Lucene search

K
cert
CERTVU:410676
HistoryJul 14, 2009 - 12:00 a.m.

ISC DHCP dhclient stack buffer overflow

2009-07-1400:00:00
www.kb.cert.org
27

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.076 Low

EPSS

Percentile

93.9%

Overview

The ISC DHCP dhclient application contains a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code with root privileges.

Description

As described in RFC 2131, “The Dynamic Host Configuration Protocol (DHCP) provides a framework for passing configuration information to hosts on a TCP/IP network.” ISC DHCP is a reference implementation of the DHCP protocol, including a DHCP server, client, and relay agent.

The ISC DHCP client code (dhclient) contains a stack buffer overflow in the script_write_params() method. dhclient fails to check the length of the server-supplied subnet-mask option before copying it into a buffer. According to ISC, the following versions are affected:
DHCP 4.1 (all versions)
DHCP 4.0 (all versions)
DHCP 3.1 (all versions)
DHCP 3.0 (all versions)
DHCP 2.0 (all versions)


Impact

A rogue DHCP server may be able to execute arbitrary code with root privileges on a vulnerable client system.


Solution

Apply a patch or update from your vendor

For vendor-specific information regarding vulnerable status and patch availability, please see the Systems Affected section of this document.

Upgrade your version of DHCP

Upgrade your system as specified by your vendor. If you need to upgrade DHCP manually, according to ISC:
Upgrade to 4.1.0p1, 4.0.1p1, or 3.1.2p1

There are no fixes planned for DHCP 3.0 or DHCP 2.0, as those release trains have reached End-Of-Life.


Vendor Information

410676

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Gentoo Linux __ Affected

Notified: June 23, 2009 Updated: July 14, 2009

Statement Date: July 14, 2009

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

Gentoo: vulnerable, fixed in net-misc/dhcp-3.1.1-r1

Vendor References

Internet Security Systems, Inc. __ Affected

Notified: June 23, 2009 Updated: July 15, 2009

Statement Date: July 15, 2009

Status

Affected

Vendor Statement

IBM Internet Security Systems has identified some ISS products that are vulnerable to CVE-2009-0692. Critical Product Updates, Security Patches, and Content Updates were made available on July 14, 2009 to fix the ISC DHCP Client vulnerability that affects multiple IBM ISS products.

For more information about the vulnerability including IBM ISS Intrusion Prevention/Intrusion Detection coverage for the issue, see the ISC DHCP Client Buffer Overflow X-Force Protection Alert.
For more information about ISS product updates and patches including a list of affected products and versions, see ISS Knowledgebase Article 5563.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

NetBSD __ Affected

Notified: June 23, 2009 Updated: July 15, 2009

Statement Date: July 15, 2009

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

Addendum

Please see NetBSD-SA2009-010.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23410676 Feedback>).

Red Hat, Inc. __ Affected

Notified: June 23, 2009 Updated: July 16, 2009

Statement Date: June 30, 2009

Status

Affected

Vendor Statement

This issue affected the dhcp packages as shipped with Red Hat Enterprise Linux 3 and 4. Updated packages to correct this issue are available via Red Hat Network:

<https://rhn.redhat.com/errata/CVE-2009-0692.html&gt;

This issue did not affect the dhcp packages as shipped with Red Hat Enterprise Linux 5 due to the use of FORTIFY_SOURCE protection mechanism that changes the exploitability of the issue into a controlled application termination.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

Ubuntu __ Affected

Notified: June 23, 2009 Updated: July 14, 2009

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

Addendum

Please see: <http://www.ubuntu.com/usn/usn-803-1&gt;.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23410676 Feedback>).

Apple Inc. __ Not Affected

Notified: June 23, 2009 Updated: June 24, 2009

Statement Date: June 23, 2009

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Apple does not ship dhclient in Mac OS X.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23410676 Feedback>).

Computer Associates eTrust Security Management Not Affected

Notified: June 23, 2009 Updated: June 25, 2009

Statement Date: June 25, 2009

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Force10 Networks, Inc. __ Not Affected

Notified: June 23, 2009 Updated: July 14, 2009

Statement Date: July 15, 2009

Status

Not Affected

Vendor Statement

Force10 Networks products are not vulnerable to this threat.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Infoblox __ Not Affected

Notified: June 23, 2009 Updated: July 29, 2009

Status

Not Affected

Vendor Statement

Infoblox is not vulnerable to this threat.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Microsoft Corporation __ Not Affected

Notified: June 23, 2009 Updated: June 24, 2009

Statement Date: June 24, 2009

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Microsoft’s DHCP implementation is not vulnerable.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23410676 Feedback>).

