9.3 - CVE-2009-0733

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Informations
Name	CVE-2009-0733	First vendor Publication	2009-03-23
Vendor	Cve	Last vendor Modification	2022-02-07

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0733

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-787	Out-of-bounds Write (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13131

Oval ID:	oval:org.mitre.oval:def:13131
Title:	USN-744-1 -- lcms vulnerabilities
Description:	Chris Evans discovered that LittleCMS did not properly handle certain error conditions, resulting in a large memory leak. If a user or automated system were tricked into processing an image with malicious ICC tags, a remote attacker could cause a denial of service. Chris Evans discovered that LittleCMS contained multiple integer overflows. If a user or automated system were tricked into processing an image with malicious ICC tags, a remote attacker could crash applications linked against liblcms1, leading to a denial of service, or possibly execute arbitrary code with user privileges. Chris Evans discovered that LittleCMS did not properly perform bounds checking, leading to a buffer overflow. If a user or automated system were tricked into processing an image with malicious ICC tags, a remote attacker could execute arbitrary code with user privileges
Family:	unix	Class:	patch
Reference(s):	USN-744-1 CVE-2009-0581 CVE-2009-0723 CVE-2009-0733	Version:	5
Platform(s):	Ubuntu 7.10 Ubuntu 8.04 Ubuntu 6.06 Ubuntu 8.10	Product(s):	lcms
Definition Synopsis:
Release section Ubuntu 7.10 is installed AND Supported architectures section Installed architecture is sparc AND Installed architecture is i386 AND Installed architecture is amd64 AND Installed architecture is lpia AND Installed architecture is powerpc AND Packages section liblcms1-dev DPKG is earlier than 1.16-5ubuntu3.2 AND python-liblcms DPKG is earlier than 1.16-5ubuntu3.2 AND liblcms-utils DPKG is earlier than 1.16-5ubuntu3.2 AND liblcms1 DPKG is earlier than 1.16-5ubuntu3.2 OR Release section Ubuntu 8.04 is installed AND Supported architectures section Installed architecture is sparc AND Installed architecture is i386 AND Installed architecture is amd64 AND Installed architecture is lpia AND Installed architecture is powerpc AND Packages section liblcms1-dev DPKG is earlier than 1.16-7ubuntu1.2 AND python-liblcms DPKG is earlier than 1.16-7ubuntu1.2 AND liblcms-utils DPKG is earlier than 1.16-7ubuntu1.2 AND liblcms1 DPKG is earlier than 1.16-7ubuntu1.2 OR Release section Ubuntu 6.06 is installed AND Supported architectures section Installed architecture is sparc AND Installed architecture is i386 AND Installed architecture is amd64 AND Installed architecture is powerpc AND Packages section liblcms1-dev DPKG is earlier than 1.13-1ubuntu0.2 AND liblcms-utils DPKG is earlier than 1.13-1ubuntu0.2 AND liblcms1 DPKG is earlier than 1.13-1ubuntu0.2 OR Release section Ubuntu 8.10 is installed AND Supported architectures section Installed architecture is sparc AND Installed architecture is i386 AND Installed architecture is amd64 AND Installed architecture is lpia AND Installed architecture is powerpc AND Packages section liblcms1-dev DPKG is earlier than 1.16-10ubuntu0.2 AND python-liblcms DPKG is earlier than 1.16-10ubuntu0.2 AND liblcms-utils DPKG is earlier than 1.16-10ubuntu0.2 AND liblcms1 DPKG is earlier than 1.16-10ubuntu0.2

