5 - MDVSA-2009:010

Executive Summary

Informations
Name	MDVSA-2009:010	First vendor Publication	2009-01-14
Vendor	Mandriva	Last vendor Modification	2009-01-14
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score	5	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security vulnerability have been discovered and corrected in VNC server of qemu 0.9.1 and earlier, which could lead to a denial-of-service attack (CVE-2008-2382).

The updated packages have been patched to prevent this.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2009:010

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-399	Resource Management Errors

CPE : Common Platform Enumeration

Type	Description	Count
Application	Kvm Qumranet Kvm cpe:2.3:a:kvm_qumranet:kvm:79:::::::* cpe:2.3:a:kvm_qumranet:kvm:78:::::::* cpe:2.3:a:kvm_qumranet:kvm:77:::::::* cpe:2.3:a:kvm_qumranet:kvm:76:::::::* cpe:2.3:a:kvm_qumranet:kvm:75:::::::* cpe:2.3:a:kvm_qumranet:kvm:74:::::::* cpe:2.3:a:kvm_qumranet:kvm:73:::::::* cpe:2.3:a:kvm_qumranet:kvm:72:::::::* cpe:2.3:a:kvm_qumranet:kvm:71:::::::* cpe:2.3:a:kvm_qumranet:kvm:70:::::::* cpe:2.3:a:kvm_qumranet:kvm:69:::::::* cpe:2.3:a:kvm_qumranet:kvm:68:::::::* cpe:2.3:a:kvm_qumranet:kvm:67:::::::* cpe:2.3:a:kvm_qumranet:kvm:66:::::::* cpe:2.3:a:kvm_qumranet:kvm:65:::::::* cpe:2.3:a:kvm_qumranet:kvm:64:::::::* cpe:2.3:a:kvm_qumranet:kvm:63:::::::* cpe:2.3:a:kvm_qumranet:kvm:62:::::::* cpe:2.3:a:kvm_qumranet:kvm:61:::::::* cpe:2.3:a:kvm_qumranet:kvm:60:::::::* cpe:2.3:a:kvm_qumranet:kvm:59:::::::* cpe:2.3:a:kvm_qumranet:kvm:58:::::::* cpe:2.3:a:kvm_qumranet:kvm:57:::::::* cpe:2.3:a:kvm_qumranet:kvm:56:::::::* cpe:2.3:a:kvm_qumranet:kvm:55:::::::* cpe:2.3:a:kvm_qumranet:kvm:54:::::::* cpe:2.3:a:kvm_qumranet:kvm:53:::::::* cpe:2.3:a:kvm_qumranet:kvm:52:::::::* cpe:2.3:a:kvm_qumranet:kvm:51:::::::* cpe:2.3:a:kvm_qumranet:kvm:50:::::::* cpe:2.3:a:kvm_qumranet:kvm:49:::::::* cpe:2.3:a:kvm_qumranet:kvm:48:::::::* cpe:2.3:a:kvm_qumranet:kvm:47:::::::* cpe:2.3:a:kvm_qumranet:kvm:46:::::::* cpe:2.3:a:kvm_qumranet:kvm:45:::::::* cpe:2.3:a:kvm_qumranet:kvm:44:::::::* cpe:2.3:a:kvm_qumranet:kvm:43:::::::* cpe:2.3:a:kvm_qumranet:kvm:42:::::::* cpe:2.3:a:kvm_qumranet:kvm:41:::::::* cpe:2.3:a:kvm_qumranet:kvm:40:::::::* cpe:2.3:a:kvm_qumranet:kvm:39:::::::* cpe:2.3:a:kvm_qumranet:kvm:38:::::::* cpe:2.3:a:kvm_qumranet:kvm:37:::::::* cpe:2.3:a:kvm_qumranet:kvm:36:::::::* cpe:2.3:a:kvm_qumranet:kvm:35:::::::* cpe:2.3:a:kvm_qumranet:kvm:34:::::::* cpe:2.3:a:kvm_qumranet:kvm:33:::::::* cpe:2.3:a:kvm_qumranet:kvm:32:::::::* cpe:2.3:a:kvm_qumranet:kvm:31:::::::* cpe:2.3:a:kvm_qumranet:kvm:30:::::::* cpe:2.3:a:kvm_qumranet:kvm:29:::::::* cpe:2.3:a:kvm_qumranet:kvm:28:::::::* cpe:2.3:a:kvm_qumranet:kvm:27:::::::* cpe:2.3:a:kvm_qumranet:kvm:26:::::::* cpe:2.3:a:kvm_qumranet:kvm:25:::::::* cpe:2.3:a:kvm_qumranet:kvm:24:::::::* cpe:2.3:a:kvm_qumranet:kvm:23:::::::* cpe:2.3:a:kvm_qumranet:kvm:22:::::::* cpe:2.3:a:kvm_qumranet:kvm:21:::::::* cpe:2.3:a:kvm_qumranet:kvm:20:::::::* cpe:2.3:a:kvm_qumranet:kvm:19:::::::* cpe:2.3:a:kvm_qumranet:kvm:18:::::::* cpe:2.3:a:kvm_qumranet:kvm:17:::::::* cpe:2.3:a:kvm_qumranet:kvm:16:::::::* cpe:2.3:a:kvm_qumranet:kvm:15:::::::* cpe:2.3:a:kvm_qumranet:kvm:14:::::::* cpe:2.3:a:kvm_qumranet:kvm:13:::::::* cpe:2.3:a:kvm_qumranet:kvm:12:::::::* cpe:2.3:a:kvm_qumranet:kvm:11:::::::* cpe:2.3:a:kvm_qumranet:kvm:10:::::::* cpe:2.3:a:kvm_qumranet:kvm:9:::::::* cpe:2.3:a:kvm_qumranet:kvm:8:::::::* cpe:2.3:a:kvm_qumranet:kvm:7:::::::* cpe:2.3:a:kvm_qumranet:kvm:6:::::::* cpe:2.3:a:kvm_qumranet:kvm:5:::::::* cpe:2.3:a:kvm_qumranet:kvm:4:::::::* cpe:2.3:a:kvm_qumranet:kvm:3:::::::* cpe:2.3:a:kvm_qumranet:kvm:2:::::::* cpe:2.3:a:kvm_qumranet:kvm:1:::::::*	79
Application	Qemu cpe:2.3:a:qemu:qemu:0.9.1:::::::* cpe:2.3:a:qemu:qemu:0.9.0:::::::* cpe:2.3:a:qemu:qemu:0.8.2:::::::* cpe:2.3:a:qemu:qemu:0.8.1:::::::* cpe:2.3:a:qemu:qemu:0.8.0:::::::* cpe:2.3:a:qemu:qemu:0.7.2:::::::* cpe:2.3:a:qemu:qemu:0.7.1:::::::* cpe:2.3:a:qemu:qemu:0.7.0:::::::* cpe:2.3:a:qemu:qemu:0.6.1:::::::* cpe:2.3:a:qemu:qemu:0.6.0:::::::* cpe:2.3:a:qemu:qemu:0.5.5:::::::* cpe:2.3:a:qemu:qemu:0.5.4:::::::* cpe:2.3:a:qemu:qemu:0.5.3:::::::* cpe:2.3:a:qemu:qemu:0.5.2:::::::* cpe:2.3:a:qemu:qemu:0.5.1:::::::* cpe:2.3:a:qemu:qemu:0.5.0:::::::* cpe:2.3:a:qemu:qemu:0.4.3:::::::* cpe:2.3:a:qemu:qemu:0.4.2:::::::* cpe:2.3:a:qemu:qemu:0.4.1:::::::* cpe:2.3:a:qemu:qemu:0.4.0:::::::* cpe:2.3:a:qemu:qemu:0.3.0:::::::* cpe:2.3:a:qemu:qemu:0.2.0:::::::* cpe:2.3:a:qemu:qemu:0.1.6:::::::* cpe:2.3:a:qemu:qemu:0.1.5:::::::* cpe:2.3:a:qemu:qemu:0.1.4:::::::* cpe:2.3:a:qemu:qemu:0.1.3:::::::* cpe:2.3:a:qemu:qemu:0.1.2:::::::* cpe:2.3:a:qemu:qemu:0.1.1:::::::* cpe:2.3:a:qemu:qemu:0.1.0:::::::* cpe:2.3:a:qemu:qemu:::::::: cpe:2.3:a:qemu:qemu::r1::::::* cpe:2.3:a:qemu:qemu:-:::::::*	32

OpenVAS Exploits

Date	Description
2009-06-05	Name : Ubuntu USN-698-3 (nagios2) File : nvt/ubuntu_698_3.nasl
2009-06-05	Name : Ubuntu USN-707-1 (cupsys) File : nvt/ubuntu_707_1.nasl
2009-06-05	Name : Ubuntu USN-776-2 (kvm) File : nvt/ubuntu_776_2.nasl
2009-05-20	Name : Ubuntu USN-776-1 (kvm) File : nvt/ubuntu_776_1.nasl
2009-04-06	Name : SuSE Security Summary SUSE-SR:2009:008 File : nvt/suse_sr_2009_008.nasl
2009-02-13	Name : Fedora Update for kvm FEDORA-2008-11705 File : nvt/gb_fedora_2008_11705_kvm_fc9.nasl
2009-02-13	Name : Fedora Update for kvm FEDORA-2008-11727 File : nvt/gb_fedora_2008_11727_kvm_fc10.nasl
2009-01-20	Name : Mandrake Security Advisory MDVSA-2009:008 (qemu) File : nvt/mdksa_2009_008.nasl
2009-01-20	Name : Mandrake Security Advisory MDVSA-2009:009 (kvm) File : nvt/mdksa_2009_009.nasl
2009-01-20	Name : Mandrake Security Advisory MDVSA-2009:010 (qemu) File : nvt/mdksa_2009_010.nasl
2009-01-20	Name : SuSE Security Summary SUSE-SR:2009:002 File : nvt/suse_sr_2009_002.nasl
2009-01-20	Name : Ubuntu USN-708-1 (hplip) File : nvt/ubuntu_708_1.nasl
2009-01-07	Name : Ubuntu USN-702-1 (samba) File : nvt/ubuntu_702_1.nasl
2009-01-07	Name : Ubuntu USN-703-1 (xterm) File : nvt/ubuntu_703_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
52913	KVM kvm-79 VNC Server vnc.c protocol_client_msg Function Crafted Message Remo...
52912	QEMU VNC Server vnc.c protocol_client_msg Function Crafted Message Remote DoS

Nessus® Vulnerability Scanner

Date	Description
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_kvm-090112.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_qemu-090325.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_1_kvm-090112.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_1_qemu-090325.nasl - Type : ACT_GATHER_INFO
2009-05-14	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-776-2.nasl - Type : ACT_GATHER_INFO
2009-05-13	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-776-1.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Fedora host is missing a security update. File : fedora_2008-11727.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-008.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2009-009.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-010.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-703-1.nasl - Type : ACT_GATHER_INFO
2009-04-03	Name : The remote openSUSE host is missing a security update. File : suse_qemu-6123.nasl - Type : ACT_GATHER_INFO
2008-12-26	Name : The remote Fedora host is missing a security update. File : fedora_2008-11705.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:39:54	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
CPE ID(s)	111
osvdb(s)	2
Openvas Exploit(s)	14
Nessus® Exploit(s)	13

	Related
5	CVE-2008-2382
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

5 - MDVSA-2009:010

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU