CVE-2009-2905

Executive Summary

Informations
Name	CVE-2009-2905	First vendor Publication	2009-09-29
Vendor	Cve	Last vendor Modification	2010-08-21

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	4.6	Attack Range	Local
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	3.9	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Heap-based buffer overflow in textbox.c in newt 0.51.5, 0.51.6, and 0.52.2 allows local users to cause a denial of service (application crash) or possibly execute arbitrary code via a request to display a crafted text dialog box.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2905

CWE : Common Weakness Enumeration

id	Name
CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:9664

Oval ID:	oval:org.mitre.oval:def:9664
Title:	Heap-based buffer overflow in textbox.c in newt 0.51.5, 0.51.6, and 0.52.2 allows local users to cause a denial of service (application crash) or possibly execute arbitrary code via a request to display a crafted text dialog box.
Description:	Heap-based buffer overflow in textbox.c in newt 0.51.5, 0.51.6, and 0.52.2 allows local users to cause a denial of service (application crash) or possibly execute arbitrary code via a request to display a crafted text dialog box.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-2905	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section newt-devel is earlier than 0:0.51.5-2.el3 AND newt is earlier than 0:0.51.5-2.el3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section newt-devel is earlier than 0:0.51.6-10.el4_8.1 AND newt is earlier than 0:0.51.6-10.el4_8.1 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section newt-devel is earlier than 0:0.52.2-12.el5_4.1 AND newt is earlier than 0:0.52.2-12.el5_4.1

Definition Id: oval:org.mitre.oval:def:8556

Oval ID:	oval:org.mitre.oval:def:8556
Title:	Buffer overflow vulnerability in newt
Description:	Heap-based buffer overflow in textbox.c in newt 0.51.5, 0.51.6, and 0.52.2 allows local users to cause a denial of service (application crash) or possibly execute arbitrary code via a request to display a crafted text dialog box.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-2905	Version:	2
Platform(s):	VMWare ESX Server 4	Product(s):
Definition Synopsis:
VMware ESX Server 4.0 is installed AND Patch ESX400-201002406-SG is not installed

CPE : Common Platform Enumeration

Type	Description	Count
Application	Fedorahosted Newt cpe:/a:fedorahosted:newt:0.52.2 cpe:/a:fedorahosted:newt:0.51.6 cpe:/a:fedorahosted:newt:0.51.5	3

Open Source Vulnerability Database (OSVDB)

id	Description
58330	Newt textbox.c doReflow() Function Overflow

Internal Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/36515
CONFIRM	http://security.debian.org/pool/updates/main/n/newt/newt_0.52.2-10+etch1.diff.gz http://support.avaya.com/css/P8/documents/100067251 https://bugzilla.redhat.com/show_bug.cgi?id=523955
DEBIAN	http://www.debian.org/security/2009/dsa-1894
MLIST	http://lists.vmware.com/pipermail/security-announce/2010/000082.html
REDHAT	https://rhn.redhat.com/errata/RHSA-2009-1463.html
SECUNIA	http://secunia.com/advisories/37922 http://secunia.com/advisories/38794 http://secunia.com/advisories/38833
SUSE	http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
UBUNTU	http://www.ubuntu.com/usn/USN-837-1
VUPEN	http://www.vupen.com/english/advisories/2010/0528

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-05-10 23:55:53	Multiple Updates

Type	Count
Oval ID(s)	2
CPE ID(s)	3
osvdb(s)	1

Related	Severity
VMSA-2010-0004	(Critical)
USN-837-1	(Medium)
RHSA-2009:1463	(Medium)
MDVSA-2009:249-1	(Medium)
MDVSA-2009:249	(Medium)
GLSA-201006-14	(Medium)
DSA-1894	(Medium)

Same Subject	Severity
Login to view 29 more Alert(s)

CVE-2009-2905

Executive Summary

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

Open Source Vulnerability Database (OSVDB)

Internal Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU