CVE-2009-2408 – firefox/nss: doesn't handle NULL in Common Name properly
https://notcve.org/view.php?id=CVE-2009-2408
Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5. Mozilla Firefox anterior a v3.5 y NSS anterior a v3.12.3 no tratan apropiadamente un carácter '\0' en un nombre de dominio en el campo nombre común (CN) del asunto de un certificado X.509, que permite a un atacante de hombre-en-el-medio suplantar servidores SSL arbitrarios a través de un certificado manipulado por una autoridad de certificación. • http://isc.sans.org/diary.html?storyid=7003 http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html http://marc.info/?l=oss-security&m=125198917018936&w=2 http://osvdb.org/56723 http://secunia.com/advisories/36088 http://secunia.com/advisories/36125 http://secunia.com/advisories/36139 http://secunia.com/advisories/36157 http://secunia.com/advisories/36434 http://secunia.com/advisories/36669 http://secunia.com/advisories/37098 http://sunsolve.sun.com • CWE-295: Improper Certificate Validation •
CVE-2009-1721
https://notcve.org/view.php?id=CVE-2009-1721
The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer. La implementación de la descompresión en la función Imf::hufUncompress en OpenEXR v1.2.2 y v1.6.1 permite a los atacantes dependientes del contexto provocar una denegación de servicio (finalización de la aplicación) o posiblemente ejecutar código de su elección mediante vectores que provocan una estructura de punteros no inicializados. • http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00000.html http://release.debian.org/proposed-updates/stable_diffs/openexr_1.6.1-3%2Blenny3.debdiff http://secunia.com/advisories/36030 http://secunia.com/advisories/36032 http://secunia.com/advisories/36096 http://secunia.com/advisories/36123 http://secunia.com/advisories/36753 http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2 • CWE-824: Access of Uninitialized Pointer •
CVE-2009-1895 – kernel: personality: fix PER_CLEAR_ON_SETID
https://notcve.org/view.php?id=CVE-2009-1895
The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PER_CLEAR_ON_SETID setting that does not clear the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to (1) conduct NULL pointer dereference attacks, (2) bypass the mmap_min_addr protection mechanism, or (3) defeat address space layout randomization (ASLR). El subsistema de personalidad en el Linux kernel anterior a v2.6.31-rc3 tiene establecido que PER_CLEAR_ON_SETID no borre las banderas ADDR_COMPAT_LAYOUT y MMAP_PAGE_ZERO cuando ejecuta un programa setuid o setgid, lo que facilita a usuarios locales aprovechar los detalles del uso actual de memoria para (1) llevar a cabo ataques de deferencia a punteros NULOS, (2) evitar el mecanismo de protección mmap_min_addr o (3) rechazar aleatoriamente el espacio en la capa de direcciones (ASLR). • http://blog.cr0.org/2009/06/bypassing-linux-null-pointer.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f9fabcb58a6d26d6efde842d1703ac7cfa9427b6 http://patchwork.kernel.org/patch/32598 http://secunia.com/advisories/35801 http://secunia.com/advisories/36045 http://secunia.com/advisories/36051 http://secunia.com/advisories/36054 http://secunia.com/advisories/36116 http://secunia.com/advisories/36131 http://secunia.com/advisories/36759 http:// • CWE-16: Configuration •
CVE-2009-1891 – httpd: possible temporary DoS (CPU consumption) in mod_deflate
https://notcve.org/view.php?id=CVE-2009-1891
The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption). El módulo mod_deflate en Apache httpd v2.2.11 y anteriores comprime archivos de gran tamaño hasta finalizar incluso después de que la conexión de red asociada está cerrada, lo cual permite a atacantes remotos provocar una denegación de servicio (consumo de CPU). • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534712 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html http://marc.info/?l=apache-httpd-dev&m=124621326524824&w=2 http://marc.info/?l=apache-httpd-dev&m=124661528519546&w=2 http://marc.info/?l=bugtraq&m=129190899612998&w=2 http://marc.info/? • CWE-400: Uncontrolled Resource Consumption •
CVE-2009-1890 – httpd: mod_proxy reverse proxy DoS (infinite loop)
https://notcve.org/view.php?id=CVE-2009-1890
The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests. La función stream_reqbody_cl de mod_proxy_http.c en el módulo mod_proxy del Servidor HTTP de Apache anterior a v2.3.3, cuando está configurado un proxy inverso, no maneja adecuadamente un flujo de datos que exceda el valor de Content-Length (Longitud del Contenido), esto permite a atacantes remotos provocar una denegación de servicio (consumo de la CPU) a través de una solicitud manipulada. • http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html http://marc.info/?l=bugtraq&m=129190899612998&w=2 http://osvdb.org/55553 http://secunia.com/advisories/35691 http://secunia.com/advisories/35721 http://secunia.com/advisories/35793 http://secunia.com/advisories/35865 http://secunia.com/advisories/37152 http://secunia.com/advisories/37221 http://security.gentoo.org/glsa/glsa-2009 • CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •