CVSS: 5.0EPSS: 7%CPEs: 5EXPL: 2CVE-2009-1378 – OpenSSL: DTLS fragment handling memory DoS
https://notcve.org/view.php?id=CVE-2009-1378
Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak." Múltiples fugas de memoria en la función dtls1_process_out_of_seq_message en ssl/d1_both.c en OpenSSL v0.9.8k y anteriores permite a atacantes remotos producir una denegación de servicio (consumo de memoria) a través de registros DTLS que (1) son duplicados o (2) tienen una secuencia de números mucho mayor que la actual secuencia de números, conocido también como "fuga de memoria en el manejo de fragmentos DTLS". • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc http://cvs.openssl.org/chngview?cn=18188 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444 http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://marc.info/?l=openssl-dev&m=124247679213944&w=2 http://marc.info/?l=openssl-dev&m=124263491424212&w=2 http://rt.openssl.org/Ticket/Dis • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 4.4EPSS: 0%CPEs: 13EXPL: 3CVE-2009-1630 – kernel: nfs: fix NFS v4 client handling of MAY_EXEC in nfs_permission
https://notcve.org/view.php?id=CVE-2009-1630
The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver. La función nfs_permission en fs/nfs/dir.c en la implementación cliente NFS en Linux kernel v2.6.29.3 y versiones anteriores, cuando atomic_open está activo, no comprueba la ejecución (también conocido como EXEC or MAY_EXEC) de permisos de bits, lo cual permite a usuarios locales evitar permisos y ejecutar ficheros, como lo demostrado por ficheros en un servidor de ficheros NFSv4. • http://article.gmane.org/gmane.linux.nfs/26592 http://bugzilla.linux-nfs.org/show_bug.cgi?id=131 http://linux-nfs.org/pipermail/nfsv4/2006-November/005313.html http://linux-nfs.org/pipermail/nfsv4/2006-November/005323.html http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html http://secunia.com/advisories/35106 http://secunia.com/advisories/35298 http://secunia.com/advisories/35394 http&# • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2009-1191 – httpd mod_proxy_ajp information disclosure
https://notcve.org/view.php?id=CVE-2009-1191
mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request. mod_proxy_ajp.c en el módulo mod_proxy_ajp en el servidor HTTP Apache v2.2.11 permite a atacantes remotos obtener datos de respuesta sensibles, lo que esta previsto para un cliente que envío una petición POST temprana sin cuerpo de petición, a través de una petición HTTP. • http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://osvdb.org/53921 http://secunia.com/advisories/34827 http://secunia.com/advisories/35395 http://secunia.com/advisories/35721 http://security.gentoo.org/glsa/glsa-200907-04.xml http://support.apple.com/kb/HT3937 http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?r1=766938&r2=767089 http://www.apache.org/dist/httpd/patches/apply_to_2.2.11/PR46949.diff http://www.mandriva.com/security&# •
CVSS: 7.5EPSS: 4%CPEs: 21EXPL: 0CVE-2009-0946 – freetype: multiple integer overflows
https://notcve.org/view.php?id=CVE-2009-0946
Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c. Múltiples desbordamientos de entero en FreeType v2.3.9 y anteriores permiten a atacantes remotos ejecutar código de su elección mediante vectores relacionados con valores grandes en ciertas entradas en (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, y (3) cff/cffload.c. • http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/May/msg • CWE-190: Integer Overflow or Wraparound •
CVSS: 2.1EPSS: 0%CPEs: 18EXPL: 0CVE-2009-1186
https://notcve.org/view.php?id=CVE-2009-1186
Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments. Desbordamiento de búfer en la función util_path_encode en udev/lib/libudev-util.c en udev antes de v1.4.1 permite a usuarios locales provocar una denegación de servicio (parada del servicio) mediante vectores que disparan una llamada con argumentos manipulados. • http://git.kernel.org/?p=linux/hotplug/udev.git%3Ba=commitdiff%3Bh=662c3110803bd8c1aedacc36788e6fd028944314 http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00006.html http://secunia.com/advisories/34731 http://secunia.com/advisories/34750 http://secunia.com/advisories/34753 http://secunia.com/advisories/34771 http://secunia.com/advisories/34776 http://secunia.com/advisories/34785 http://secunia.com/advisories/34787 http://secunia.com/advisories/34801 http://slackware.com/sec • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •