Lucene search

[email protected]NVD:CVE-2009-5029

HistoryMay 02, 2013 - 2:55 p.m.

CVE-2009-5029

2013-05-0214:55:01

CWE-189

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

9.3

Confidence

High

EPSS

0.008

Percentile

82.2%

JSON

Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file, as demonstrated using vsftpd.

Affected configurations

Nvd

Node

gnuglibcRange≤2.14

gnuglibcMatch2.0

gnuglibcMatch2.0.1

gnuglibcMatch2.0.2

gnuglibcMatch2.0.3

gnuglibcMatch2.0.4

gnuglibcMatch2.0.5

gnuglibcMatch2.0.6

gnuglibcMatch2.1

gnuglibcMatch2.1.1

gnuglibcMatch2.1.1.6

gnuglibcMatch2.1.2

gnuglibcMatch2.1.3

gnuglibcMatch2.1.9

gnuglibcMatch2.13

References

dividead.wordpress.com/2009/06/01/glibc-timezone-integer-overflow/

lists.grok.org.uk/pipermail/full-disclosure/2011-December/084452.html

sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=97ac2654b2d831acaa18a2b018b0736245903fd2

sourceware.org/ml/libc-alpha/2011-12/msg00037.html

bugzilla.redhat.com/show_bug.cgi?id=761245

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

9.3

Confidence

High

EPSS

0.008

Percentile

82.2%

JSON

Related for NVD:CVE-2009-5029

openvas31 debiancve1 nessus30 fedora1 suse4 cvelist1 cve1 slackware1 ubuntucve1 prion1 veracode1 amazon1 centos3 oraclelinux3 redhat5 gentoo1 securityvulns2 ubuntu1 vmware4