ID

VAR-201401-0088


CVE

CVE-2013-2139


TITLE

SRTP of Libsrtp of srtp.c Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2013-005852

DESCRIPTION

Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service (crash) via vectors related to a length inconsistency in the crypto_policy_set_from_profile_for_rtp and srtp_protect functions. libsrtp is prone to a buffer-overflow vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. RTP is used for Voice over IP (VoIP) and audio and video streaming. SRTP adds privacy and authentication. There are buffer overflow vulnerabilities in the 'crypto_policy_set_from_profile_for_rtp' and 'srtp_protect' functions in the srtp.c file of the libsrtp library in srtp 1.4.5 and earlier versions. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2139 http://advisories.mageia.org/MGASA-2014-0465.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: e0447c9fa33ab8edce9657a5dce43fc7 mbs1/x86_64/srtp-1.4.4-3.1.mbs1.x86_64.rpm 745fcb1bd29913e979132a27511dd807 mbs1/SRPMS/srtp-1.4.4-3.1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2840-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso January 10, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : srtp Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE ID : CVE-2013-2139 Debian Bug : 711163 Fernando Russ from Groundworks Technologies reported a buffer overflow flaw in srtp, Cisco's reference implementation of the Secure Real-time Transport Protocol (SRTP), in how the crypto_policy_set_from_profile_for_rtp() function applies cryptographic profiles to an srtp_policy. For the oldstable distribution (squeeze), this problem has been fixed in version 1.4.4~dfsg-6+deb6u1. For the stable distribution (wheezy), this problem has been fixed in version 1.4.4+20100615~dfsg-2+deb7u1. For the testing distribution (jessie), this problem has been fixed in version 1.4.5~20130609~dfsg-1. For the unstable distribution (sid), this problem has been fixed in version 1.4.5~20130609~dfsg-1. We recommend that you upgrade your srtp packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: libsrtp security and bug fix update Advisory ID: RHSA-2020:3873-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:3873 Issue date: 2020-09-29 CVE Names: CVE-2013-2139 CVE-2015-6360 ==================================================================== 1. Summary: An update for libsrtp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The libsrtp package provides an implementation of the Secure Real-time Transport Protocol (SRTP), the Universal Security Transform (UST), and a supporting cryptographic kernel. Security Fix(es): * libsrtp: improper handling of CSRC count and extension header length in RTP header (CVE-2015-6360) * libsrtp: buffer overflow in application of crypto profiles (CVE-2013-2139) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 970697 - CVE-2013-2139 libsrtp: buffer overflow in application of crypto profiles 1301202 - libsrtp global-buffer-overflow 1323702 - CVE-2015-6360 libsrtp: improper handling of CSRC count and extension header length in RTP header 1323705 - CVE-2015-6360 libsrtp: improper handling of CSRC count and extension header length in RTP header [rhel-7] 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: libsrtp-1.4.4-11.20101004cvs.el7.src.rpm x86_64: libsrtp-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-1.4.4-11.20101004cvs.el7.x86_64.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.x86_64.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: libsrtp-1.4.4-11.20101004cvs.el7.src.rpm x86_64: libsrtp-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-1.4.4-11.20101004cvs.el7.x86_64.