Overview
The ISC DHCP dhclient application contains a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code with root privileges.
Description
As described in RFC 2131, "The Dynamic Host Configuration Protocol (DHCP) provides a framework for passing configuration information to hosts on a TCP/IP network." ISC DHCP is a reference implementation of the DHCP protocol, including a DHCP server, client, and relay agent. The ISC DHCP client code (dhclient) contains a stack buffer overflow in the script_write_params() method. dhclient fails to check the length of the server-supplied subnet-mask option before copying it into a buffer. According to ISC, the following versions are affected: |
Impact
A rogue DHCP server may be able to execute arbitrary code with root privileges on a vulnerable client system. |
Solution
Apply a patch or update from your vendor For vendor-specific information regarding vulnerable status and patch availability, please see the Systems Affected section of this document. |
Vendor Information
Gentoo Linux Affected
Notified: June 23, 2009 Updated: July 14, 2009
Statement Date: July 14, 2009
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
Gentoo: vulnerable, fixed in net-misc/dhcp-3.1.1-r1
Vendor References
Internet Security Systems, Inc. Affected
Notified: June 23, 2009 Updated: July 15, 2009
Statement Date: July 15, 2009
Status
Affected
Vendor Statement
IBM Internet Security Systems has identified some ISS products that are vulnerable to CVE-2009-0692. Critical Product Updates, Security Patches, and Content Updates were made available on July 14, 2009 to fix the ISC DHCP Client vulnerability that affects multiple IBM ISS products.
For more information about the vulnerability including IBM ISS Intrusion Prevention/Intrusion Detection coverage for the issue, see the ISC DHCP Client Buffer Overflow X-Force Protection Alert.
For more information about ISS product updates and patches including a list of affected products and versions, see ISS Knowledgebase Article 5563.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Vendor References
NetBSD Affected
Notified: June 23, 2009 Updated: July 15, 2009
Statement Date: July 15, 2009
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Vendor References
Addendum
Please see NetBSD-SA2009-010.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Red Hat, Inc. Affected
Notified: June 23, 2009 Updated: July 16, 2009
Statement Date: June 30, 2009
Status
Affected
Vendor Statement
This issue affected the dhcp packages as shipped with Red Hat Enterprise Linux 3 and 4. Updated packages to correct this issue are available via Red Hat Network:
https://rhn.redhat.com/errata/CVE-2009-0692.html
This issue did not affect the dhcp packages as shipped with Red Hat Enterprise Linux 5 due to the use of FORTIFY_SOURCE protection mechanism that changes the exploitability of the issue into a controlled application termination.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Vendor References
Ubuntu Affected
Notified: June 23, 2009 Updated: July 14, 2009
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Vendor References
Addendum
Please see: http://www.ubuntu.com/usn/usn-803-1.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Apple Inc. Not Affected
Notified: June 23, 2009 Updated: June 24, 2009
Statement Date: June 23, 2009
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Apple does not ship dhclient in Mac OS X.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Computer Associates eTrust Security Management Not Affected
Notified: June 23, 2009 Updated: June 25, 2009
Statement Date: June 25, 2009
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Force10 Networks, Inc. Not Affected
Notified: June 23, 2009 Updated: July 14, 2009
Statement Date: July 15, 2009
Status
Not Affected
Vendor Statement
Force10 Networks products are not vulnerable to this threat.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Infoblox Not Affected
Notified: June 23, 2009 Updated: July 29, 2009
Status
Not Affected
Vendor Statement
Infoblox is not vulnerable to this threat.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Microsoft Corporation Not Affected
Notified: June 23, 2009 Updated: June 24, 2009
Statement Date: June 24, 2009
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Microsoft's DHCP implementation is not vulnerable.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
PePLink Not Affected
Notified: June 23, 2009 Updated: July 20, 2009
Statement Date: June 24, 2009
Status
Not Affected
Vendor Statement
Peplink products do not make use of ISC dhcpc.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
QNX, Software Systems, Inc. Not Affected
Notified: June 23, 2009 Updated: July 07, 2009
Statement Date: July 07, 2009
Status
Not Affected
Vendor Statement
QNX has investigated its DHCP client software and determined that both the QNX 4 and Neutrino Operating System DHCP client software is not vulnerable to the issue described in VU#410676.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
SafeNet Not Affected
Notified: June 23, 2009 Updated: July 03, 2009
Statement Date: July 02, 2009
Status
Not Affected
Vendor Statement
SafeNet has reviewed its products and determined that none are vulnerable.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
SmoothWall Not Affected
Notified: June 23, 2009 Updated: June 25, 2009
Statement Date: June 25, 2009
Status
Not Affected
Vendor Statement
We do not use the ISC DHCP client code and are therefore NOT VULNERABLE to any exploits in it.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Sun Microsystems, Inc. Not Affected
Notified: June 23, 2009 Updated: June 26, 2009
Statement Date: June 26, 2009
Status
Not Affected
Vendor Statement
Solaris DHCP client implementation is not vulnerable to the issue mentioned in CVE-2009-0692
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
The SCO Group Not Affected
Notified: June 23, 2009 Updated: June 30, 2009
Statement Date: June 30, 2009
Status
Not Affected
Vendor Statement
The SCO Operating System implementations of DHCP are based on ISC DHCP and are not affected by this vulnerability.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Wind River Systems, Inc. Not Affected
Notified: June 23, 2009 Updated: June 29, 2009
Statement Date: June 29, 2009
Status
Not Affected
Vendor Statement
VU#410676 is not applicable to Wind River VxWorks.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
3com, Inc. Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
ACCESS Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
AT&T Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Alcatel-Lucent Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Avaya, Inc. Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Barracuda Networks Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Belkin, Inc. Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Borderware Technologies Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Bro Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Charlotte's Web Networks Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Check Point Software Technologies Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Cisco Systems, Inc. Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Clavister Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Computer Associates Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Conectiva Inc. Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Cray Inc. Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
D-Link Systems, Inc. Unknown
Notified: June 26, 2009 Updated: June 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Debian GNU/Linux Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
DragonFly BSD Project Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
EMC Corporation Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Engarde Secure Linux Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Enterasys Networks Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Ericsson Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Extreme Networks Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
F5 Networks, Inc. Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Fedora Project Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Fortinet, Inc. Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Foundry Networks, Inc. Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
FreeBSD, Inc. Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Fujitsu Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Global Technology Associates Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Hewlett-Packard Company Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Hitachi Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
IBM Corporation Unknown
Notified: June 25, 2009 Updated: June 24, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
IBM eServer Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
IP Filter Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Intel Corporation Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Internet Systems Consortium Unknown
Notified: June 24, 2009 Updated: June 24, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Internet Systems Consortium - DHCP Unknown
Notified: June 24, 2009 Updated: June 24, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Intoto Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Juniper Networks, Inc. Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Luminous Networks Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Mandriva S. A. Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
McAfee Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
MontaVista Software, Inc. Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Multitech, Inc. Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
NEC Corporation Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
NetApp Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Nokia Unknown
Notified: June 25, 2009 Updated: June 25, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Nortel Networks, Inc. Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Novell, Inc. Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Openwall GNU/*/Linux Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Process Software Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Q1 Labs Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Quagga Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
RadWare, Inc. Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Redback Networks, Inc. Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
SUSE Linux Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Secureworx, Inc. Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Silicon Graphics, Inc. Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Slackware Linux Inc. Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Snort Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Soapstone Networks Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Sony Corporation Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Sourcefire Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Stonesoft Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Symantec Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
TippingPoint, Technologies, Inc. Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Turbolinux Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
U4EA Technologies, Inc. Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Unisys Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
VMware Unknown
Notified: June 29, 2009 Updated: June 29, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vyatta Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Watchguard Technologies, Inc. Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
ZyXEL Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
eSoft, Inc. Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
m0n0wall Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
netfilter Unknown
Notified: June 23, 2009 Updated: June 23, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This vulnerability was reported by ISC, who in turn credit the Mandriva Linux Engineering Team with discovering and reporting the vulnerability.
This document was written by Will Dormann.
Other Information
| CVE IDs: | CVE-2009-0692 |
| Severity Metric: | 19.95 |
| Date Public: | 2009-07-14 |
| Date First Published: | 2009-07-14 |
| Date Last Updated: | 2009-07-29 16:45 UTC |
| Document Revision: | 27 |