ID

VAR-200908-0708


CVE

CVE-2009-2412


TITLE

APR Library and APR-util Integer overflow vulnerability in the library

Trust: 0.8

sources: JVNDB: JVNDB-2009-002016

DESCRIPTION

Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information. Apache APR (Apache Portable Runtime) and 'APR-util' are prone to multiple integer-overflow vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of an application that uses the affected library. Successful exploits will compromise the affected application and possibly the computer. Failed attacks will cause denial-of-service conditions. This update provides fixes for these vulnerabilities. Update: apr-util packages were missing for Mandriva Enterprise Server 5 i586, this has been adressed with this update. (CVE-2009-0023). The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564 (CVE-2009-1955). Packages for 2008.0 are being provided due to extended support for Corporate products. The updated packages have been patched to prevent this. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1956 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: d55d5dd456de0c7977f93bff217406d7 2008.0/i586/apr-util-dbd-mysql-1.2.10-1.1mdv2008.0.i586.rpm bd02eb2233dcc07aadd7e5eb84df9ce8 2008.0/i586/apr-util-dbd-pgsql-1.2.10-1.1mdv2008.0.i586.rpm 334e127fb8ac03379c8a5f2ee7c144b6 2008.0/i586/apr-util-dbd-sqlite3-1.2.10-1.1mdv2008.0.i586.rpm 4307983fb3d21ab0f9955711e116f92e 2008.0/i586/libapr1-1.2.11-1.1mdv2008.0.i586.rpm ff24f1e1587f2210346ea134d4a2053e 2008.0/i586/libapr-devel-1.2.11-1.1mdv2008.0.i586.rpm 3d50a85109e011ced9e36f1565e9bc69 2008.0/i586/libapr-util1-1.2.10-1.1mdv2008.0.i586.rpm b786e2329fc63d459b841bf001261543 2008.0/i586/libapr-util-devel-1.2.10-1.1mdv2008.0.i586.rpm 6ef7669ea3d0db3dbaed35f35ae2dbdc 2008.0/SRPMS/apr-1.2.11-1.1mdv2008.0.src.rpm 1a923fc9c2f912ef339b942a59bff4e6 2008.0/SRPMS/apr-util-1.2.10-1.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 91588bbcf3940cd106b0fe458be6d4b9 2008.0/x86_64/apr-util-dbd-mysql-1.2.10-1.1mdv2008.0.x86_64.rpm b71d8b14cc536cf8a2448b353d2b4047 2008.0/x86_64/apr-util-dbd-pgsql-1.2.10-1.1mdv2008.0.x86_64.rpm 10b889bb625dbae01711ed7e8e101744 2008.0/x86_64/apr-util-dbd-sqlite3-1.2.10-1.1mdv2008.0.x86_64.rpm 068334fc392c68f9b29e629dd3776f83 2008.0/x86_64/lib64apr1-1.2.11-1.1mdv2008.0.x86_64.rpm a9ed011d8b421e8604e66a87a4972477 2008.0/x86_64/lib64apr-devel-1.2.11-1.1mdv2008.0.x86_64.rpm c08da53c4c88464249f46c6577f3c2a8 2008.0/x86_64/lib64apr-util1-1.2.10-1.1mdv2008.0.x86_64.rpm 4b1b86a3e07f4b87a1a53f0dbaaa3aff 2008.0/x86_64/lib64apr-util-devel-1.2.10-1.1mdv2008.0.x86_64.rpm 6ef7669ea3d0db3dbaed35f35ae2dbdc 2008.0/SRPMS/apr-1.2.11-1.1mdv2008.0.src.rpm 1a923fc9c2f912ef339b942a59bff4e6 2008.0/SRPMS/apr-util-1.2.10-1.1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLGEWRmqjQ0CJFipgRAsWiAJ9LbNZNAkUIxWbq84aERpTacFEJPACg0xgy wuYdtSQeV/bOOP7w17qo2V0= =V8dA -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . Subversion clients and servers, versions 1.6.0 - 1.6.3 and all versions < 1.5.7, are vulnerable to several heap overflow problems which may lead to remote code execution. The official advisory (mirrored at http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt) follows: Subversion clients and servers up to 1.6.3 (inclusive) have heap overflow issues in the parsing of binary deltas. Summary: ======== Subversion clients and servers have multiple heap overflow issues in the parsing of binary deltas. This is related to an allocation vulnerability in the APR library used by Subversion. Clients with commit access to a vulnerable server can cause a remote heap overflow; servers can cause a heap overflow on vulnerable clients that try to do a checkout or update. This can lead to a DoS (an exploit has been tested) and to arbitrary code execution (no exploit tested, but the possibility is clear). Known vulnerable: ================= Subversion clients and servers <= 1.5.6. Subversion clients and servers 1.6.0 through 1.6.3 (inclusive). Known fixed: ============ Subversion 1.6.4 Subversion 1.5.7 (Search for "Patch" below to see the patches from 1.6.3 -> 1.6.4 and 1.5.6 -> 1.5.7. Search for "Recommendations" to get URLs for the 1.6.4 release and associated APR library patch.) Details: ======== The libsvn_delta library does not contain sufficient input validation of svndiff streams. If a stream with large windows is processed, one of several integer overflows may lead to some boundary checks incorrectly passing, which in turn can lead to a heap overflow. Severity: ========= A remote attacker with commit access to repository may be able to execute code on a Subversion server. A malicious server may be able to execute code on a Subversion client. Recommendations: ================ We recommend all users to upgrade to Subversion 1.6.4. We recommend all users to upgrade to the latest versions of APR and APR-UTIL, or apply the CVE-2009-2412 patch appropriate to their APR installation from <http://www.apache.org/dist/apr/patches/>. New Subversion packages can be found at: http://subversion.tigris.org/project_packages.html References: =========== CVE-2009-2411 (Subversion) CVE-2009-2412 (APR) Reported by: ============ Matt Lewis, Google. Patches: ======== This patch applies to Subversion 1.6.x (apply with patch -p0 < patchfile): [[[ Index: subversion/libsvn_delta/svndiff.c =================================================================== --- subversion/libsvn_delta/svndiff.c (revision 38519) +++ subversion/libsvn_delta/svndiff.c (working copy) @@ -60,10 +60,23 @@ struct encoder_baton { apr_pool_t *pool; }; +/* This is at least as big as the largest size of an integer that + encode_int can generate; it is sufficient for creating buffers for + it to write into. This assumes that integers are at most 64 bits, + and so 10 bytes (with 7 bits of information each) are sufficient to + represent them. */ +#define MAX_ENCODED_INT_LEN 10 +/* This is at least as big as the largest size for a single instruction. */ +#define MAX_INSTRUCTION_LEN (2*MAX_ENCODED_INT_LEN+1) +/* This is at least as big as the largest possible instructions + section: in theory, the instructions could be SVN_DELTA_WINDOW_SIZE + 1-byte copy-from-source instructions (though this is very unlikely). */ +#define MAX_INSTRUCTION_SECTION_LEN (SVN_DELTA_WINDOW_SIZE*MAX_INSTRUCTION_LEN) /* Encode VAL into the buffer P using the variable-length svndiff integer format. Return the incremented value of P after the - encoded bytes have been written. + encoded bytes have been written. P must point to a buffer of size + at least MAX_ENCODED_INT_LEN. This encoding uses the high bit of each byte as a continuation bit and the other seven bits as data bits. High-order data bits are @@ -85,7 +98,7 @@ encode_int(char *p, svn_filesize_t val) svn_filesize_t v; unsigned char cont; - assert(val >= 0); + SVN_ERR_ASSERT_NO_RETURN(val >= 0); /* Figure out how many bytes we'll need. */ v = val >> 7; @@ -96,6 +109,8 @@ encode_int(char *p, svn_filesize_t val) n++; } + SVN_ERR_ASSERT_NO_RETURN(n <= MAX_ENCODED_INT_LEN); + /* Encode the remaining bytes; n is always the number of bytes coming after the one we're encoding. */ while (--n >= 0) @@ -112,7 +127,7 @@ encode_int(char *p, svn_filesize_t val) static void append_encoded_int(svn_stringbuf_t *header, svn_filesize_t val) { - char buf[128], *p; + char buf[MAX_ENCODED_INT_LEN], *p; p = encode_int(buf, val); svn_stringbuf_appendbytes(header, buf, p - buf); @@ -168,7 +183,7 @@ window_handler(svn_txdelta_window_t *window, void svn_stringbuf_t *i1 = svn_stringbuf_create("", pool); svn_stringbuf_t *header = svn_stringbuf_create("", pool); const svn_string_t *newdata; - char ibuf[128], *ip; + char ibuf[MAX_INSTRUCTION_LEN], *ip; const svn_txdelta_op_t *op; apr_size_t len; @@ -346,6 +361,8 @@ decode_file_offset(svn_filesize_t *val, const unsigned char *p, const unsigned char *end) { + if (p + MAX_ENCODED_INT_LEN < end) + end = p + MAX_ENCODED_INT_LEN; /* Decode bytes until we're done. */ *val = 0; while (p < end) @@ -365,6 +382,8 @@ decode_size(apr_size_t *val, const unsigned char *p, const unsigned char *end) { + if (p + MAX_ENCODED_INT_LEN < end) + end = p + MAX_ENCODED_INT_LEN; /* Decode bytes until we're done. */ *val = 0; while (p < end) @@ -382,7 +401,7 @@ decode_size(apr_size_t *val, data is not compressed. */ static svn_error_t * -zlib_decode(svn_stringbuf_t *in, svn_stringbuf_t *out) +zlib_decode(svn_stringbuf_t *in, svn_stringbuf_t *out, apr_size_t limit) { apr_size_t len; char *oldplace = in->data; @@ -390,6 +409,13 @@ static svn_error_t * /* First thing in the string is the original length. */ in->data = (char *)decode_size(&len, (unsigned char *)in->data, (unsigned char *)in->data+in->len); + if (in->data == NULL) + return svn_error_create(SVN_ERR_SVNDIFF_INVALID_COMPRESSED_DATA, NULL, + _("Decompression of svndiff data failed: no size")); + if (len > limit) + return svn_error_create(SVN_ERR_SVNDIFF_INVALID_COMPRESSED_DATA, NULL, + _("Decompression of svndiff data failed: " + "size too large")); /* We need to subtract the size of the encoded original length off the * still remaining input length. */ in->len -= (in->data - oldplace); @@ -487,10 +513,10 @@ count_and_verify_instructions(int *ninst, return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, _("Invalid diff stream: insn %d cannot be decoded"), n); - else if (op.length <= 0) + else if (op.length == 0) return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, - _("Invalid diff stream: insn %d has non-positive length"), n); + _("Invalid diff stream: insn %d has length zero"), n); else if (op.length > tview_len - tpos) return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, @@ -499,7 +525,8 @@ count_and_verify_instructions(int *ninst, switch (op.action_code) { case svn_txdelta_source: - if (op.length > sview_len - op.offset) + if (op.length > sview_len - op.offset || + op.offset > sview_len) return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, _("Invalid diff stream: " @@ -565,11 +592,11 @@ decode_window(svn_txdelta_window_t *window, svn_fi instin = svn_stringbuf_ncreate((const char *)data, insend - data, pool); instout = svn_stringbuf_create("", pool); - SVN_ERR(zlib_decode(instin, instout)); + SVN_ERR(zlib_decode(instin, instout, MAX_INSTRUCTION_SECTION_LEN)); ndin = svn_stringbuf_ncreate((const char *)insend, newlen, pool); ndout = svn_stringbuf_create("", pool); - SVN_ERR(zlib_decode(ndin, ndout)); + SVN_ERR(zlib_decode(ndin, ndout, SVN_DELTA_WINDOW_SIZE)); newlen = ndout->len; data = (unsigned char *)instout->data; @@ -685,6 +712,14 @@ write_handler(void *baton, if (p == NULL) return SVN_NO_ERROR; + if (tview_len > SVN_DELTA_WINDOW_SIZE || + sview_len > SVN_DELTA_WINDOW_SIZE || + /* for svndiff1, newlen includes the original length */ + newlen > SVN_DELTA_WINDOW_SIZE + MAX_ENCODED_INT_LEN || + inslen > MAX_INSTRUCTION_SECTION_LEN) + return svn_error_create(SVN_ERR_SVNDIFF_CORRUPT_WINDOW, NULL, + _("Svndiff contains a too-large window")); + /* Check for integer overflow. */ if (sview_offset < 0 || inslen + newlen < inslen || sview_len + tview_len < sview_len @@ -841,6 +876,14 @@ read_window_header(svn_stream_t *stream, svn_files SVN_ERR(read_one_size(inslen, stream)); SVN_ERR(read_one_size(newlen, stream)); + if (*tview_len > SVN_DELTA_WINDOW_SIZE || + *sview_len > SVN_DELTA_WINDOW_SIZE || + /* for svndiff1, newlen includes the original length */ + *newlen > SVN_DELTA_WINDOW_SIZE + MAX_ENCODED_INT_LEN || + *inslen > MAX_INSTRUCTION_SECTION_LEN) + return svn_error_create(SVN_ERR_SVNDIFF_CORRUPT_WINDOW, NULL, + _("Svndiff contains a too-large window")); + /* Check for integer overflow. */ if (*sview_offset < 0 || *inslen + *newlen < *inslen || *sview_len + *tview_len < *sview_len Index: subversion/libsvn_delta/text_delta.c =================================================================== --- subversion/libsvn_delta/text_delta.c (revision 38519) +++ subversion/libsvn_delta/text_delta.c (working copy) @@ -548,7 +548,7 @@ svn_txdelta_target_push(svn_txdelta_window_handler /* Functions for applying deltas. */ /* Ensure that BUF has enough space for VIEW_LEN bytes. */ -static APR_INLINE void +static APR_INLINE svn_error_t * size_buffer(char **buf, apr_size_t *buf_size, apr_size_t view_len, apr_pool_t *pool) { @@ -557,8 +557,11 @@ size_buffer(char **buf, apr_size_t *buf_size, *buf_size *= 2; if (*buf_size < view_len) *buf_size = view_len; + SVN_ERR_ASSERT(APR_ALIGN_DEFAULT(*buf_size) >= *buf_size); *buf = apr_palloc(pool, *buf_size); } + + return SVN_NO_ERROR; } @@ -659,7 +662,7 @@ apply_window(svn_txdelta_window_t *window, void *b >= ab->sbuf_offset + ab->sbuf_len))); /* Make sure there's enough room in the target buffer. */ - size_buffer(&ab->tbuf, &ab->tbuf_size, window->tview_len, ab->pool); + SVN_ERR(size_buffer(&ab->tbuf, &ab->tbuf_size, window->tview_len, ab->pool)); /* Prepare the source buffer for reading from the input stream. */ if (window->sview_offset != ab->sbuf_offset @@ -668,7 +671,8 @@ apply_window(svn_txdelta_window_t *window, void *b char *old_sbuf = ab->sbuf; /* Make sure there's enough room. */ - size_buffer(&ab->sbuf, &ab->sbuf_size, window->sview_len, ab->pool); + SVN_ERR(size_buffer(&ab->sbuf, &ab->sbuf_size, window->sview_len, + ab->pool)); /* If the existing view overlaps with the new view, copy the * overlap to the beginning of the new buffer. */ ]]] This patch applies to Subversion 1.5.x: [[[ Index: subversion/libsvn_delta/svndiff.c =================================================================== --- subversion/libsvn_delta/svndiff.c (revision 38498) +++ subversion/libsvn_delta/svndiff.c (working copy) @@ -55,10 +55,23 @@ struct encoder_baton { apr_pool_t *pool; }; +/* This is at least as big as the largest size of an integer that + encode_int can generate; it is sufficient for creating buffers for + it to write into. This assumes that integers are at most 64 bits, + and so 10 bytes (with 7 bits of information each) are sufficient to + represent them. */ +#define MAX_ENCODED_INT_LEN 10 +/* This is at least as big as the largest size for a single instruction. */ +#define MAX_INSTRUCTION_LEN (2*MAX_ENCODED_INT_LEN+1) +/* This is at least as big as the largest possible instructions + section: in theory, the instructions could be SVN_DELTA_WINDOW_SIZE + 1-byte copy-from-source instructions (though this is very unlikely). */ +#define MAX_INSTRUCTION_SECTION_LEN (SVN_DELTA_WINDOW_SIZE*MAX_INSTRUCTION_LEN) /* Encode VAL into the buffer P using the variable-length svndiff integer format. Return the incremented value of P after the - encoded bytes have been written. + encoded bytes have been written. P must point to a buffer of size + at least MAX_ENCODED_INT_LEN. This encoding uses the high bit of each byte as a continuation bit and the other seven bits as data bits. High-order data bits are @@ -91,6 +104,8 @@ encode_int(char *p, svn_filesize_t val) n++; } + assert(n <= MAX_ENCODED_INT_LEN); + /* Encode the remaining bytes; n is always the number of bytes coming after the one we're encoding. */ while (--n >= 0) @@ -107,7 +122,7 @@ encode_int(char *p, svn_filesize_t val) static void append_encoded_int(svn_stringbuf_t *header, svn_filesize_t val) { - char buf[128], *p; + char buf[MAX_ENCODED_INT_LEN], *p; p = encode_int(buf, val); svn_stringbuf_appendbytes(header, buf, p - buf); @@ -163,7 +178,7 @@ window_handler(svn_txdelta_window_t *window, void svn_stringbuf_t *i1 = svn_stringbuf_create("", pool); svn_stringbuf_t *header = svn_stringbuf_create("", pool); const svn_string_t *newdata; - char ibuf[128], *ip; + char ibuf[MAX_INSTRUCTION_LEN], *ip; const svn_txdelta_op_t *op; apr_size_t len; @@ -341,6 +356,8 @@ decode_file_offset(svn_filesize_t *val, const unsigned char *p, const unsigned char *end) { + if (p + MAX_ENCODED_INT_LEN < end) + end = p + MAX_ENCODED_INT_LEN; /* Decode bytes until we're done. */ *val = 0; while (p < end) @@ -360,6 +377,8 @@ decode_size(apr_size_t *val, const unsigned char *p, const unsigned char *end) { + if (p + MAX_ENCODED_INT_LEN < end) + end = p + MAX_ENCODED_INT_LEN; /* Decode bytes until we're done. */ *val = 0; while (p < end) @@ -377,7 +396,7 @@ decode_size(apr_size_t *val, data is not compressed. */ static svn_error_t * -zlib_decode(svn_stringbuf_t *in, svn_stringbuf_t *out) +zlib_decode(svn_stringbuf_t *in, svn_stringbuf_t *out, apr_size_t limit) { apr_size_t len; char *oldplace = in->data; @@ -385,6 +404,13 @@ static svn_error_t * /* First thing in the string is the original length. */ in->data = (char *)decode_size(&len, (unsigned char *)in->data, (unsigned char *)in->data+in->len); + if (in->data == NULL) + return svn_error_create(SVN_ERR_SVNDIFF_INVALID_COMPRESSED_DATA, NULL, + _("Decompression of svndiff data failed: no size")); + if (len > limit) + return svn_error_create(SVN_ERR_SVNDIFF_INVALID_COMPRESSED_DATA, NULL, + _("Decompression of svndiff data failed: " + "size too large")); /* We need to subtract the size of the encoded original length off the * still remaining input length. */ in->len -= (in->data - oldplace); @@ -482,10 +508,10 @@ count_and_verify_instructions(int *ninst, return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, _("Invalid diff stream: insn %d cannot be decoded"), n); - else if (op.length <= 0) + else if (op.length == 0) return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, - _("Invalid diff stream: insn %d has non-positive length"), n); + _("Invalid diff stream: insn %d has length zero"), n); else if (op.length > tview_len - tpos) return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, @@ -494,7 +520,8 @@ count_and_verify_instructions(int *ninst, switch (op.action_code) { case svn_txdelta_source: - if (op.length > sview_len - op.offset) + if (op.length > sview_len - op.offset || + op.offset > sview_len) return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, _("Invalid diff stream: " @@ -560,11 +587,11 @@ decode_window(svn_txdelta_window_t *window, svn_fi instin = svn_stringbuf_ncreate((const char *)data, insend - data, pool); instout = svn_stringbuf_create("", pool); - SVN_ERR(zlib_decode(instin, instout)); + SVN_ERR(zlib_decode(instin, instout, MAX_INSTRUCTION_SECTION_LEN)); ndin = svn_stringbuf_ncreate((const char *)insend, newlen, pool); ndout = svn_stringbuf_create("", pool); - SVN_ERR(zlib_decode(ndin, ndout)); + SVN_ERR(zlib_decode(ndin, ndout, SVN_DELTA_WINDOW_SIZE)); newlen = ndout->len; data = (unsigned char *)instout->data; @@ -680,6 +707,14 @@ write_handler(void *baton, if (p == NULL) return SVN_NO_ERROR; + if (tview_len > SVN_DELTA_WINDOW_SIZE || + sview_len > SVN_DELTA_WINDOW_SIZE || + /* for svndiff1, newlen includes the original length */ + newlen > SVN_DELTA_WINDOW_SIZE + MAX_ENCODED_INT_LEN || + inslen > MAX_INSTRUCTION_SECTION_LEN) + return svn_error_create(SVN_ERR_SVNDIFF_CORRUPT_WINDOW, NULL, + _("Svndiff contains a too-large window")); + /* Check for integer overflow. */ if (sview_offset < 0 || inslen + newlen < inslen || sview_len + tview_len < sview_len @@ -836,6 +871,14 @@ read_window_header(svn_stream_t *stream, svn_files SVN_ERR(read_one_size(inslen, stream)); SVN_ERR(read_one_size(newlen, stream)); + if (*tview_len > SVN_DELTA_WINDOW_SIZE || + *sview_len > SVN_DELTA_WINDOW_SIZE || + /* for svndiff1, newlen includes the original length */ + *newlen > SVN_DELTA_WINDOW_SIZE + MAX_ENCODED_INT_LEN || + *inslen > MAX_INSTRUCTION_SECTION_LEN) + return svn_error_create(SVN_ERR_SVNDIFF_CORRUPT_WINDOW, NULL, + _("Svndiff contains a too-large window")); + /* Check for integer overflow. */ if (*sview_offset < 0 || *inslen + *newlen < *inslen || *sview_len + *tview_len < *sview_len Index: subversion/libsvn_delta/text_delta.c =================================================================== --- subversion/libsvn_delta/text_delta.c (revision 38498) +++ subversion/libsvn_delta/text_delta.c (working copy) @@ -498,7 +498,7 @@ svn_txdelta_target_push(svn_txdelta_window_handler /* Functions for applying deltas. */ /* Ensure that BUF has enough space for VIEW_LEN bytes. */ -static APR_INLINE void +static APR_INLINE svn_error_t * size_buffer(char **buf, apr_size_t *buf_size, apr_size_t view_len, apr_pool_t *pool) { @@ -507,8 +507,13 @@ size_buffer(char **buf, apr_size_t *buf_size, *buf_size *= 2; if (*buf_size < view_len) *buf_size = view_len; + if (APR_ALIGN_DEFAULT(*buf_size) < *buf_size) + return svn_error_create(SVN_ERR_SVNDIFF_INVALID_OPS, NULL, + "Diff stream resulted in invalid buffer size."); *buf = apr_palloc(pool, *buf_size); } + + return SVN_NO_ERROR; } @@ -609,7 +614,7 @@ apply_window(svn_txdelta_window_t *window, void *b >= ab->sbuf_offset + ab->sbuf_len))); /* Make sure there's enough room in the target buffer. */ - size_buffer(&ab->tbuf, &ab->tbuf_size, window->tview_len, ab->pool); + SVN_ERR(size_buffer(&ab->tbuf, &ab->tbuf_size, window->tview_len, ab->pool)); /* Prepare the source buffer for reading from the input stream. */ if (window->sview_offset != ab->sbuf_offset @@ -618,7 +623,8 @@ apply_window(svn_txdelta_window_t *window, void *b char *old_sbuf = ab->sbuf; /* Make sure there's enough room. */ - size_buffer(&ab->sbuf, &ab->sbuf_size, window->sview_len, ab->pool); + SVN_ERR(size_buffer(&ab->sbuf, &ab->sbuf_size, window->sview_len, + ab->pool)); /* If the existing view overlaps with the new view, copy the * overlap to the beginning of the new buffer. */ ]]] . The Apache Portable Runtime Utility Library (aka APR-Util) provides an interface to functionality such as XML parsing, string matching and databases connections. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/apr < 1.3.8 >= 1.3.8 2 dev-libs/apr-util < 1.3.9 >= 1.3.9 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures. ------------------------------------------------------------------- Description =========== Matt Lewis reported multiple Integer overflows in the apr_rmm_malloc(), apr_rmm_calloc(), and apr_rmm_realloc() functions in misc/apr_rmm.c of APR-Util and in memory/unix/apr_pools.c of APR, both occurring when aligning memory blocks. Impact ====== A remote attacker could entice a user to connect to a malicious server with software that uses the APR or act as a malicious client to a server that uses the APR (such as Subversion or Apache servers), possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround ========== There is no known workaround at this time. Resolution ========== All Apache Portable Runtime users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-libs/apr-1.3.8 All APR Utility Library users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-libs/apr-util-1.3.9 References ========== [ 1 ] CVE-2009-2412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200909-03.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . =========================================================== Ubuntu Security Notice USN-813-2 August 08, 2009 apache2 vulnerability CVE-2009-2412 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libapr0 2.0.55-4ubuntu2.7 After a standard system upgrade you need to restart any applications using apr, such as Subversion and Apache, to effect the necessary changes. Details follow: USN-813-1 fixed vulnerabilities in apr. This update provides the corresponding updates for apr as provided by Apache on Ubuntu 6.06 LTS. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7.diff.gz Size/MD5: 126010 68da83341313e1b166fe345138d1eaa5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7.dsc Size/MD5: 1156 0b17c48d0880ab82c769c41d1aff7002 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.7_all.deb Size/MD5: 2125530 9356b79c2b1591ffec1a6cd1974f82fd amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_amd64.deb Size/MD5: 833902 08b8aaf66aa52e6fd9dbed1647bb5dd2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_amd64.deb Size/MD5: 229124 400d32297652e4976456cb7b367cc435 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_amd64.deb Size/MD5: 224122 07be7749fd618703c9f093efeb5e6fad http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_amd64.deb Size/MD5: 228700 9c79315063121eb7017cd99c6bb4667c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_amd64.deb Size/MD5: 172244 e15a994901f09e6e8294d656b8a8254c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_amd64.deb Size/MD5: 173028 985f0a987b0e5e17b24fdd6f8475781a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_amd64.deb Size/MD5: 95066 2b836251f30a5c3d0cb24c2775a9b997 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_amd64.deb Size/MD5: 37096 2756f162320b3b183c7447dad130cff9 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_amd64.deb Size/MD5: 286664 f46d70c05cba04ceaba7d62afe5ac5be http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_amd64.deb Size/MD5: 145234 e1c285b96d1ee5e8a66d01eadcc289c6 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_i386.deb Size/MD5: 787150 ab3e75481087dc0148ca3ccc450a1ab1 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_i386.deb Size/MD5: 203722 e10938af36f0e1802fbd3b0946ae6e3c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_i386.deb Size/MD5: 199634 7ee8d5ba9679c8c7dd78c95b5fb74046 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_i386.deb Size/MD5: 203146 5456087e20afd24d2a27d648fafeb135 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_i386.deb Size/MD5: 172228 98a58d9526a667a05573e9b26fcfd45b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_i386.deb Size/MD5: 173020 1db636c0e79b0ea3c405da958c35c932 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_i386.deb Size/MD5: 92998 737aee7a7026d4d9b33a0f71b44e0b19 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_i386.deb Size/MD5: 37098 15db8827569af434025942a84e77b381 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_i386.deb Size/MD5: 262652 93f2171d69072153264cab51860f781c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_i386.deb Size/MD5: 133118 cac6f1c804a1e34bf4250be4d8670862 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_powerpc.deb Size/MD5: 859954 558399d0c5fb22cee0cdc1b20d4d7586 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_powerpc.deb Size/MD5: 221090 94c5789d3d06b3553d883eca45ab06b7 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_powerpc.deb Size/MD5: 216702 68edfa60eb9de377b20be68e10bd879a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_powerpc.deb Size/MD5: 220634 8f103f83772eb2e52cd38bb0fb1efbec http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_powerpc.deb Size/MD5: 172234 559b5683e44f424324d43b09f42c63f6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_powerpc.deb Size/MD5: 173014 7c05a2f5fe626036ebaa271cece0cd09 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_powerpc.deb Size/MD5: 104772 63a31e0f30472ebc19a79744b1b1fe03 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_powerpc.deb Size/MD5: 37098 c00f5d32432f97ac992652ac1bbb7259 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_powerpc.deb Size/MD5: 282244 1a2c7d7038b335ae2ab6ff68d06a380f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_powerpc.deb Size/MD5: 142328 169a4ce5fc42eb789c76f46acb07aa00 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_sparc.deb Size/MD5: 804250 3a780a65322c539717e93a64792acc16 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_sparc.deb Size/MD5: 211276 e1f45226511664f1759a6ad75aff6155 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_sparc.deb Size/MD5: 206948 19e2792273d8a4935ef6fcc6ee369326 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_sparc.deb Size/MD5: 210556 e62136b10dca8c665defa2cc54640e64 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_sparc.deb Size/MD5: 172232 6e2213cb4b6a5dec1506fe01ce5cc028 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_sparc.deb Size/MD5: 173010 9603ee752f034d04fd349db168fbe2f2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_sparc.deb Size/MD5: 94084 c6f6315ff2e1865f409ae49d54e3a233 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_sparc.deb Size/MD5: 37102 fdb3a44756f9d6e8d36c1b2558420d57 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_sparc.deb Size/MD5: 268648 03fbe81b3cc1f0ac17961fc5c58a3f5f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_sparc.deb Size/MD5: 131056 8707670bfb577280d9b5d0689c51608c

