CVE-2009-0689

Executive Summary

Informations
Name	CVE-2009-0689	First vendor Publication	2009-07-01
Vendor	Cve	Last vendor Modification	2010-11-15

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score	6.8	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Security Protection

Impacts

Provides unauthorized access : Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service.

Detail

Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0689

CAPEC : Common Attack Pattern Enumeration & Classification

id	Name
CAPEC-8	Buffer Overflow in an API Call
CAPEC-9	Buffer Overflow in Local Command-Line Utilities
CAPEC-10	Buffer Overflow via Environment Variables
CAPEC-14	Client-side Injection-induced Buffer Overflow
CAPEC-24	Filter Failure through Buffer Overflow
CAPEC-42	MIME Conversion
CAPEC-44	Overflow Binary Resource File
CAPEC-45	Buffer Overflow via Symbolic Links
CAPEC-46	Overflow Variables and Tags
CAPEC-47	Buffer Overflow via Parameter Expansion
CAPEC-100	Overflow Buffers

CWE : Common Weakness Enumeration

id	Name
CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer
CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:9541

Oval ID:	oval:org.mitre.oval:def:9541
Title:	Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.
Description:	Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-0689	Version:	5
Platform(s):	Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section thunderbird is earlier than 0:1.5.0.12-25.el4 AND kdelibs is earlier than 6:3.3.1-17.el4_8.1 AND kdelibs-devel is earlier than 6:3.3.1-17.el4_8.1 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section kdelibs-apidocs is earlier than 6:3.5.4-25.el5_4.1 AND thunderbird is earlier than 0:2.0.0.24-2.el5_4 AND kdelibs is earlier than 6:3.5.4-25.el5_4.1 AND kdelibs-devel is earlier than 6:3.5.4-25.el5_4.1

Definition Id: oval:org.mitre.oval:def:6528

Oval ID:	oval:org.mitre.oval:def:6528
Title:	Mozilla Firefox Floating Point Memory Allocation Vulnerability
Description:	Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-0689	Version:	4
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7	Product(s):	Mozilla Firefox
Definition Synopsis:
Mozilla Firefox is installed AND Mozilla Firefox version 3.0.x to 3.0.14 and 3.5.x to 3.5.3

CPE : Common Platform Enumeration

Type	Description	Count
Application	K-Meleon Project K-Meleon cpe:/a:k-meleon_project:k-meleon:1.5.3	1
Application	Mozilla Firefox cpe:/a:mozilla:firefox:3.5.3 cpe:/a:mozilla:firefox:3.5.2 cpe:/a:mozilla:firefox:3.5.1 cpe:/a:mozilla:firefox:3.5 cpe:/a:mozilla:firefox:3.0.9 cpe:/a:mozilla:firefox:3.0.8 cpe:/a:mozilla:firefox:3.0.7 cpe:/a:mozilla:firefox:3.0.6 cpe:/a:mozilla:firefox:3.0.5 cpe:/a:mozilla:firefox:3.0.4 cpe:/a:mozilla:firefox:3.0.3 cpe:/a:mozilla:firefox:3.0.2 cpe:/a:mozilla:firefox:3.0.14 cpe:/a:mozilla:firefox:3.0.13 cpe:/a:mozilla:firefox:3.0.12 cpe:/a:mozilla:firefox:3.0.11 cpe:/a:mozilla:firefox:3.0.10 cpe:/a:mozilla:firefox:3.0.1	18
Application	Mozilla Seamonkey cpe:/a:mozilla:seamonkey:1.1.8	1
Os	Freebsd Freebsd cpe:/o:freebsd:freebsd:7.2:pre-release cpe:/o:freebsd:freebsd:7.2:stable cpe:/o:freebsd:freebsd:7.2 cpe:/o:freebsd:freebsd:6.4:release cpe:/o:freebsd:freebsd:6.4:release_p4 cpe:/o:freebsd:freebsd:6.4:release_p5 cpe:/o:freebsd:freebsd:6.4 cpe:/o:freebsd:freebsd:6.4:release_p3 cpe:/o:freebsd:freebsd:6.4:release_p2 cpe:/o:freebsd:freebsd:6.4:stable	10
Os	Netbsd Netbsd cpe:/o:netbsd:netbsd:5.0	1
Os	Openbsd Openbsd cpe:/o:openbsd:openbsd:4.5	1

ExploitDB Exploits

id	Description
2009-12-11	Sunbird 0.9 Array Overrun (code execution) 0day
2009-11-19	Opera 10.01 Remote Array Overrun
2009-11-19	K-Meleon 1.5.3 Remote Array Overrun
2009-11-19	SeaMonkey 1.1.8 Remote Array Overrun
2009-11-19	KDE KDELibs 4.3.3 Remote Array Overrun

