Podatność CVE-2009-0689


Publikacja: 2009-07-01   Modyfikacja: 2012-02-13

Opis:
Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.

W naszej bazie, znaleźliśmy następujące noty dla tego CVE:
Tytuł
Autor
Data
High
Multiple Vendors libc/gdtoa printf(3) Array Overrun
Maksymilian Arci...
27.06.2009
High
K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution)
Maksymilian Arci...
24.11.2009
High
KDE KDELibs 4.3.3 Remote Array Overrun (Arbitrary code execution)
Maksymilian Arci...
24.11.2009
High
Opera 10.01 Remote Array Overrun (Arbitrary code execution)
Maksymilian Arci...
24.11.2009
High
SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution)
Maksymilian Arci...
20.11.2009
High
Flock 2.5.2 Remote Array Overrun (Arbitrary code execution)
Maksymilian Arci...
14.12.2009
High
Camino 1.6.10 Remote Array Overrun (Arbitrary code execution)
Maksymilian Arci...
14.12.2009
High
Sunbird 0.9 Array Overrun (code execution)
Maksymilian Arci...
14.12.2009
High
Thunderbird 2.0.0.23 (lib) Remote Array Overrun (Arbitrary code execution)
Maksymilian Arci...
14.12.2009
High
J 6.02.023 Array Overrun (code execution)
Maksymilian Arci...
08.01.2010
High
Matlab R2009b Array Overrun (code execution)
Maksymilian Arci...
08.01.2010
High
MacOS X 10.5/10.6 libc/strtod(3) buffer overflow
Maksymilian Arci...
08.01.2010

Typ:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
6.8/10
6.4/10
8.6/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Zdalny
Średnia
Nie wymagana
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Częściowy
Częściowy
Częściowy
Affected software
Openbsd -> Openbsd 
Netbsd -> Netbsd 
Mozilla -> Firefox 
Mozilla -> Seamonkey 
K-meleon project -> K-meleon 
Freebsd -> Freebsd 

 Referencje:
http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gdtoa/gdtoaimp.h
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
http://rhn.redhat.com/errata/RHSA-2014-0311.html
http://rhn.redhat.com/errata/RHSA-2014-0312.html
http://securityreason.com/achievement_securityalert/63
http://securityreason.com/achievement_securityalert/69
http://securityreason.com/achievement_securityalert/71
http://securityreason.com/achievement_securityalert/72
http://securityreason.com/achievement_securityalert/73
http://securityreason.com/achievement_securityalert/75
http://securityreason.com/achievement_securityalert/76
http://securityreason.com/achievement_securityalert/77
http://securityreason.com/achievement_securityalert/78
http://securityreason.com/achievement_securityalert/81
http://securitytracker.com/id?1022478
http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1
http://support.apple.com/kb/HT4077
http://support.apple.com/kb/HT4225
http://www.mandriva.com/security/advisories?name=MDVSA-2009:294
http://www.mandriva.com/security/advisories?name=MDVSA-2009:330
http://www.mozilla.org/security/announce/2009/mfsa2009-59.html
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/misc.c
http://www.opera.com/support/kb/view/942/
http://www.redhat.com/support/errata/RHSA-2009-1601.html
http://www.redhat.com/support/errata/RHSA-2010-0153.html
http://www.redhat.com/support/errata/RHSA-2010-0154.html
http://www.securityfocus.com/archive/1/507977/100/0/threaded
http://www.securityfocus.com/archive/1/507979/100/0/threaded
http://www.securityfocus.com/archive/1/508417/100/0/threaded
http://www.securityfocus.com/archive/1/508423/100/0/threaded
http://www.securityfocus.com/bid/35510
http://www.ubuntu.com/usn/USN-915-1
http://www.vupen.com/english/advisories/2009/3297
http://www.vupen.com/english/advisories/2009/3299
http://www.vupen.com/english/advisories/2009/3334
http://www.vupen.com/english/advisories/2010/0094
http://www.vupen.com/english/advisories/2010/0648
http://www.vupen.com/english/advisories/2010/0650
https://bugzilla.mozilla.org/show_bug.cgi?id=516396
https://bugzilla.mozilla.org/show_bug.cgi?id=516862
https://lists.debian.org/debian-lts-announce/2018/11/msg00001.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6528
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9541

Copyright 2024, cxsecurity.com

 

Back to Top