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.x86_64.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libsrtp-1.4.4-11.20101004cvs.el7.src.rpm ppc64: libsrtp-1.4.4-11.20101004cvs.el7.ppc.rpm libsrtp-1.4.4-11.20101004cvs.el7.ppc64.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.ppc.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.ppc64.rpm ppc64le: libsrtp-1.4.4-11.20101004cvs.el7.ppc64le.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.ppc64le.rpm s390x: libsrtp-1.4.4-11.20101004cvs.el7.s390.rpm libsrtp-1.4.4-11.20101004cvs.el7.s390x.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.s390.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.s390x.rpm x86_64: libsrtp-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-1.4.4-11.20101004cvs.el7.x86_64.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.ppc.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.ppc64.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.ppc.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.ppc64.rpm ppc64le: libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.ppc64le.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.ppc64le.rpm s390x: libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.s390.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.s390x.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.s390.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.s390x.rpm x86_64: libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.x86_64.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libsrtp-1.4.4-11.20101004cvs.el7.src.rpm x86_64: libsrtp-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-1.4.4-11.20101004cvs.el7.x86_64.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.x86_64.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2013-2139 https://access.redhat.com/security/cve/CVE-2015-6360 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX3OeoNzjgjWX9erEAQiDzQ/+IXUAdmMRlgeg/t8Z+ApQ4ur4BxO/WRBl 5Nd8anDnQzl3uduHgXz7AcsbON2M/jWq5xUfgdydHT8fEQ7g814QbTeNMsbEQ1zS Cuv1XztiGKy5fY5my3P80+kM+tL5uFfZ22oJqpSfS7sqGFzWEl1j+TldgURSva1G XbNudX77Gp975wMDVPJlA9S9Puf59Cz6DQaoYu5Fqzwka8z1RWOdR1IfFlAcBGrO NODvSxOZB+FDzvwikgoVTNay+e7ct+Yb1Ygg1nsGjyexinkchiuKDX2Mnv1Sc/JP vaHARZmpN6llZ8Vo++hd8WGFhsIzocqF0dposlj/PmtuoFydu7x5zpluEFc2mVaM pNCwzggc8BforUdoo6z27qqpiU0o/eTmVR97Jtbzm5BTs+28IGwg6iz374VdoAeP wy1XTj2WBw0ys+0UVkAxwiSWit6RuPRhRf85B7IPsW1BwkvPm4nAi45+50cTUQ5S PldnrWd9VILcfmj1ThdevaiFjkHrAZE4HFRxd1V3uIdIwZyvtP7w4wrt8ma51CyZ isP53JER/PhJY4du3deCo4qqca5SyecLTj/gbqXoPQFn6ppUbNacWPwadjDRA5Nu qPQVoSW8Z+L91vtqM+SGapuxNN0OuqiPFcWOlMyrM8R8MqKIhTQaTLQZE1vCJx5e AhxrRaOeyWw=X+yJ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201405-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libSRTP: Denial of Service Date: May 03, 2014 Bugs: #472302 ID: 201405-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability in libSRTP can result in a Denial of Service condition. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/libsrtp < 1.4.4_p20121108-r1>= 1.4.4_p20121108-r1 Description =========== A flaw was found in how the crypto_policy_set_from_profile_for_rtp() function applies cryptographic profiles to an srtp_policy in libSRTP. Workaround ========== There is no known workaround at this time. Resolution ========== All libSRTP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=net-libs/libsrtp-1.4.4_p20121108-r1" References ========== [ 1 ] CVE-2013-2139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2139 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201405-02.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Trust: 2.34

sources: NVD: CVE-2013-2139 // JVNDB: JVNDB-2013-005852 // BID: 60323 // VULHUB: VHN-62141 // PACKETSTORM: 129219 // PACKETSTORM: 124742 // PACKETSTORM: 159345 // PACKETSTORM: 126477

AFFECTED PRODUCTS

vendor:ciscomodel:libsrtpscope:lteversion:1.4.5

Trust: 1.8

vendor:ciscomodel:libsrtpscope:eqversion:1.4.0

Trust: 1.6

vendor:ciscomodel:libsrtpscope:eqversion:1.0.2

Trust: 1.6

vendor:ciscomodel:libsrtpscope:eqversion:1.4.1

Trust: 1.6

vendor:ciscomodel:libsrtpscope:eqversion:1.0.5

Trust: 1.6

vendor:ciscomodel:libsrtpscope:eqversion:1.0.4

Trust: 1.6

vendor:ciscomodel:libsrtpscope:eqversion:1.4.2

Trust: 1.6

vendor:ciscomodel:libsrtpscope:eqversion:1.3.20

Trust: 1.6

vendor:ciscomodel:libsrtpscope:eqversion:1.0.6

Trust: 1.6

vendor:ciscomodel:libsrtpscope:eqversion:1.0.1

Trust: 1.6

vendor:fedoraprojectmodel:fedorascope:eqversion:20

Trust: 1.0

vendor:ciscomodel:libsrtpscope:eqversion:1.4.4

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:19

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:18

Trust: 1.0

vendor:opensusemodel:opensusescope:eqversion:12.3

Trust: 1.0

vendor:opensusemodel:opensusescope:eqversion:13.1

Trust: 1.0

vendor:fedoramodel:fedorascope:eqversion:18

Trust: 0.8

vendor:fedoramodel:fedorascope:eqversion:19

Trust: 0.8

vendor:fedoramodel:fedorascope:eqversion:20

Trust: 0.8

vendor:novellmodel:opensusescope:eqversion:12.3

Trust: 0.8

vendor:mandrivamodel:business serverscope:eqversion:1x8664

Trust: 0.3

vendor:mandrivamodel:business serverscope:eqversion:1

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

vendor:ciscomodel:libsrtpscope:eqversion:0

Trust: 0.3

sources: BID: 60323 // JVNDB: JVNDB-2013-005852 // CNNVD: CNNVD-201306-056 // NVD: CVE-2013-2139

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-2139
value: LOW

Trust: 1.0

NVD: CVE-2013-2139
value: LOW

Trust: 0.8

CNNVD: CNNVD-201306-056
value: LOW

Trust: 0.6

VULHUB: VHN-62141
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2013-2139
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-62141
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-62141 // JVNDB: JVNDB-2013-005852 // CNNVD: CNNVD-201306-056 // NVD: CVE-2013-2139

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-62141 // JVNDB: JVNDB-2013-005852 // NVD: CVE-2013-2139

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 129219 // PACKETSTORM: 124742 // CNNVD: CNNVD-201306-056

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201306-056

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-005852

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-62141

PATCH

title:DSA-2840url:http://www.debian.org/security/2014/dsa-2840

Trust: 0.8

title:FEDORA-2013-24153url:http://lwn.net/Articles/579633/

Trust: 0.8

title:Docupdateurl:https://github.com/cisco/libsrtp/pull/27

Trust: 0.8

title:openSUSE-SU-2013:1258url:http://lists.opensuse.org/opensuse-updates/2013-07/msg00083.html

Trust: 0.8

title:Bug 970697url:https://bugzilla.redhat.com/show_bug.cgi?id=970697

Trust: 0.8

title:srtpurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=47629

Trust: 0.6

sources: JVNDB: JVNDB-2013-005852 // CNNVD: CNNVD-201306-056

EXTERNAL IDS

db:NVDid:CVE-2013-2139

Trust: 3.2

db:OSVDBid:93852

Trust: 1.1

db:PACKETSTORMid:159345

Trust: 0.8

db:JVNDBid:JVNDB-2013-005852

Trust: 0.8

db:CNNVDid:CNNVD-201306-056

Trust: 0.7

db:AUSCERTid:ESB-2020.3354

Trust: 0.6

db:BIDid:60323

Trust: 0.4

db:PACKETSTORMid:124742

Trust: 0.2

db:PACKETSTORMid:129219

Trust: 0.2

db:PACKETSTORMid:126477

Trust: 0.2

db:VULHUBid:VHN-62141

Trust: 0.1

sources: VULHUB: VHN-62141 // BID: 60323 // JVNDB: JVNDB-2013-005852 // PACKETSTORM: 129219 // PACKETSTORM: 124742 // PACKETSTORM: 159345 // PACKETSTORM: 126477 // CNNVD: CNNVD-201306-056 // NVD: CVE-2013-2139

