CVE-2009-5136
https://notcve.org/view.php?id=CVE-2009-5136
The policy definition evaluator in Condor before 7.4.2 does not properly handle attributes in a WANT_SUSPEND policy that evaluate to an UNDEFINED state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job. La política de definición evaluadora en Condor anterior a la versión 7.4.2 no maneja adecuadamente atributos en una política WANT_SUSPEND que da como resultado un estado UNDEFINIED, lo que permite a usuarios remotos autenticados provocar una denegación de servicio (condor_startd exit) a través de un trabajo manipulado. • http://research.cs.wisc.edu/htcondor/manual/v7.6/8_5Stable_Release.html http://rhn.redhat.com/errata/RHSA-2010-0773.html https://bugzilla.redhat.com/show_bug.cgi?id=540545 https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1001 • CWE-20: Improper Input Validation •
CVE-2009-5005 – qpid: crash on receipt of invalid AMQP data
https://notcve.org/view.php?id=CVE-2009-5005
The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data. La función Cluster::deliveredEvent de cluster/Cluster.cpp de Apache Qpid, tal como es utilizada en Red Hat Enterprise MRG en versiones anteriores a la v1.3 y otros productos, permite a atacantes remotos provocar una denegación de servicio (caída del servicio y del cluster) a través de datos AMQP inválidos. • http://secunia.com/advisories/41710 http://secunia.com/advisories/41812 http://svn.apache.org/viewvc?revision=785788&view=revision http://www.vupen.com/english/advisories/2010/2684 https://bugzilla.redhat.com/show_bug.cgi?id=642373 https://rhn.redhat.com/errata/RHSA-2010-0773.html https://rhn.redhat.com/errata/RHSA-2010-0774.html https://access.redhat.com/security/cve/CVE-2009-5005 •
CVE-2009-5006 – qpid: crash when redeclaring the exchange with specified alternate_exchange
https://notcve.org/view.php?id=CVE-2009-5006
The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange. La función SessionAdapter::ExchangeHandlerImpl::checkAlternate de broker/SessionAdapter.cpp del componente C++ Broker de Apache Qpid en versiones anteriores a la v0.6, tal como es utilizado en Red Hat Enterprise MRG en versiones anteriores a la v1.3 y otros productos, permite a usuarios autenticados remotos provocar una denegación de servicio (resolución de puntero NULL, caída del demonio, y apagón del cluster) tratando de modificar el suplente de un intercambio. • http://secunia.com/advisories/41710 http://secunia.com/advisories/41812 http://svn.apache.org/viewvc?revision=811188&view=revision http://www.vupen.com/english/advisories/2010/2684 https://bugzilla.redhat.com/show_bug.cgi?id=642377 https://issues.apache.org/jira/browse/QPID-2080 https://rhn.redhat.com/errata/RHSA-2010-0773.html https://rhn.redhat.com/errata/RHSA-2010-0774.html https://access.redhat.com/security/cve/CVE-2009-5006 •
CVE-2010-3701 – MRG: remote authenticated DoS in broker
https://notcve.org/view.php?id=CVE-2010-3701
lib/MessageStoreImpl.cpp in Red Hat Enterprise MRG before 1.2.2 allows remote authenticated users to cause a denial of service (stack memory exhaustion and broker crash) via a large persistent message. lib/MessageStoreImpl.cpp en Red Hat Enterprise MRG en versiones anteriores a la 1.2.2 permite a atacantes remotos autenticados provocar una denegación de servicio (agotamiento de la pila de la memoria y caída del sistema) mediante un mensaje persistente grande. • http://www.redhat.com/support/errata/RHSA-2010-0756.html http://www.redhat.com/support/errata/RHSA-2010-0757.html https://bugzilla.redhat.com/show_bug.cgi?id=634014 https://bugzilla.redhat.com/show_bug.cgi?id=640006 https://access.redhat.com/security/cve/CVE-2010-3701 • CWE-399: Resource Management Errors •
CVE-2010-3083 – MRG: SSL connections to MRG broker can be blocked
https://notcve.org/view.php?id=CVE-2010-3083
sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake. sys/ssl/SslSocket.cpp en qpidd en Apache Qpid, como se usa en Red Hat Enterprise MRG en versiones anteriores a la 1.2.2 y otros productos, cuando SSL está habilitado, permite a atacantes remotos provocar una denegación de servicio (parada de demonio) conectando al puerto SSL pero no participando en una negociación SSL. • http://secunia.com/advisories/41710 http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp?r1=790291&r2=790290&pathrev=790291&view=patch http://www.openwall.com/lists/oss-security/2010/10/08/1 http://www.redhat.com/support/errata/RHSA-2010-0756.html http://www.redhat.com/support/errata/RHSA-2010-0757.html https://bugzilla.redhat.com/show_bug.cgi?id=632657 https://access.redhat.com/security/cve/CVE-2010-3083 •