logo
DATABASE RESOURCES PRICING ABOUT US

ISC DHCP dhclient stack buffer overflow

Description

### Overview The ISC DHCP dhclient application contains a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code with root privileges. ### Description As described in [RFC 2131](<http://www.faqs.org/rfcs/rfc2131.html>), "The Dynamic Host Configuration Protocol (DHCP) provides a framework for passing configuration information to hosts on a TCP/IP network." ISC DHCP is a reference implementation of the DHCP protocol, including a DHCP server, client, and relay agent. The ISC DHCP client code (dhclient) contains a stack buffer overflow in the `script_write_params()` method. dhclient fails to check the length of the server-supplied subnet-mask option before copying it into a buffer. According to ISC, the following versions are affected: DHCP 4.1 (all versions) DHCP 4.0 (all versions) DHCP 3.1 (all versions) DHCP 3.0 (all versions) DHCP 2.0 (all versions) --- ### Impact A rogue DHCP server may be able to execute arbitrary code with root privileges on a vulnerable client system. --- ### Solution **Apply a patch or update from your vendor** For vendor-specific information regarding vulnerable status and patch availability, please see the Systems Affected section of this document. **Upgrade your version of DHCP** Upgrade your system as specified by your vendor. If you need to upgrade DHCP manually, [according to ISC](<https://www.isc.org/node/468>): Upgrade to 4.1.0p1, 4.0.1p1, or 3.1.2p1 There are no fixes planned for DHCP 3.0 or DHCP 2.0, as those release trains have reached End-Of-Life. --- ### Vendor Information 410676 Filter by status: All Affected Not Affected Unknown Filter by content: __ Additional information available __ Sort by: Status Alphabetical Expand all **Javascript is disabled. Click here to view vendors.** ### Gentoo Linux __ Affected Notified: June 23, 2009 Updated: July 14, 2009 **Statement Date: July 14, 2009** ### Status Affected ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information Gentoo: vulnerable, fixed in net-misc/dhcp-3.1.1-r1 ### Vendor References * <http://www.gentoo.org/security/en/glsa/glsa-200907-12.xml> ### Internet Security Systems, Inc. __ Affected Notified: June 23, 2009 Updated: July 15, 2009 **Statement Date: July 15, 2009** ### Status Affected ### Vendor Statement IBM Internet Security Systems has identified some ISS products that are vulnerable to CVE-2009-0692. Critical Product Updates, Security Patches, and Content Updates were made available on July 14, 2009 to fix the ISC DHCP Client vulnerability that affects multiple IBM ISS products. For more information about the vulnerability including IBM ISS Intrusion Prevention/Intrusion Detection coverage for the issue, see the [ISC DHCP Client Buffer Overflow X-Force Protection Alert](<http://www.iss.net/threats/331.html>). For more information about ISS product updates and patches including a list of affected products and versions, see [ISS Knowledgebase Article 5563](<https://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=5563>). ### Vendor Information The vendor has not provided us with any further information regarding this vulnerability. ### Vendor References * <https://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=5563> * <http://www.iss.net/threats/331.html> ### NetBSD __ Affected Notified: June 23, 2009 Updated: July 15, 2009 **Statement Date: July 15, 2009** ### Status Affected ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information The vendor has not provided us with any further information regarding this vulnerability. ### Vendor References * <http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-010.txt.asc> ### Addendum Please see [NetBSD-SA2009-010](<http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-010.txt.asc>). If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23410676 Feedback>). ### Red Hat, Inc. __ Affected Notified: June 23, 2009 Updated: July 16, 2009 **Statement Date: June 30, 2009** ### Status Affected ### Vendor Statement This issue affected the dhcp packages as shipped with Red Hat Enterprise Linux 3 and 4. Updated packages to correct this issue are available via Red Hat Network: <https://rhn.redhat.com/errata/CVE-2009-0692.html> This issue did not affect the dhcp packages as shipped with Red Hat Enterprise Linux 5 due to the use of FORTIFY_SOURCE protection mechanism that changes the exploitability of the issue into a controlled application termination. ### Vendor Information The vendor has not provided us with any further information regarding this vulnerability. ### Vendor References * <https://rhn.redhat.com/errata/RHSA-2009-1136.html> * <https://rhn.redhat.com/errata/CVE-2009-0692.html> ### Ubuntu __ Affected Notified: June 23, 2009 Updated: July 14, 2009 ### Status Affected ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information The vendor has not provided us with any further information regarding this vulnerability. ### Vendor References * <http://www.ubuntu.com/usn/usn-803-1> ### Addendum Please see: <http://www.ubuntu.com/usn/usn-803-1>. If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23410676 Feedback>). ### Apple Inc. __ Not Affected Notified: June 23, 2009 Updated: June 24, 2009 **Statement Date: June 23, 2009** ### Status Not Affected ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information The vendor has not provided us with any further information regarding this vulnerability. ### Addendum Apple does not ship dhclient in Mac OS X. If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23410676 Feedback>). ### Computer Associates eTrust Security Management Not Affected Notified: June 23, 2009 Updated: June 25, 2009 **Statement Date: June 25, 2009** ### Status Not Affected ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information The vendor has not provided us with any further information regarding this vulnerability. ### Force10 Networks, Inc. __ Not Affected Notified: June 23, 2009 Updated: July 14, 2009 **Statement Date: July 15, 2009** ### Status Not Affected ### Vendor Statement Force10 Networks products are not vulnerable to this threat. ### Vendor Information The vendor has not provided us with any further information regarding this vulnerability. ### Infoblox __ Not Affected Notified: June 23, 2009 Updated: July 29, 2009 ### Status Not Affected ### Vendor Statement Infoblox is not vulnerable to this threat. ### Vendor Information The vendor has not provided us with any further information regarding this vulnerability. ### Microsoft Corporation __ Not Affected Notified: June 23, 2009 Updated: June 24, 2009 **Statement Date: June 24, 2009** ### Status Not Affected ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information The vendor has not provided us with any further information regarding this vulnerability. ### Addendum Microsoft's DHCP implementation is not vulnerable. If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23410676 Feedback>). ### PePLink __ Not Affected Notified: June 23, 2009 Updated: July 20, 2009 **Statement Date: June 24, 2009** ### Status Not Affected ### Vendor Statement Peplink products do not make use of ISC dhcpc. ### Vendor Information The vendor has not provided us with any further information regarding this vulnerability. ### QNX, Software Systems, Inc. __ Not Affected Notified: June 23, 2009 Updated: July 07, 2009 **Statement Date: July 07, 2009** ### Status Not Affected ### Vendor Statement QNX has investigated its DHCP client software and determined that both the QNX 4 and Neutrino Operating System DHCP client software is not vulnerable to the issue described in VU#410676. ### Vendor Information The vendor has not provided us with any further information regarding this vulnerability. ### SafeNet __ Not Affected Notified: June 23, 2009 Updated: July 03, 2009 **Statement Date: July 02, 2009** ### Status Not Affected ### Vendor Statement SafeNet has reviewed its products and determined that none are vulnerable. ### Vendor Information The vendor has not provided us with any further information regarding this vulnerability. ### SmoothWall __ Not Affected Notified: June 23, 2009 Updated: June 25, 2009 **Statement Date: June 25, 2009** ### Status Not Affected ### Vendor Statement We do not use the ISC DHCP client code and are therefore NOT VULNERABLE to any exploits in it. ### Vendor Information The vendor has not provided us with any further information regarding this vulnerability. ### Sun Microsystems, Inc. __ Not Affected Notified: June 23, 2009 Updated: June 26, 2009 **Statement Date: June 26, 2009** ### Status Not Affected ### Vendor Statement Solaris DHCP client implementation is not vulnerable to the issue mentioned in CVE-2009-0692 ### Vendor Information The vendor has not provided us with any further information regarding this vulnerability. ### The SCO Group __ Not Affected Notified: June 23, 2009 Updated: June 30, 2009 **Statement Date: June 30, 2009** ### Status Not Affected ### Vendor Statement The SCO Operating System implementations of DHCP are based on ISC DHCP and are not affected by this vulnerability. ### Vendor Information The vendor has not provided us with any further information regarding this vulnerability. ### Wind River Systems, Inc. __ Not Affected Notified: June 23, 2009 Updated: June 29, 2009 **Statement Date: June 29, 2009** ### Status Not Affected ### Vendor Statement VU#410676 is not applicable to Wind River VxWorks. ### Vendor Information The vendor has not provided us with any further information regarding this vulnerability. ### 3com, Inc. Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### ACCESS Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### AT&T Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Alcatel-Lucent Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Avaya, Inc. Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Barracuda Networks Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Belkin, Inc. Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Borderware Technologies Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Bro Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Charlotte's Web Networks Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Check Point Software Technologies Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Cisco Systems, Inc. Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Clavister Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Computer Associates Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Conectiva Inc. Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Cray Inc. Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### D-Link Systems, Inc. Unknown Notified: June 26, 2009 Updated: June 26, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Debian GNU/Linux Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### DragonFly BSD Project Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### EMC Corporation Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Engarde Secure Linux Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Enterasys Networks Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Ericsson Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Extreme Networks Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### F5 Networks, Inc. Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Fedora Project Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Fortinet, Inc. Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Foundry Networks, Inc. Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### FreeBSD, Inc. Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Fujitsu Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Global Technology Associates Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Hewlett-Packard Company Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Hitachi Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### IBM Corporation Unknown Notified: June 25, 2009 Updated: June 24, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### IBM eServer Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### IP Filter Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Intel Corporation Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Internet Systems Consortium Unknown Notified: June 24, 2009 Updated: June 24, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Internet Systems Consortium - DHCP Unknown Notified: June 24, 2009 Updated: June 24, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Intoto Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Juniper Networks, Inc. Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Luminous Networks Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Mandriva S. A. Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### McAfee Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### MontaVista Software, Inc. Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Multitech, Inc. Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### NEC Corporation Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### NetApp Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Nokia Unknown Notified: June 25, 2009 Updated: June 25, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Nortel Networks, Inc. Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Novell, Inc. Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Openwall GNU/*/Linux Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Process Software Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Q1 Labs Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Quagga Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### RadWare, Inc. Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Redback Networks, Inc. Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### SUSE Linux Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Secureworx, Inc. Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Silicon Graphics, Inc. Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Slackware Linux Inc. Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Snort Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Soapstone Networks Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Sony Corporation Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Sourcefire Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Stonesoft Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Symantec Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### TippingPoint, Technologies, Inc. Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Turbolinux Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### U4EA Technologies, Inc. Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Unisys Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### VMware Unknown Notified: June 29, 2009 Updated: June 29, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Vyatta Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Watchguard Technologies, Inc. Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### ZyXEL Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### eSoft, Inc. Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### m0n0wall Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### netfilter Unknown Notified: June 23, 2009 Updated: June 23, 2009 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. View all 95 vendors __View less vendors __ ### CVSS Metrics Group | Score | Vector ---|---|--- Base | | Temporal | | Environmental | | ### References <https://www.isc.org/node/468> ### Acknowledgements This vulnerability was reported by ISC, who in turn credit the Mandriva Linux Engineering Team with discovering and reporting the vulnerability. This document was written by Will Dormann. ### Other Information **CVE IDs:** | [CVE-2009-0692](<http://web.nvd.nist.gov/vuln/detail/CVE-2009-0692>) ---|--- **Severity Metric:** | 19.95 **Date Public:** | 2009-07-14 **Date First Published:** | 2009-07-14 **Date Last Updated: ** | 2009-07-29 16:45 UTC **Document Revision: ** | 27


Related