what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 21 of 21 RSS Feed

CVE-2009-0689

Status Candidate

Overview

Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.

Related Files

Red Hat Security Advisory 2014-0312-01
Posted Mar 18, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0312-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed floating point numbers from their text representation. If a PHP application converted untrusted input strings to numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application. All php users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

tags | advisory, web, overflow, arbitrary, php
systems | linux, redhat
advisories | CVE-2009-0689
SHA-256 | ed152ea19937dfd772c59ba8bdad4a73bae67c13b28bf59e21e0dec3e764f158
Red Hat Security Advisory 2014-0311-01
Posted Mar 18, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0311-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed floating point numbers from their text representation. If a PHP application converted untrusted input strings to numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application. It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions.

tags | advisory, remote, web, overflow, arbitrary, php
systems | linux, redhat
advisories | CVE-2006-7243, CVE-2009-0689
SHA-256 | 2a64c8f53e6dc048bca206f2a449803fc371f77164f14a295802d4991566105c
Ubuntu Security Notice 915-1
Posted Mar 19, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 915-1 - Several flaws were discovered in the JavaScript engine of Thunderbird. Josh Soref discovered that the BinHex decoder used in Thunderbird contained a flaw. It was discovered that Thunderbird did not properly manage memory when using XUL tree elements. Jesse Ruderman and Sid Stamm discovered that Thunderbird did not properly display filenames containing right-to-left (RTL) override characters. Takehiro Takahashi discovered flaws in the NTLM implementation in Thunderbird. Ludovic Hirlimann discovered a flaw in the way Thunderbird indexed certain messages with attachments.

tags | advisory, javascript
systems | linux, ubuntu
advisories | CVE-2009-0689, CVE-2009-2463, CVE-2009-3072, CVE-2009-3075, CVE-2009-3077, CVE-2009-3376, CVE-2009-3983, CVE-2010-0163
SHA-256 | 4abd2d6f36bedce62d8e1eed0ee21108af3268f19a75e5e592dec1d303db0131
Debian Linux Security Advisory 1998-1
Posted Feb 18, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1998-1 - Maksymilian Arciemowicz discovered a buffer overflow in the internal string routines of the KDE core libraries, which could lead to the execution of arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2009-0689
SHA-256 | 9f69ed0b9baefb794367a639c88f2978dea5a77909ecde0c61edf4cba47aaddc
Mandriva Linux Security Advisory 2010-028
Posted Jan 27, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-028 - KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a \\'\\0\\' (NUL) character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. KDE Konqueror allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. The gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc in FreeBSD 6.4 and 7.2, NetBSD 5.0, and OpenBSD 4.5 allows context-dependent attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a large precision value in the format argument to a printf function, related to an array overrun. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, overflow, arbitrary, spoof
systems | linux, netbsd, freebsd, openbsd, mandriva
advisories | CVE-2009-2702, CVE-2009-2537, CVE-2009-0689
SHA-256 | bcbed668507255178c552af90eaf168b462be20aa49012dc6e3325cff54e5b26
Mandriva Linux Security Advisory 2010-027
Posted Jan 27, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-027 - KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a \\'\\0\\' (NUL) character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an offset of a NULL pointer. WebKit in Apple Safari before 4.0.2, KHTML in kdelibs in KDE, QtWebKit (aka Qt toolkit), and possibly other products does not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to recursion in certain DOM event handlers. WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. KDE Konqueror allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. The gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc in FreeBSD 6.4 and 7.2, NetBSD 5.0, and OpenBSD 4.5 allows context-dependent attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a large precision value in the format argument to a printf function, related to an array overrun. WebKit, as used in Safari before 3.2.3 and 4 Public Beta, on Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 and Windows allows remote attackers to execute arbitrary code via a crafted SVGList object that triggers memory corruption. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, overflow, arbitrary, spoof, javascript
systems | linux, netbsd, windows, freebsd, openbsd, apple, osx, mandriva, iphone
advisories | CVE-2009-2702, CVE-2009-1687, CVE-2009-1725, CVE-2009-1690, CVE-2009-1698, CVE-2009-2537, CVE-2009-0689, CVE-2009-0945
SHA-256 | 701ad2e7099f449e19e82471a31b95691ff8ff843d3d5029da766636d5585359
Mac OS X 10.5 / 10.6 libc/strtod(3) Buffer Overflow
Posted Jan 9, 2010
Authored by Maksymilian Arciemowicz | Site securityreason.com

Mac OS X versions 10.5 and 10.6 suffers from a buffer overflow vulnerability in libc/strtod(3).

tags | exploit, overflow
systems | apple, osx
advisories | CVE-2009-0689
SHA-256 | 330c9d7d085bc82da2371af39d43273ccaac08ea388a26d47fb3bf3d953867d8
Matlab R2009b Array Overrun
Posted Jan 9, 2010
Authored by Maksymilian Arciemowicz | Site securityreason.com

Matlab R2009b suffers from an array overrun vulnerability that allows for code execution.

tags | exploit, overflow, code execution
advisories | CVE-2009-0689
SHA-256 | d0fecd045e6348016e15d944f4d2ab38c62e2de8cd2a7176be5367552b8e4e29
J 6.02.023 Array Overrun
Posted Jan 9, 2010
Authored by Maksymilian Arciemowicz | Site securityreason.com

J version 6.02.023 suffers from an array overrun vulnerability.

tags | exploit, overflow
advisories | CVE-2009-0689
SHA-256 | 07186da5845d16072c45cb784eb5b3b228dfd83cfc5385b39f355ccccd3d8bc2
Mandriva Linux Security Advisory 2009-346
Posted Dec 30, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-346 - Mandriva Linux 2008.0 was released with KDE version 3.5.7. This update upgrades KDE in Mandriva Linux 2008.0 to version 3.5.10, which brings many bugfixes, overall improvements and many security fixes.

tags | advisory
systems | linux, mandriva
advisories | CVE-2009-0146, CVE-2009-0147, CVE-2009-0165, CVE-2009-0166, CVE-2009-0689, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182, CVE-2009-1183, CVE-2009-1687, CVE-2009-1690, CVE-2009-1698, CVE-2009-1725, CVE-2009-2537, CVE-2009-2702
SHA-256 | 220ebe4f1e1e6e4f9dd1f77b20359a3737af488082ad0fbf33320b3ed79bb462
Ubuntu Security Notice 871-1
Posted Dec 12, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 871-1 - A buffer overflow was found in the KDE libraries when converting a string to a floating point number. If a user or application linked against kdelibs were tricked into processing crafted input, an attacker could cause a denial of service (via application crash) or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that the KDE libraries could use KHTML to process an unknown MIME type. If a user or application linked against kdelibs were tricked into opening a crafted file, an attacker could potentially trigger XMLHTTPRequests to remote sites.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2009-0689
SHA-256 | 75082f2353ff3b42c699cee9462dcd44b407a01f5801f30ef5ee5074ffc41209
Thunderbird 2.0.0.23 Remote Array Overrun
Posted Dec 12, 2009
Authored by Maksymilian Arciemowicz | Site securityreason.com

Thunderbird version 2.0.0.23 suffers from a remote array overrun that allows for arbitrary code execution.

tags | exploit, remote, overflow, arbitrary, code execution
advisories | CVE-2009-0689
SHA-256 | 9a6a391941b200a19efd9a43cd84797f49e731b5b7c082401291e365c9294a3d
Sunbird 0.9 Array Overrun
Posted Dec 12, 2009
Authored by Maksymilian Arciemowicz | Site securityreason.com

Sunbird version 0.9 suffers from a remote array overrun that allows for code execution.

tags | exploit, remote, overflow, code execution
advisories | CVE-2009-0689
SHA-256 | 2483a1810a65e2b43ccfed2e7e173d84dd8e586834924704ffeccf778c51a7b4
Camino 1.6.10 Remote Array Overrun
Posted Dec 12, 2009
Authored by Maksymilian Arciemowicz | Site securityreason.com

Camino version 1.6.10 suffers from a remote array overrun that allows for arbitrary code execution.

tags | exploit, remote, overflow, arbitrary, code execution
advisories | CVE-2009-0689
SHA-256 | e16541afa2295ecb3f4cbf992119b30a71799c09664819cedf8c4168e8bb4a6f
Flock 2.5.2 Remote Array Overrun
Posted Dec 12, 2009
Authored by Maksymilian Arciemowicz | Site securityreason.com

Flock version 2.5.2 suffers from a remote array overrun that allows for arbitrary code execution.

tags | exploit, remote, overflow, arbitrary, code execution
advisories | CVE-2009-0689
SHA-256 | 3046782d52e5b5223a145b479d898e4e8979080472f8c526d055bf3af11ab4b5
Mandriva Linux Security Advisory 2009-330
Posted Dec 11, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-330 - Multiple vulnerabilities have been found and corrected in kdelibs. This update provides a solution to this vulnerability.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2009-0689, CVE-2009-1687, CVE-2009-1690, CVE-2009-1698, CVE-2009-1725, CVE-2009-2537, CVE-2009-2702
SHA-256 | a9d7bfa461ed5ebec3aa67993de759e80660a11cdb2ad32a9324462480797b82
KDELibs 4.3.3 Remote Array Overrun
Posted Nov 20, 2009
Authored by Maksymilian Arciemowicz | Site securityreason.com

KDE KDELibs version 4.3.3 suffers from a remote array overrun vulnerability that allows for arbitrary code execution.

tags | exploit, remote, overflow, arbitrary, code execution
advisories | CVE-2009-0689
SHA-256 | 6f52b93fb01923395e9e086f5499f4f495580fa36af7131b1bed3d92eb179b44
Opera 10.01 Remote Array Overrun
Posted Nov 20, 2009
Authored by Maksymilian Arciemowicz | Site securityreason.com

Opera version 10.01 suffers from a remote array overrun vulnerability that allows for arbitrary code execution.

tags | exploit, remote, overflow, arbitrary, code execution
advisories | CVE-2009-0689
SHA-256 | a37b1ab07f2eb1b10acb2a9937e5b99e96db9296d51a29455557a8d718666d22
K-Meleon 1.5.3 Remote Array Overrun
Posted Nov 20, 2009
Authored by Maksymilian Arciemowicz | Site securityreason.com

K-Meleon version 1.5.3 suffers from a remote array overrun vulnerability that allows for arbitrary code execution.

tags | exploit, remote, overflow, arbitrary, code execution
advisories | CVE-2009-0689
SHA-256 | 4f99f451546f29e0f79ecb622261bf75af36cf92b6e4376642a36de97a3e3327
SeaMonkey 1.1.0 Remote Array Overrun
Posted Nov 20, 2009
Authored by Maksymilian Arciemowicz | Site securityreason.com

SeaMonkey version 1.1.8 suffers from a remote array overrun vulnerability that allows for arbitrary code execution.

tags | exploit, remote, overflow, arbitrary, code execution
advisories | CVE-2009-0689
SHA-256 | 2aa2eab42892d1c8cf5768b431d3c784578d3ee3b77c8e0e16d5a0e45da5403f
Multiple Vendors libc/gdtoa printf(3) Array Overrun
Posted Jun 26, 2009
Authored by Maksymilian Arciemowicz | Site securityreason.com

An array overrun vulnerability has been discovered in libc/gdtoa printf(3). Systems affected include OpenBSD version 4.5, NetBSD version 5.0, and FreeBSD versions 7.2 and 6.4.

tags | advisory, overflow
systems | netbsd, freebsd, openbsd
advisories | CVE-2009-0689
SHA-256 | 6fc751f14f61d5dec5fcbcc881b492b6baf8d6e0fa133f6837603632c8dae90f
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close