REFERENCES

url:http://advisories.mageia.org/mgasa-2014-0465.html

Trust: 2.0

url:https://bugzilla.redhat.com/show_bug.cgi?id=970697

Trust: 1.4

url:http://seclists.org/fulldisclosure/2013/jun/10

Trust: 1.1

url:http://www.osvdb.org/93852

Trust: 1.1

url:http://www.debian.org/security/2014/dsa-2840

Trust: 1.1

url:http://lwn.net/articles/579633/

Trust: 1.1

url:http://www.mandriva.com/security/advisories?name=mdvsa-2014:219

Trust: 1.1

url:https://github.com/cisco/libsrtp/pull/27

Trust: 1.1

url:http://lists.opensuse.org/opensuse-updates/2013-07/msg00083.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-updates/2014-09/msg00059.html

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2139

Trust: 0.9

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2139

Trust: 0.8

url:https://packetstormsecurity.com/files/159345/red-hat-security-advisory-2020-3873-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3354/

Trust: 0.6

url:https://vigilance.fr/vulnerability/libsrtp-buffer-overflow-via-crypto-policy-set-from-profile-for-rtp-33458

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2013-2139

Trust: 0.4

url:https://github.com/cisco/libsrtp#readme

Trust: 0.3

url:https://github.com/cisco/libsrtp/issues/24

Trust: 0.3

url:http://www.mandriva.com/en/support/security/

Trust: 0.1

url:http://www.mandriva.com/en/support/security/advisories/

Trust: 0.1

url:http://www.debian.org/security/faq

Trust: 0.1

url:http://www.debian.org/security/

Trust: 0.1

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-6360

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2013-2139

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-6360

Trust: 0.1

url:https://bugzilla.redhat.com/):

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:3873

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:https://access.redhat.com/articles/11258

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.1

url:https://access.redhat.com/security/team/contact/

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://security.gentoo.org/glsa/glsa-201405-02.xml

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2139

Trust: 0.1

url:http://security.gentoo.org/

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

sources: VULHUB: VHN-62141 // BID: 60323 // JVNDB: JVNDB-2013-005852 // PACKETSTORM: 129219 // PACKETSTORM: 124742 // PACKETSTORM: 159345 // PACKETSTORM: 126477 // CNNVD: CNNVD-201306-056 // NVD: CVE-2013-2139

CREDITS

Red Hat

Trust: 0.7

sources: PACKETSTORM: 159345 // CNNVD: CNNVD-201306-056

SOURCES

db:VULHUBid:VHN-62141
db:BIDid:60323
db:JVNDBid:JVNDB-2013-005852
db:PACKETSTORMid:129219
db:PACKETSTORMid:124742
db:PACKETSTORMid:159345
db:PACKETSTORMid:126477
db:CNNVDid:CNNVD-201306-056
db:NVDid:CVE-2013-2139

LAST UPDATE DATE

2024-08-14T14:46:50.050000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-62141date:2018-10-30T00:00:00
db:BIDid:60323date:2015-04-13T22:20:00
db:JVNDBid:JVNDB-2013-005852date:2015-08-11T00:00:00
db:CNNVDid:CNNVD-201306-056date:2020-10-09T00:00:00
db:NVDid:CVE-2013-2139date:2018-10-30T16:27:34.687

SOURCES RELEASE DATE

db:VULHUBid:VHN-62141date:2014-01-16T00:00:00
db:BIDid:60323date:2013-06-04T00:00:00
db:JVNDBid:JVNDB-2013-005852date:2014-01-20T00:00:00
db:PACKETSTORMid:129219date:2014-11-21T18:56:48
db:PACKETSTORMid:124742date:2014-01-10T22:09:45
db:PACKETSTORMid:159345date:2020-09-30T15:42:49
db:PACKETSTORMid:126477date:2014-05-05T17:14:00
db:CNNVDid:CNNVD-201306-056date:2013-06-07T00:00:00
db:NVDid:CVE-2013-2139date:2014-01-16T05:05:23.947