PePLink __ Not Affected

Notified: June 23, 2009 Updated: July 20, 2009

Statement Date: June 24, 2009

Status

Not Affected

Vendor Statement

Peplink products do not make use of ISC dhcpc.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

QNX, Software Systems, Inc. __ Not Affected

Notified: June 23, 2009 Updated: July 07, 2009

Statement Date: July 07, 2009

Status

Not Affected

Vendor Statement

QNX has investigated its DHCP client software and determined that both the QNX 4 and Neutrino Operating System DHCP client software is not vulnerable to the issue described in VU#410676.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

SafeNet __ Not Affected

Notified: June 23, 2009 Updated: July 03, 2009

Statement Date: July 02, 2009

Status

Not Affected

Vendor Statement

SafeNet has reviewed its products and determined that none are vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

SmoothWall __ Not Affected

Notified: June 23, 2009 Updated: June 25, 2009

Statement Date: June 25, 2009

Status

Not Affected

Vendor Statement

We do not use the ISC DHCP client code and are therefore NOT VULNERABLE to any exploits in it.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Sun Microsystems, Inc. __ Not Affected

Notified: June 23, 2009 Updated: June 26, 2009

Statement Date: June 26, 2009

Status

Not Affected

Vendor Statement

Solaris DHCP client implementation is not vulnerable to the issue mentioned in CVE-2009-0692

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

The SCO Group __ Not Affected

Notified: June 23, 2009 Updated: June 30, 2009

Statement Date: June 30, 2009

Status

Not Affected

Vendor Statement

The SCO Operating System implementations of DHCP are based on ISC DHCP and are not affected by this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Wind River Systems, Inc. __ Not Affected

Notified: June 23, 2009 Updated: June 29, 2009

Statement Date: June 29, 2009

Status

Not Affected

Vendor Statement

VU#410676 is not applicable to Wind River VxWorks.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

3com, Inc. Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ACCESS Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

AT&T Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Alcatel-Lucent Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Avaya, Inc. Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Barracuda Networks Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Belkin, Inc. Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Borderware Technologies Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Bro Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Charlotte’s Web Networks Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Check Point Software Technologies Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cisco Systems, Inc. Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Clavister Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Computer Associates Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Conectiva Inc. Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cray Inc. Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

D-Link Systems, Inc. Unknown

Notified: June 26, 2009 Updated: June 26, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Debian GNU/Linux Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

DragonFly BSD Project Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

EMC Corporation Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Engarde Secure Linux Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Enterasys Networks Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ericsson Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Extreme Networks Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

F5 Networks, Inc. Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Fedora Project Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Fortinet, Inc. Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Foundry Networks, Inc. Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

FreeBSD, Inc. Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Fujitsu Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Global Technology Associates Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Hewlett-Packard Company Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Hitachi Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

IBM Corporation Unknown

Notified: June 25, 2009 Updated: June 24, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

IBM eServer Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

IP Filter Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Intel Corporation Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Internet Systems Consortium Unknown

Notified: June 24, 2009 Updated: June 24, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Internet Systems Consortium - DHCP Unknown

Notified: June 24, 2009 Updated: June 24, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Intoto Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Juniper Networks, Inc. Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Luminous Networks Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Mandriva S. A. Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

McAfee Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

MontaVista Software, Inc. Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Multitech, Inc. Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NEC Corporation Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NetApp Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Nokia Unknown

Notified: June 25, 2009 Updated: June 25, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Nortel Networks, Inc. Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Novell, Inc. Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Openwall GNU/*/Linux Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Process Software Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Q1 Labs Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Quagga Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

RadWare, Inc. Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Redback Networks, Inc. Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SUSE Linux Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Secureworx, Inc. Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Silicon Graphics, Inc. Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Slackware Linux Inc. Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Snort Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Soapstone Networks Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sony Corporation Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sourcefire Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Stonesoft Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Symantec Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

TippingPoint, Technologies, Inc. Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Turbolinux Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

U4EA Technologies, Inc. Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Unisys Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

VMware Unknown

Notified: June 29, 2009 Updated: June 29, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vyatta Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Watchguard Technologies, Inc. Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ZyXEL Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

eSoft, Inc. Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

m0n0wall Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

netfilter Unknown

Notified: June 23, 2009 Updated: June 23, 2009

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

View all 95 vendors __View less vendors __

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

<https://www.isc.org/node/468&gt;

Acknowledgements

This vulnerability was reported by ISC, who in turn credit the Mandriva Linux Engineering Team with discovering and reporting the vulnerability.

This document was written by Will Dormann.

Other Information

CVE IDs: CVE-2009-0692
Severity Metric: 19.95 Date Public:
Be first who know about 0-days in popular software

Do not waste time on finding information in tons of articles. Subscribe yourself and your colleagues on news and articles about products you need and you use!

Subscribe on news

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.076 Low

EPSS

Percentile

93.9%

Related for VU:410676