Definition Id: oval:org.mitre.oval:def:13591

Oval ID:	oval:org.mitre.oval:def:13591
Title:	DSA-1745-2 lcms -- several vulnerabilities
Description:	This update fixes a possible regression introduced in DSA-1745-1 and also enhances the security patch. For reference the original advisory text is below. Several security issues have been discovered in lcms, a color management library. The Common Vulnerabilities andi Exposures project identifies the following problems: CVE-2009-0581 Chris Evans discovered that lcms is affected by a memory leak, which could result in a denial of service via specially crafted image files. CVE-2009-0723 Chris Evans discovered that lcms is prone to several integer overflows via specially crafted image files, which could lead to the execution of arbitrary code. CVE-2009-0733 Chris Evans discovered the lack of upper-gounds check on sizes leading to a buffer overflow, which could be used to execute arbitrary code. For the stable distribution, these problems have been fixed in version 1.17.dfsg-1+lenny2. For the oldstable distribution, these problems have been fixed in version 1.15-1.1+etch3. For the testing distribution and the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your lcms packages.
Family:	unix	Class:	patch
Reference(s):	DSA-1745-2 CVE-2009-0581 CVE-2009-0723 CVE-2009-0733	Version:	5
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	lcms
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section liblcms1-dev DPKG is earlier than 1.17.dfsg-1+lenny2 AND liblcms1 DPKG is earlier than 1.17.dfsg-1+lenny2 AND liblcms-utils DPKG is earlier than 1.17.dfsg-1+lenny2 AND python-liblcms DPKG is earlier than 1.17.dfsg-1+lenny2 OR Release section Debian GNU/Linux 4.0 is installed. AND Packages section liblcms1-dev DPKG is earlier than 1.15-1.1+etch3 AND liblcms-utils DPKG is earlier than 1.15-1.1+etch3 AND liblcms1 DPKG is earlier than 1.15-1.1+etch3

Definition Id: oval:org.mitre.oval:def:13746

Oval ID:	oval:org.mitre.oval:def:13746
Title:	DSA-1745-1 lcms -- several vulnerabilities
Description:	Several security issues have been discovered in lcms, a color management library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0581 Chris Evans discovered that lcms is affected by a memory leak, which could result in a denial of service via specially crafted image files. CVE-2009-0723 Chris Evans discovered that lcms is prone to several integer overflows via specially crafted image files, which could lead to the execution of arbitrary code. CVE-2009-0733 Chris Evans discovered the lack of upper-gounds check on sizes leading to a buffer overflow, which could be used to execute arbitrary code. For the stable distribution, these problems have been fixed in version 1.17.dfsg-1+lenny1. For the oldstable distribution, these problems have been fixed in version 1.15-1.1+etch2. For the testing distribution and the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your lcms packages.
Family:	unix	Class:	patch
Reference(s):	DSA-1745-1 CVE-2009-0581 CVE-2009-0723 CVE-2009-0733	Version:	5
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	lcms
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section liblcms1-dev DPKG is earlier than 1.17.dfsg-1+lenny1 AND liblcms1 DPKG is earlier than 1.17.dfsg-1+lenny1 AND liblcms-utils DPKG is earlier than 1.17.dfsg-1+lenny1 AND python-liblcms DPKG is earlier than 1.17.dfsg-1+lenny1 OR Release section Debian GNU/Linux 4.0 is installed. AND Packages section liblcms1-dev DPKG is earlier than 1.15-1.1+etch2 AND liblcms-utils DPKG is earlier than 1.15-1.1+etch2 AND liblcms1 DPKG is earlier than 1.15-1.1+etch2

Definition Id: oval:org.mitre.oval:def:22595

Oval ID:	oval:org.mitre.oval:def:22595
Title:	ELSA-2009:0339: lcms security update (Moderate)
Description:	Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions.
Family:	unix	Class:	patch
Reference(s):	ELSA-2009:0339-01 CVE-2009-0581 CVE-2009-0723 CVE-2009-0733	Version:	17
Platform(s):	Oracle Linux 5	Product(s):	lcms
Definition Synopsis:
Oracle Linux 5.x rpm test lcms is earlier than 0:1.18-0.1.beta1.el5_3.2 AND lcms-devel is earlier than 0:1.18-0.1.beta1.el5_3.2 AND python-lcms is earlier than 0:1.18-0.1.beta1.el5_3.2

Definition Id: oval:org.mitre.oval:def:29236

Oval ID:	oval:org.mitre.oval:def:29236
Title:	RHSA-2009:0339 -- lcms security update (Moderate)
Description:	Updated lcms packages that resolve several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Little Color Management System (LittleCMS) is a small-footprint, speed-optimized open source color management engine. Multiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found in LittleCMS. An attacker could use these flaws to create a specially-crafted image file which could cause an application using LittleCMS to crash, or, possibly, execute arbitrary code when opened by a victim. (CVE-2009-0723, CVE-2009-0733)
Family:	unix	Class:	patch
Reference(s):	RHSA-2009:0339 CVE-2009-0581 CVE-2009-0723 CVE-2009-0733	Version:	3
Platform(s):	Red Hat Enterprise Linux 5	Product(s):	lcms
Definition Synopsis:
The operating system installed on the system is Red Hat Enterprise Linux 5 Packages match section lcms-devel is earlier than 0:1.18-0.1.beta1.el5_3.2 AND lcms is earlier than 0:1.18-0.1.beta1.el5_3.2 AND python-lcms is earlier than 0:1.18-0.1.beta1.el5_3.2

Definition Id: oval:org.mitre.oval:def:7412

Oval ID:	oval:org.mitre.oval:def:7412
Title:	DSA-1745 lcms -- several vulnerabilities
Description:	Several security issues have been discovered in lcms, a color management library. The Common Vulnerabilities and Exposures project identifies the following problems: Chris Evans discovered that lcms is affected by a memory leak, which could result in a denial of service via specially crafted image files. Chris Evans discovered that lcms is prone to several integer overflows via specially crafted image files, which could lead to the execution of arbitrary code. Chris Evans discovered the lack of upper-bounds check on sizes leading to a buffer overflow, which could be used to execute arbitrary code.
Family:	unix	Class:	patch
Reference(s):	DSA-1745 CVE-2009-0581 CVE-2009-0723 CVE-2009-0733	Version:	3
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	lcms
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section liblcms1-dev is earlier than 1.17.dfsg-1+lenny1 AND liblcms1 is earlier than 1.17.dfsg-1+lenny1 AND liblcms-utils is earlier than 1.17.dfsg-1+lenny1 AND python-liblcms is earlier than 1.17.dfsg-1+lenny1 OR Release section Debian GNU/Linux 4.0 is installed. AND Packages section liblcms1-dev is earlier than 1.15-1.1+etch2 AND liblcms-utils is earlier than 1.15-1.1+etch2 AND liblcms1 is earlier than 1.15-1.1+etch2

Definition Id: oval:org.mitre.oval:def:9742

Oval ID:	oval:org.mitre.oval:def:9742
Title:	Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions.
Description:	Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-0733	Version:	5
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section python-lcms is earlier than 0:1.18-0.1.beta1.el5_3.2 AND lcms-devel is earlier than 0:1.18-0.1.beta1.el5_3.2 AND java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-0.30.b09.el5 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-0.30.b09.el5 AND lcms is earlier than 0:1.18-0.1.beta1.el5_3.2 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-0.30.b09.el5 AND java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-0.30.b09.el5 AND java-1.6.0-openjdk is earlier than 1:1.6.0.0-0.30.b09.el5

CPE : Common Platform Enumeration

Type	Description	Count
Application	Gimp cpe:2.3:a:gimp:gimp::::::::	1
Application	Mozilla Firefox cpe:2.3:a:mozilla:firefox:3.1:beta1::::::	1
Application	Sun Openjdk cpe:2.3:a:sun:openjdk:7:::::::* cpe:2.3:a:sun:openjdk:6:::::::* cpe:2.3:a:sun:openjdk:1.6.0.0:::::::* cpe:2.3:a:sun:openjdk::::::::	4

OpenVAS Exploits

Date	Description
2011-08-09	Name : CentOS Update for java CESA-2009:0377 centos5 i386 File : nvt/gb_CESA-2009_0377_java_centos5_i386.nasl
2009-12-10	Name : Mandriva Security Advisory MDVSA-2009:121-1 (lcms) File : nvt/mdksa_2009_121_1.nasl
2009-10-13	Name : SLES10: Security update for liblcms File : nvt/sles10_liblcms.nasl
2009-10-11	Name : SLES11: Security update for lcms File : nvt/sles11_lcms.nasl
2009-10-10	Name : SLES9: Security update for liblcms File : nvt/sles9p5045880.nasl
2009-08-17	Name : Mandrake Security Advisory MDVSA-2009:162 (java-1.6.0-openjdk) File : nvt/mdksa_2009_162.nasl
2009-06-23	Name : Mandrake Security Advisory MDVSA-2009:137 (java-1.6.0-openjdk) File : nvt/mdksa_2009_137.nasl
2009-06-05	Name : Ubuntu USN-744-1 (lcms) File : nvt/ubuntu_744_1.nasl
2009-06-05	Name : Ubuntu USN-743-1 (gs-gpl) File : nvt/ubuntu_743_1.nasl
2009-06-05	Name : Mandrake Security Advisory MDVSA-2009:121 (lcms) File : nvt/mdksa_2009_121.nasl
2009-05-11	Name : Fedora Core 10 FEDORA-2009-3967 (lcms) File : nvt/fcore_2009_3967.nasl
2009-05-11	Name : Fedora Core 9 FEDORA-2009-3914 (lcms) File : nvt/fcore_2009_3914.nasl
2009-04-20	Name : Gentoo Security Advisory GLSA 200904-19 (littlecms) File : nvt/glsa_200904_19.nasl
2009-04-15	Name : CentOS Security Advisory CESA-2009:0377 (java-1.6.0-openjdk) File : nvt/ovcesa2009_0377.nasl
2009-04-15	Name : Debian Security Advisory DSA 1769-1 (openjdk-6) File : nvt/deb_1769_1.nasl
2009-04-15	Name : RedHat Security Advisory RHSA-2009:0377 File : nvt/RHSA_2009_0377.nasl
2009-03-31	Name : Fedora Core 9 FEDORA-2009-3034 (java-1.6.0-openjdk) File : nvt/fcore_2009_3034.nasl
2009-03-31	Name : Fedora Core 9 FEDORA-2009-2983 (java-1.6.0-openjdk) File : nvt/fcore_2009_2983.nasl
2009-03-31	Name : Fedora Core 10 FEDORA-2009-2982 (java-1.6.0-openjdk) File : nvt/fcore_2009_2982.nasl
2009-03-31	Name : Fedora Core 10 FEDORA-2009-2970 (lcms) File : nvt/fcore_2009_2970.nasl
2009-03-31	Name : Fedora Core 9 FEDORA-2009-2928 (lcms) File : nvt/fcore_2009_2928.nasl
2009-03-31	Name : Fedora Core 9 FEDORA-2009-2910 (lcms) File : nvt/fcore_2009_2910.nasl
2009-03-31	Name : Fedora Core 10 FEDORA-2009-2903 (lcms) File : nvt/fcore_2009_2903.nasl
2009-03-31	Name : Debian Security Advisory DSA 1745-2 (lcms) File : nvt/deb_1745_2.nasl
2009-03-31	Name : SuSE Security Summary SUSE-SR:2009:007 File : nvt/suse_sr_2009_007.nasl
2009-03-31	Name : Debian Security Advisory DSA 1745-1 (lcms) File : nvt/deb_1745_1.nasl
2009-03-20	Name : RedHat Security Advisory RHSA-2009:0339 File : nvt/RHSA_2009_0339.nasl
0000-00-00	Name : Slackware Advisory SSA:2009-083-01 lcms File : nvt/esoft_slk_ssa_2009_083_01.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
56309	Little CMS (lcms) ReadSetOfCurves Function Image File Handling Overflow