Open Source Vulnerability Database (OSVDB)

id	Description
63646	J Programming Language libc dtoa Implementation Floating Point Parsing Memory...
63641	Matlab libc dtoa Implementation Floating Point Parsing Memory Corruption
63639	Apple Mac OS X libc dtoa Implementation Floating Point Parsing Memory Corruption
62402	K-Meleon libc dtoa Implementation Floating Point Parsing Memory Corruption
61189	Mozilla Sunbird libc dtoa Implementation Floating Point Parsing Memory Corrup...
61188	Flock Browser libc dtoa Implementation Floating Point Parsing Memory Corruption
61187	KDE kdelibs libc dtoa Implementation Floating Point Parsing Memory Corruption
61186	Opera libc dtoa Implementation Floating Point Parsing Memory Corruption
61091	Mozilla Multiple Products libc dtoa Implementation Floating Point Parsing Mem...
55603	libc gdtoa/misc.c dtoa() Implementation printf Function Array Overflow

Internal Sources (Detail)

Source	Url
APPLE	http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html
BID	http://www.securityfocus.com/bid/35510
BUGTRAQ	http://www.securityfocus.com/archive/1/archive/1/507977/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/507979/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/508417/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/508423/100/0/threaded
CONFIRM	http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gdtoa/gdtoaimp.h http://support.apple.com/kb/HT4077 http://support.apple.com/kb/HT4225 http://www.mozilla.org/security/announce/2009/mfsa2009-59.html http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/misc.c http://www.opera.com/support/kb/view/942/ https://bugzilla.mozilla.org/show_bug.cgi?id=516396 https://bugzilla.mozilla.org/show_bug.cgi?id=516862
MANDRIVA	http://www.mandriva.com/security/advisories?name=MDVSA-2009:294 http://www.mandriva.com/security/advisories?name=MDVSA-2009:330
MISC	http://secunia.com/secunia_research/2009-35/
REDHAT	http://www.redhat.com/support/errata/RHSA-2009-1601.html http://www.redhat.com/support/errata/RHSA-2010-0153.html http://www.redhat.com/support/errata/RHSA-2010-0154.html
SECTRACK	http://securitytracker.com/id?1022478
SECUNIA	http://secunia.com/advisories/37431 http://secunia.com/advisories/37682 http://secunia.com/advisories/37683 http://secunia.com/advisories/38066 http://secunia.com/advisories/38977 http://secunia.com/advisories/39001
SREASONRES	http://securityreason.com/achievement_securityalert/63 http://securityreason.com/achievement_securityalert/69 http://securityreason.com/achievement_securityalert/71 http://securityreason.com/achievement_securityalert/72 http://securityreason.com/achievement_securityalert/73 http://securityreason.com/achievement_securityalert/75 http://securityreason.com/achievement_securityalert/76 http://securityreason.com/achievement_securityalert/77 http://securityreason.com/achievement_securityalert/78 http://securityreason.com/achievement_securityalert/81
SUNALERT	http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1
SUSE	http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
UBUNTU	http://www.ubuntu.com/usn/USN-915-1
VUPEN	http://www.vupen.com/english/advisories/2009/3297 http://www.vupen.com/english/advisories/2009/3299 http://www.vupen.com/english/advisories/2009/3334 http://www.vupen.com/english/advisories/2010/0094 http://www.vupen.com/english/advisories/2010/0648 http://www.vupen.com/english/advisories/2010/0650

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-05-10 23:45:04	Multiple Updates
2013-05-01 17:22:35	Multiple Updates
2013-05-01 13:28:04	Multiple Updates
2013-05-01 09:22:45	Multiple Updates
2013-05-01 05:38:29	Multiple Updates

Type	Count
Capec ID(s)	11
CWE ID(s)	1
Oval ID(s)	2
CPE ID(s)	32
osvdb(s)	10
ExploitDB Exploit(s)	5

Related	Severity
USN-915-1	(Critical)
SUN-272909	(Critical)
RHSA-2010:0154	(Critical)
RHSA-2010:0153	(Critical)
MDVSA-2010:071	(Critical)
MDVSA-2009:346	(Critical)
MDVSA-2009:294	(Critical)
MDVSA-2010:027	(Critical)
MDVSA-2009:330	(Critical)
MDVSA-2010:028	(High)
USN-871-1	(Medium)
RHSA-2009:1601	(Medium)
DSA-1998	(Medium)