A66979",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "AE582B8F-4E31-4D0F-B2F9-AC83C855F751",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks.  NOTE: the GNU C Library vendor states \"This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc."
          },
          {
            "lang": "es",
            "value": "**DISPUTADA**  ldd en la Biblioteca de C de GNU (tambi\u00e9n conocida como glibc o libc6) v2.13 y anteriores permite a usuarios locales conseguir privilegios a trav\u00e9s de un troyano ejecutable enlazado con un cargador modificado que omite los controles LD_TRACE_LOADED_OBJECTS determinados.  NOTA: El desarrollador de la libre\u00eda C de GNU dice \"Esto es un sinsentido. Hay tropecientas formas de introducir c\u00f3digo si la gente est\u00e1 descargando archivos binarios y los instala en directorios adecuados o establece LD_LIBRARY_PATH, etc. \""
          }
        ],
        "id": "CVE-2009-5064",
        "lastModified": "2024-04-11T00:46:17.203",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "MEDIUM",
              "cvssData": {
                "accessComplexity": "MEDIUM",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.9,
                "confidentialityImpact": "COMPLETE",
                "integrityImpact": "COMPLETE",
                "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              "exploitabilityScore": 3.4,
              "impactScore": 10.0,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": true
            }
          ]
        },
        "published": "2011-03-30T22:55:01.330",
        "references": [
          {
            "source": "cve@mitre.org",
            "tags": [
              "Exploit"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/07/10"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Exploit",
              "Patch"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/07/13"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Exploit"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/07/7"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Exploit",
              "Patch"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/08/1"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Exploit",
              "Patch"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/08/10"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Exploit",
              "Patch"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/08/2"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Exploit",
              "Patch"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/08/3"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Exploit",
              "Patch"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/08/7"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Exploit"
            ],
            "url": "http://reverse.lostrealm.com/protect/ldd.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Exploit"
            ],
            "url": "http://www.catonmat.net/blog/ldd-arbitrary-code-execution/"
          },
          {
            "source": "cve@mitre.org",
            "url": "http://www.redhat.com/support/errata/RHSA-2011-1526.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Exploit",
              "Patch"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=531160"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Exploit",
              "Patch"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=682998"
          }
        ],
        "sourceIdentifier": "cve@mitre.org",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-264"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

GHSA-JX79-X2M5-439P

Vulnerability from github – Published: 2022-05-02 04:00 – Updated: 2024-03-21 03:33

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-5064"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-03-30T22:55:00Z",
    "severity": "MODERATE"
  },
  "details": "** DISPUTED ** ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks.  NOTE: the GNU C Library vendor states \"This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc.\"",
  "id": "GHSA-jx79-x2m5-439p",
  "modified": "2024-03-21T03:33:03Z",
  "published": "2022-05-02T04:00:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-5064"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=531160"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=682998"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/03/07/10"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/03/07/13"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/03/07/7"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/03/08/1"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/03/08/10"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/03/08/2"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/03/08/3"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/03/08/7"
    },
    {
      "type": "WEB",
      "url": "http://reverse.lostrealm.com/protect/ldd.html"
    },
    {
      "type": "WEB",
      "url": "http://www.catonmat.net/blog/ldd-arbitrary-code-execution"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-1526.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-5064 (GCVE-0-2009-5064)

CERTA-2012-AVI-759

Solution

CERTA-2013-AVI-146

Solution

CERTA-2012-AVI-479

Solution

CERTA-2013-AVI-267

Solution

FKIE_CVE-2009-5064

GSD-2009-5064

GHSA-JX79-X2M5-439P

Tags

Sightings

Nomenclature