Nessus® Vulnerability Scanner

Date	Description
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0377.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0339.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090319_lcms_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2010-01-06	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0377.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12361.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_lcms-090317.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_liblcms-6048.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_1_lcms-090309.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-openjdk-090312.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_lcms-090309.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_6_0-openjdk-090312.nasl - Type : ACT_GATHER_INFO
2009-06-21	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-137.nasl - Type : ACT_GATHER_INFO
2009-05-22	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-121.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Fedora host is missing a security update. File : fedora_2009-2903.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Fedora host is missing a security update. File : fedora_2009-2982.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Fedora host is missing a security update. File : fedora_2009-2970.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-744-1.nasl - Type : ACT_GATHER_INFO
2009-04-21	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200904-19.nasl - Type : ACT_GATHER_INFO
2009-04-13	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1769.nasl - Type : ACT_GATHER_INFO
2009-04-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0377.nasl - Type : ACT_GATHER_INFO
2009-03-27	Name : The remote Fedora host is missing a security update. File : fedora_2009-3034.nasl - Type : ACT_GATHER_INFO
2009-03-25	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-083-01.nasl - Type : ACT_GATHER_INFO
2009-03-24	Name : The remote openSUSE host is missing a security update. File : suse_liblcms-6049.nasl - Type : ACT_GATHER_INFO
2009-03-24	Name : The remote Fedora host is missing a security update. File : fedora_2009-2910.nasl - Type : ACT_GATHER_INFO
2009-03-24	Name : The remote Fedora host is missing a security update. File : fedora_2009-2983.nasl - Type : ACT_GATHER_INFO
2009-03-24	Name : The remote Fedora host is missing a security update. File : fedora_2009-2928.nasl - Type : ACT_GATHER_INFO
2009-03-20	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0339.nasl - Type : ACT_GATHER_INFO
2009-03-20	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1745.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/34185
BUGTRAQ	http://www.securityfocus.com/archive/1/502018/100/0/threaded http://www.securityfocus.com/archive/1/502031/100/0/threaded
CONFIRM	https://bugzilla.redhat.com/show_bug.cgi?id=487512
DEBIAN	http://www.debian.org/security/2009/dsa-1745 http://www.debian.org/security/2009/dsa-1769
FEDORA	https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00794.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00799.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00811.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00851.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00856.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00857.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00921.html
GENTOO	http://security.gentoo.org/glsa/glsa-200904-19.xml
MANDRIVA	http://www.mandriva.com/security/advisories?name=MDVSA-2009:121 http://www.mandriva.com/security/advisories?name=MDVSA-2009:137 http://www.mandriva.com/security/advisories?name=MDVSA-2009:162
MISC	http://scary.beasts.org/security/CESA-2009-003.html http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html http://www.ocert.org/advisories/ocert-2009-003.html
OVAL	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
REDHAT	http://www.redhat.com/support/errata/RHSA-2009-0339.html https://rhn.redhat.com/errata/RHSA-2009-0377.html
SECTRACK	http://www.securitytracker.com/id?1021869
SECUNIA	http://secunia.com/advisories/34367 http://secunia.com/advisories/34382 http://secunia.com/advisories/34400 http://secunia.com/advisories/34408 http://secunia.com/advisories/34418 http://secunia.com/advisories/34442 http://secunia.com/advisories/34450 http://secunia.com/advisories/34454 http://secunia.com/advisories/34463 http://secunia.com/advisories/34632 http://secunia.com/advisories/34675 http://secunia.com/advisories/34782
SLACKWARE	http://slackware.com/security/viewer.php?l=slackware-security&y=2009&...
SUSE	http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
UBUNTU	http://www.ubuntu.com/usn/USN-744-1
VUPEN	http://www.vupen.com/english/advisories/2009/0775
XF	https://exchange.xforce.ibmcloud.com/vulnerabilities/49330

Alert History

If you want to see full details history, please login or register.

Date	Informations
2022-02-08 12:07:10	Multiple Updates
2020-05-23 01:40:05	Multiple Updates
2020-05-23 00:23:25	Multiple Updates
2018-10-11 00:19:31	Multiple Updates
2017-09-29 09:24:05	Multiple Updates
2017-08-17 09:22:29	Multiple Updates
2016-04-26 18:40:03	Multiple Updates
2014-02-17 10:49:00	Multiple Updates
2013-05-10 23:45:11	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	7
CPE ID(s)	6
Sources(s)	41
osvdb(s)	1
Openvas Exploit(s)	28
Nessus® Exploit(s)	28

	Related
10	RHSA-2009:0377
10	MDVSA-2009:162
10	MDVSA-2009:137
10	DSA-1769
9.3	USN-744-1
9.3	RHSA-2009:0339
9.3	MDVSA-2009:121-1
9.3	MDVSA-2009:121
9.3	GLSA-200904-19
9.3	DSA-1745
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 10 more Alert(s)