Trust: 2.43

sources: NVD: CVE-2009-2412 // JVNDB: JVNDB-2009-002016 // BID: 35949 // PACKETSTORM: 80228 // PACKETSTORM: 80125 // PACKETSTORM: 83432 // PACKETSTORM: 80232 // PACKETSTORM: 81085 // PACKETSTORM: 80227

AFFECTED PRODUCTS

vendor:apachemodel:apr-utilscope:eqversion:1.3.8

Trust: 1.9

vendor:apachemodel:apr-utilscope:eqversion:1.3.7

Trust: 1.9

vendor:apachemodel:apr-utilscope:eqversion:1.3.5

Trust: 1.9

vendor:apachemodel:apr-utilscope:eqversion:1.3.4

Trust: 1.9

vendor:apachemodel:portable runtimescope:eqversion:0.9.6

Trust: 1.6

vendor:apachemodel:portable runtimescope:eqversion:0.9.1

Trust: 1.6

vendor:apachemodel:apr-utilscope:eqversion:1.3.2

Trust: 1.6

vendor:apachemodel:portable runtimescope:eqversion:0.9.7

Trust: 1.6

vendor:apachemodel:portable runtimescope:eqversion:0.9.7-dev

Trust: 1.6

vendor:apachemodel:apr-utilscope:eqversion:1.3.3

Trust: 1.6

vendor:apachemodel:apr-utilscope:eqversion:1.3.6

Trust: 1.3

vendor:apachemodel:apr-utilscope:eqversion:0.9.16

Trust: 1.3

vendor:apachemodel:portable runtimescope:eqversion:1.3.7

Trust: 1.3

vendor:apachemodel:portable runtimescope:eqversion:1.3.4-dev

Trust: 1.0

vendor:apachemodel:apr-utilscope:eqversion:1.3.4-dev

Trust: 1.0

vendor:apachemodel:portable runtimescope:eqversion:1.3.0

Trust: 1.0

vendor:apachemodel:portable runtimescope:eqversion:1.3.8

Trust: 1.0

vendor:apachemodel:portable runtimescope:eqversion:0.9.8

Trust: 1.0

vendor:apachemodel:apr-utilscope:eqversion:0.9.1

Trust: 1.0

vendor:apachemodel:apr-utilscope:eqversion:1.3.0

Trust: 1.0

vendor:apachemodel:apr-utilscope:eqversion:0.9.8

Trust: 1.0

vendor:apachemodel:portable runtimescope:eqversion:1.3.3

Trust: 1.0

vendor:apachemodel:portable runtimescope:eqversion:0.9.2-dev

Trust: 1.0

vendor:apachemodel:portable runtimescope:eqversion:0.9.3-dev

Trust: 1.0

vendor:apachemodel:apr-utilscope:eqversion:0.9.2-dev

Trust: 1.0

vendor:apachemodel:apr-utilscope:eqversion:0.9.3-dev

Trust: 1.0

vendor:apachemodel:portable runtimescope:eqversion:0.9.2

Trust: 1.0

vendor:apachemodel:portable runtimescope:eqversion:1.3.4

Trust: 1.0

vendor:apachemodel:apr-utilscope:eqversion:0.9.2

Trust: 1.0

vendor:apachemodel:portable runtimescope:eqversion:1.3.1

Trust: 1.0

vendor:apachemodel:portable runtimescope:eqversion:0.9.3

Trust: 1.0

vendor:apachemodel:apr-utilscope:eqversion:1.3.1

Trust: 1.0

vendor:apachemodel:portable runtimescope:eqversion:0.9.4

Trust: 1.0

vendor:apachemodel:apr-utilscope:eqversion:0.9.4

Trust: 1.0

vendor:apachemodel:portable runtimescope:eqversion:1.3.2

Trust: 1.0

vendor:apachemodel:portable runtimescope:eqversion:0.9.9

Trust: 1.0

vendor:apachemodel:apr-utilscope:eqversion:0.9.9

Trust: 1.0

vendor:apachemodel:portable runtimescope:eqversion:1.3.5

Trust: 1.0

vendor:apachemodel:portable runtimescope:eqversion:0.9.5

Trust: 1.0

vendor:apachemodel:apr-utilscope:eqversion:0.9.5

Trust: 1.0

vendor:apachemodel:portable runtimescope:eqversion:1.3.6-dev

Trust: 1.0

vendor:apachemodel:apr-utilscope:eqversion:1.3.6-dev

Trust: 1.0

vendor:apachemodel:portable runtimescope:eqversion:1.3.6

Trust: 1.0

vendor:apachemodel:portable runtimescope:eqversion:0.9.16-dev

Trust: 1.0

vendor:apachemodel:apr-utilscope:eqversion:0.9.7-dev

Trust: 1.0

vendor:apachemodel:apr-utilscope:eqversion:0.9.6

Trust: 1.0

vendor:apachemodel:apr-utilscope:eqversion:0.9.3

Trust: 1.0

vendor:apachemodel:http serverscope:ltversion:2.0.64

Trust: 0.8

vendor:apachemodel:portable runtimescope:eqversion:0.9.x

Trust: 0.8

vendor:apachemodel:portable runtimescope:eqversion:1.3.x

Trust: 0.8

vendor:apachemodel:apr-utilscope:eqversion:0.9.x

Trust: 0.8

vendor:apachemodel:apr-utilscope:eqversion:1.3.x

Trust: 0.8

vendor:ibmmodel:http serverscope:eqversion:2.0.47.x

Trust: 0.8

vendor:ibmmodel:http serverscope:eqversion:6.0.2.39

Trust: 0.8

vendor:ibmmodel:http serverscope:eqversion:6.1.0.29

Trust: 0.8

vendor:ibmmodel:http serverscope:eqversion:7.0.0.7

Trust: 0.8

vendor:ibmmodel:websphere application serverscope:eqversion:6.0.2.39

Trust: 0.8

vendor:ibmmodel:websphere application serverscope:eqversion:6.1.0.29

Trust: 0.8

vendor:ibmmodel:websphere application serverscope:eqversion:7.0.0.7

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.6

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.6.1

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.6

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.6.1

Trust: 0.8

vendor:oraclemodel:opensolarisscope: - version: -

Trust: 0.8

vendor:oraclemodel:solarisscope:eqversion:10

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3 (x86)

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3 (x86-64)

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3.0

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3.0 (x86-64)

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:4.0

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:4.0 (x86-64)

Trust: 0.8

vendor:turbo linuxmodel:turbolinux appliance serverscope:eqversion:2.0

Trust: 0.8

vendor:turbo linuxmodel:turbolinux appliance serverscope:eqversion:3.0

Trust: 0.8

vendor:turbo linuxmodel:turbolinux appliance serverscope:eqversion:3.0 (x64)

Trust: 0.8

vendor:turbo linuxmodel:turbolinux clientscope:eqversion:2008

Trust: 0.8

vendor:turbo linuxmodel:turbolinux fujiscope:eqversion:( extended maintenance )

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:10

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:10 (x64)

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:11

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:11 (x64)

Trust: 0.8

vendor:trend micromodel:interscan messaging security suitescope:eqversion:7.x

Trust: 0.8

vendor:trend micromodel:interscan messaging security virtual appliancescope:eqversion:7.0

Trust: 0.8

vendor:trend micromodel:trendmicro interscan messaging security appliancescope:eqversion:7.0

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:3 (as)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:3 (es)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:3 (ws)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4 (as)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4 (es)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4 (ws)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4.8 (as)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4.8 (es)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:5 (server)

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:3.0

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:4.0

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:5.0 (client)

Trust: 0.8

vendor:red hatmodel:enterprise linux eusscope:eqversion:5.3.z (server)

Trust: 0.8

vendor:red hatmodel:rhel desktop workstationscope:eqversion:5 (client)

Trust: 0.8

vendor:fujitsumodel:interstage application serverscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage studioscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage web serverscope: - version: -

Trust: 0.8

vendor:ubuntumodel:linux sparcscope:eqversion:9.04

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:9.04

Trust: 0.3

vendor:ubuntumodel:linux lpiascope:eqversion:9.04

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:9.04

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:9.04

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:8.10

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:8.10

Trust: 0.3

vendor:ubuntumodel:linux lpiascope:eqversion:8.10

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:8.10

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:8.10

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux lts lpiascope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:6.06

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:6.06

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:6.06

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:6.06

Trust: 0.3

vendor:susemodel:linux enterprise serverscope:eqversion:9

Trust: 0.3

vendor:susemodel:linux enterprise server debuginfoscope:eqversion:11

Trust: 0.3

vendor:susemodel:linux enterprise serverscope:eqversion:11

Trust: 0.3

vendor:susemodel:linux enterprise server sp3scope:eqversion:10

Trust: 0.3

vendor:susemodel:linux enterprise server sp2scope:eqversion:10

Trust: 0.3

vendor:susemodel:linux enterprise sdk sp3scope:eqversion:10

Trust: 0.3

vendor:susemodel:linux enterprise sdk sp2scope:eqversion:10

Trust: 0.3

vendor:susemodel:linux enterprise desktop sp3scope:eqversion:10

Trust: 0.3

vendor:susemodel:linux enterprise desktop sp2scope:eqversion:10

Trust: 0.3

vendor:susemodel:linux enterprisescope:eqversion:11

Trust: 0.3

vendor:susemodel:linux enterprise sp3 debuginfoscope:eqversion:10

Trust: 0.3

vendor:susemodel:linux enterprise sp2 debuginfoscope:eqversion:10

Trust: 0.3

vendor:sunmodel:solaris 10 x86scope: - version: -

Trust: 0.3

vendor:sunmodel:solaris 10 sparcscope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 99scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 98scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 96scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 95scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 94scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 93scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 92scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 91scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 90scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 89scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 88scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 87scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 86scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 85scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 84scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 83scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 82scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 81scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 80scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 78scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 77scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 76scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 74scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 71scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 68scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 67scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 64scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 61scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 59scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 58scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 57scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 56scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 54scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 51scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 50scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 49scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 48scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 47scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 45scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 41scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 39scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 38scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 37scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 36scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 35scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 29scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 28scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 22scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 19scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 13scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 121scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 120scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 119scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 118scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 117scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 116scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 115scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 114scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 113scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 112scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 111ascope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 111scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 110scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 109scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 108scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 107scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 106scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 105scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 104scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 103scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 102scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 101ascope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 101scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 100scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 02scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 01scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 111bscope: - version: -

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:12.2

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:12.1

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:12.0

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:11.0

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:11.1

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:11.0

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:10.3

Trust: 0.3

vendor:s u s emodel:open-enterprise-serverscope:eqversion:0

Trust: 0.3

vendor:s u s emodel:novell linux posscope:eqversion:9

Trust: 0.3

vendor:s u s emodel:novell linux desktopscope:eqversion:9.0

Trust: 0.3

vendor:rpathmodel:linuxscope:eqversion:2

Trust: 0.3

vendor:rpathmodel:linuxscope:eqversion:1

Trust: 0.3

vendor:redhatmodel:jboss enterprise web server el4scope:eqversion:0

Trust: 0.3

vendor:redhatmodel:enterprise linux wsscope:eqversion:4

Trust: 0.3

vendor:redhatmodel:enterprise linux wsscope:eqversion:3

Trust: 0.3

vendor:redhatmodel:enterprise linux eus 5.3.z serverscope: - version: -

Trust: 0.3

vendor:redhatmodel:enterprise linux es 4.8.zscope: - version: -

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:4

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:3

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop workstation clientscope:eqversion:5

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop clientscope:eqversion:5

Trust: 0.3

vendor:redhatmodel:enterprise linux as 4.8.zscope: - version: -

Trust: 0.3

vendor:redhatmodel:enterprise linux asscope:eqversion:4

Trust: 0.3

vendor:redhatmodel:enterprise linux asscope:eqversion:3

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:5

Trust: 0.3

vendor:redhatmodel:desktopscope:eqversion:4.0

Trust: 0.3

vendor:redhatmodel:desktopscope:eqversion:3.0

Trust: 0.3

vendor:redhatmodel:certificate serverscope:eqversion:7.3

Trust: 0.3

vendor:pardusmodel:linuxscope:eqversion:20090

Trust: 0.3

vendor:pardusmodel:linuxscope:eqversion:20080

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2009.1

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2009.1

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2009.0

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2009.0

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2008.1

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2008.1

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2008.0

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2008.0

Trust: 0.3

vendor:mandrakesoftmodel:multi network firewallscope:eqversion:2.0

Trust: 0.3

vendor:mandrakesoftmodel:enterprise server x86 64scope:eqversion:5

Trust: 0.3

vendor:mandrakesoftmodel:enterprise serverscope:eqversion:5

Trust: 0.3

vendor:mandrakesoftmodel:corporate server x86 64scope:eqversion:4.0

Trust: 0.3

vendor:mandrakesoftmodel:corporate server x86 64scope:eqversion:3.0

Trust: 0.3

vendor:mandrakesoftmodel:corporate serverscope:eqversion:3.0

Trust: 0.3

vendor:mandrakesoftmodel:corporate serverscope:eqversion:4.0

Trust: 0.3

vendor:ibmmodel:websphere application serverscope:eqversion:6.0.1

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:2.0.47.1

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:2.0.47

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:7.0

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:fujitsumodel:interstage studio enterprise editionscope:eqversion:9.2

Trust: 0.3

vendor:fujitsumodel:interstage studio enterprise editionscope:eqversion:9.1

Trust: 0.3

vendor:fujitsumodel:interstage studio enterprise editionscope:eqversion:9.0

Trust: 0.3

vendor:fujitsumodel:interstage studio enterprise edition bscope:eqversion:9.1.0

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:9.3.1

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:9.2

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:9.1

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j edition bscope:eqversion:9.0

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j edition ascope:eqversion:9.0

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:9.0

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j edition 9.1.0bscope: - version: -

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:9.2

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:9.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition ascope:eqversion:9.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:9.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition 9.1.0bscope: - version: -

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux mipselscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux m68kscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux hppascope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux armelscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux alphascope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linuxscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:4.0

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:4.0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:4.0

Trust: 0.3

vendor:debianmodel:linux mipselscope:eqversion:4.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:4.0

Trust: 0.3

vendor:debianmodel:linux m68kscope:eqversion:4.0

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:4.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:4.0

Trust: 0.3

vendor:debianmodel:linux hppascope:eqversion:4.0

Trust: 0.3

vendor:debianmodel:linux armelscope:eqversion:4.0

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:4.0

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:4.0

Trust: 0.3

vendor:debianmodel:linux alphascope:eqversion:4.0

Trust: 0.3

vendor:debianmodel:linuxscope:eqversion:4.0

Trust: 0.3

vendor:bluemodel:coat systems directorscope:eqversion:5.2.2.5

Trust: 0.3

vendor:bluemodel:coat systems directorscope:eqversion:4.2.2.4

Trust: 0.3

vendor:bluemodel:coat systems directorscope:eqversion:5.5

Trust: 0.3

vendor:bluemodel:coat systems directorscope:eqversion:5.4

Trust: 0.3

vendor:bluemodel:coat systems directorscope:eqversion:0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.11

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.10

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.9

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.9

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.11

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.10

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.9

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.9

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5

Trust: 0.3

vendor:apachemodel:apr-utilscope:eqversion:0.9.17

Trust: 0.3

vendor:apachemodel:apr-utilscope:eqversion:0.9.7

Trust: 0.3

vendor:apachemodel:portable runtimescope:eqversion:0.9.18

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.12

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.11

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.10

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.9

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.8

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.6

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.5

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.4

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.3

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2

Trust: 0.3

vendor:apachemodel:2.2.7-devscope: - version: -

Trust: 0.3

vendor:apachemodel:2.2.6-devscope: - version: -

Trust: 0.3

vendor:apachemodel:2.2.5-devscope: - version: -

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.1

Trust: 0.3

vendor:sunmodel:opensolaris build snv 122scope:neversion: -

Trust: 0.3

vendor:bluemodel:coat systems directorscope:neversion:5.5.2.3

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.6.2

Trust: 0.3

sources: BID: 35949 // JVNDB: JVNDB-2009-002016 // CNNVD: CNNVD-200908-530 // NVD: CVE-2009-2412

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-2412
value: HIGH

Trust: 1.0

NVD: CVE-2009-2412
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200908-530
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2009-2412
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2009-002016 // CNNVD: CNNVD-200908-530 // NVD: CVE-2009-2412

PROBLEMTYPE DATA

problemtype:CWE-189

Trust: 1.8

sources: JVNDB: JVNDB-2009-002016 // NVD: CVE-2009-2412

THREAT TYPE

remote

Trust: 1.0

sources: PACKETSTORM: 80228 // PACKETSTORM: 80125 // PACKETSTORM: 81085 // PACKETSTORM: 80227 // CNNVD: CNNVD-200908-530

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-200908-530

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-002016

PATCH

title:Fixed in Apache httpd 2.0.64url:http://httpd.apache.org/security/vulnerabilities_20.html#2.0.64

Trust: 0.8

title:Apache 2.2.13 Releasedurl:http://httpd.apache.org/#2.2.13

Trust: 0.8

title:1.3.x/CHANGESurl:http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/CHANGES?revision=800735&view=markup

Trust: 0.8

title:0.9.x/CHANGESurl:http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/CHANGES?revision=800736&view=markup

Trust: 0.8

title:HT3937url:http://support.apple.com/kb/HT3937

Trust: 0.8

title:HT3937url:http://support.apple.com/kb/HT3937?viewlocale=ja_JP

Trust: 0.8

title:apr-1.2.7-11AXS3.1url:https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=730

Trust: 0.8

title:apr-util-1.2.7-7AXS3.2url:https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=731

Trust: 0.8

title:7008517url:http://www-01.ibm.com/support/docview.wss?rs=177&uid=swg27008517#61029

Trust: 0.8

title:7014506url:http://www-01.ibm.com/support/docview.wss?uid=swg27014506#7007

Trust: 0.8

title:7014463url:http://www-01.ibm.com/support/docview.wss?uid=swg27014463#7007

Trust: 0.8

title:7007033url:http://www-01.ibm.com/support/docview.wss?uid=swg27007033#60239

Trust: 0.8

title:7006876url:http://www-01.ibm.com/support/docview.wss?uid=swg27006876##60239

Trust: 0.8

title:PM10658url:http://www-01.ibm.com/support/docview.wss?uid=swg1PM10658

Trust: 0.8

title:7007951url:http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg27007951#61029

Trust: 0.8

title:PK93225url:http://www-01.ibm.com/support/docview.wss?uid=swg1PK93225&loc=en_US

Trust: 0.8

title:1761url:http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=1761

Trust: 0.8

title:1768url:http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=1768

Trust: 0.8

title:1769url:http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=1769

Trust: 0.8

title:RHSA-2009:1204url:https://rhn.redhat.com/errata/RHSA-2009-1204.html

Trust: 0.8

title:RHSA-2009:1205url:https://rhn.redhat.com/errata/RHSA-2009-1205.html

Trust: 0.8

title:cve_2010_0740_record_ofurl:http://blogs.oracle.com/sunsecurity/entry/cve_2010_0740_record_of

Trust: 0.8

title:readme_imss71_lin_criticalpatch_b12531url:http://www.trendmicro.com/ftp/jp/ucmodule/imss/lin/71/readme_imss71_lin_criticalpatch_b12531.txt

Trust: 0.8

title:readme_imss70_lin_criticalpatch_b33791url:http://www.trendmicro.com/ftp/jp/ucmodule/imss/lin/70/readme_imss70_lin_criticalpatch_b33791.txt

Trust: 0.8

title:readme_imss70_sol_criticalpatch_b81651url:http://www.trendmicro.com/ftp/jp/ucmodule/imss/sol/70/readme_imss70_sol_criticalpatch_b81651.txt

Trust: 0.8

title:readme_imss70_win_criticalpatch_b63681url:http://www.trendmicro.com/ftp/jp/ucmodule/imss/win/70/readme_imss70_win_criticalpatch_b63681.txt

Trust: 0.8

title:TLSA-2010-30url:http://www.turbolinux.co.jp/security/2010/TLSA-2010-30j.txt

Trust: 0.8

title:JP-2076110url:http://esupport.trendmicro.co.jp/Pages/JP-2076110.aspx

Trust: 0.8

title:RHSA-2009:1205url:https://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-1205J.html

Trust: 0.8

title:RHSA-2009:1204url:https://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-1204J.html

Trust: 0.8

title:interstage_as_201103url:http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_201103.html

Trust: 0.8

sources: JVNDB: JVNDB-2009-002016

EXTERNAL IDS

db:NVDid:CVE-2009-2412

Trust: 3.3

db:BIDid:35949

Trust: 2.7

db:OSVDBid:56765

Trust: 2.4

db:OSVDBid:56766

Trust: 2.4

db:SECUNIAid:36138

Trust: 2.4

db:SECUNIAid:36140

Trust: 2.4

db:SECUNIAid:37152

Trust: 1.6

db:SECUNIAid:37221

Trust: 1.6

db:SECUNIAid:36233

Trust: 1.6

db:SECUNIAid:36166

Trust: 1.6

db:VUPENid:ADV-2009-3184

Trust: 1.6

db:VUPENid:ADV-2010-1107

Trust: 1.6

db:JVNDBid:JVNDB-2009-002016

Trust: 0.8

db:CNNVDid:CNNVD-200908-530

Trust: 0.6

db:PACKETSTORMid:80228

Trust: 0.1

db:PACKETSTORMid:80125

Trust: 0.1

db:PACKETSTORMid:83432

Trust: 0.1

db:PACKETSTORMid:80232

Trust: 0.1

db:PACKETSTORMid:81085

Trust: 0.1

db:PACKETSTORMid:80227

Trust: 0.1

sources: BID: 35949 // JVNDB: JVNDB-2009-002016 // PACKETSTORM: 80228 // PACKETSTORM: 80125 // PACKETSTORM: 83432 // PACKETSTORM: 80232 // PACKETSTORM: 81085 // PACKETSTORM: 80227 // CNNVD: CNNVD-200908-530 // NVD: CVE-2009-2412

REFERENCES

url:http://osvdb.org/56766

Trust: 2.4

url:http://osvdb.org/56765

Trust: 2.4

url:http://secunia.com/advisories/36140

Trust: 2.4

url:http://secunia.com/advisories/36138

Trust: 2.4

url:http://www.securityfocus.com/bid/35949

Trust: 2.4

url:http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/changes?revision=800736&view=markup

Trust: 1.9

url:http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/changes?revision=800735&view=markup

Trust: 1.9

url:http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/changes?revision=800733&view=markup

Trust: 1.9

url:http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/changes?revision=800732&view=markup

Trust: 1.9

url:http://www-01.ibm.com/support/docview.wss?uid=swg1pk93225

Trust: 1.9

url:http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/misc/apr_rmm.c?r1=230441&r2=800736

Trust: 1.6

url:http://support.apple.com/kb/ht3937

Trust: 1.6

url:http://www-01.ibm.com/support/docview.wss?uid=swg1pk99482

Trust: 1.6

url:http://secunia.com/advisories/37152

Trust: 1.6

url:http://www.ubuntu.com/usn/usn-813-2

Trust: 1.6

url:http://secunia.com/advisories/37221

Trust: 1.6

url:http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html

Trust: 1.6

url:http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/memory/unix/apr_pools.c?r1=585356&r2=800733

Trust: 1.6

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a9958

Trust: 1.6

url:http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/misc/apr_rmm.c?r1=647687&r2=800735

Trust: 1.6

url:http://secunia.com/advisories/36166

Trust: 1.6

url:http://www.vupen.com/english/advisories/2009/3184

Trust: 1.6

url:https://www.redhat.com/archives/fedora-package-announce/2009-august/msg00353.html

Trust: 1.6

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a8394

Trust: 1.6

url:http://www.vupen.com/english/advisories/2010/1107

Trust: 1.6

url:http://secunia.com/advisories/36233

Trust: 1.6

url:http://www.mandriva.com/security/advisories?name=mdvsa-2009:195

Trust: 1.6

url:http://lists.apple.com/archives/security-announce/2009/nov/msg00000.html

Trust: 1.6

url:http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html

Trust: 1.6

url:http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/memory/unix/apr_pools.c?r1=678140&r2=800732

Trust: 1.6

url:https://www.redhat.com/archives/fedora-package-announce/2009-august/msg00320.html

Trust: 1.6

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2412

Trust: 1.1

url:https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2412

Trust: 0.8

url:http://blogs.sun.com/security/entry/cve_2010_0740_record_of

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2009-2412

Trust: 0.6

url:httpd.apache.org%3e

Trust: 0.6

url:https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3ccvs.

Trust: 0.6

url:https://access.redhat.com/errata/rhsa-2009:1204

Trust: 0.6

url:https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3ccvs.

Trust: 0.6

url:https://access.redhat.com/errata/rhsa-2009:1205

Trust: 0.6

url:https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3ccvs.

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2009-2412

Trust: 0.6

url:https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3ccvs.

Trust: 0.6

url:https://access.redhat.com/errata/rhsa-2009:1462

Trust: 0.6

url:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7@%3ccvs.

Trust: 0.6

url:https://bugzilla.redhat.com/show_bug.cgi?id=515698

Trust: 0.6

url:https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.

Trust: 0.6

url:https://access.redhat.com/errata/rhsa-2010:0602

Trust: 0.6

url:https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3ccvs.

Trust: 0.6

url:http://www.mail-archive.com/dev@httpd.apache.org/msg44737.html

Trust: 0.3

url:http://apr.apache.org/

Trust: 0.3

url:http://www.apache.org/dist/httpd/changes_2.2.13

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg1pk96157

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg1pm10658

Trust: 0.3

url:http://www.fujitsu.com/global/support/software/security/products-f/interstage-201103e.html

Trust: 0.3

url:http://rhn.redhat.com/errata/rhsa-2009-1204.html

Trust: 0.3

url:http://rhn.redhat.com/errata/rhsa-2009-1462.html

Trust: 0.3

url:https://kb.bluecoat.com/index?page=content&id=sa61&actp=list

Trust: 0.3

url:http://www.mandriva.com/security/

Trust: 0.2

url:http://www.mandriva.com/security/advisories

Trust: 0.2

url:http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-7ubuntu0.3_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-8ubuntu0.3_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-8ubuntu0.3_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-3ubuntu0.2_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8ubuntu0.3_lpia.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-3ubuntu0.2_lpia.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-7ubuntu0.3_sparc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8ubuntu0.3_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8ubuntu0.3_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-3ubuntu0.2_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-8ubuntu0.3_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-3ubuntu0.2_sparc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8ubuntu0.3_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8ubuntu0.3_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg-7ubuntu0.3.diff.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-3ubuntu0.2_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-3ubuntu0.2_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-7ubuntu0.3_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8ubuntu0.3_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-8ubuntu0.3_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-3ubuntu0.2_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg.orig.tar.gz

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-3ubuntu0.2_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-3ubuntu0.2_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8ubuntu0.3_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg-3ubuntu0.2.dsc

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8ubuntu0.3_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-3ubuntu0.2_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-3ubuntu0.2_lpia.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-7ubuntu0.3_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg-7ubuntu0.3.dsc

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8ubuntu0.3_lpia.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-7ubuntu0.3_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg-3ubuntu0.2.diff.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg-8ubuntu0.3.diff.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg-8ubuntu0.3.dsc

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-7ubuntu0.3_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-7ubuntu0.3_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-7ubuntu0.3_sparc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-7ubuntu0.3_lpia.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-7ubuntu0.3_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8ubuntu0.3_sparc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-3ubuntu0.2_sparc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-3ubuntu0.2_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-7ubuntu0.3_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-7ubuntu0.3_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-7ubuntu0.3_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-7ubuntu0.3_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-8ubuntu0.3_sparc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-7ubuntu0.3_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-3ubuntu0.2_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-3ubuntu0.2_powerpc.deb

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-0023

Trust: 0.1

url:http://secunia.com/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1956

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0023

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1955

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1956

Trust: 0.1

url:http://lists.grok.org.uk/full-disclosure-charter.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1955

Trust: 0.1

url:http://www.apache.org/dist/apr/patches/>.

Trust: 0.1

url:http://subversion.tigris.org/project_packages.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-2411

Trust: 0.1

url:http://subversion.tigris.org/security/cve-2009-2411-advisory.txt)

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://security.gentoo.org/

Trust: 0.1

url:http://security.gentoo.org/glsa/glsa-200909-03.xml

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.7_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7.dsc

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7.diff.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_amd64.deb

Trust: 0.1

sources: BID: 35949 // JVNDB: JVNDB-2009-002016 // PACKETSTORM: 80228 // PACKETSTORM: 80125 // PACKETSTORM: 83432 // PACKETSTORM: 80232 // PACKETSTORM: 81085 // PACKETSTORM: 80227 // CNNVD: CNNVD-200908-530 // NVD: CVE-2009-2412

CREDITS

Matt Lewis※ mattlewis@google.com

Trust: 0.6

sources: CNNVD: CNNVD-200908-530

SOURCES

db:BIDid:35949
db:JVNDBid:JVNDB-2009-002016
db:PACKETSTORMid:80228
db:PACKETSTORMid:80125
db:PACKETSTORMid:83432
db:PACKETSTORMid:80232
db:PACKETSTORMid:81085
db:PACKETSTORMid:80227
db:CNNVDid:CNNVD-200908-530
db:NVDid:CVE-2009-2412

LAST UPDATE DATE

2024-11-21T21:35:27.733000+00:00


SOURCES UPDATE DATE

db:BIDid:35949date:2015-04-13T21:40:00
db:JVNDBid:JVNDB-2009-002016date:2011-11-24T00:00:00
db:CNNVDid:CNNVD-200908-530date:2023-04-28T00:00:00
db:NVDid:CVE-2009-2412date:2023-11-07T02:04:07.420

SOURCES RELEASE DATE

db:BIDid:35949date:2009-08-05T00:00:00
db:JVNDBid:JVNDB-2009-002016date:2009-09-17T00:00:00
db:PACKETSTORMid:80228date:2009-08-11T01:29:50
db:PACKETSTORMid:80125date:2009-08-07T15:40:27
db:PACKETSTORMid:83432date:2009-12-04T06:31:56
db:PACKETSTORMid:80232date:2009-08-11T01:34:56
db:PACKETSTORMid:81085date:2009-09-10T00:41:18
db:PACKETSTORMid:80227date:2009-08-11T01:24:32
db:CNNVDid:CNNVD-200908-530date:2009-08-06T00:00:00
db:NVDid:CVE-2009-2412date:2009-08-06T15:30:00.280