CVE - CVE-2009-0036

CVE-ID
CVE-2009-0036	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy.c in libvirt_proxy 0.5.1 might allow local users to gain privileges by sending a portion of the header of a virProxyPacket packet, and then sending the remainder of the packet with crafted values in the header, related to use of uninitialized memory in a validation check.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:33724 URL:http://www.securityfocus.com/bid/33724 MISC:34397 URL:http://secunia.com/advisories/34397 MISC:RHSA-2009:0382 URL:http://www.redhat.com/support/errata/RHSA-2009-0382.html MISC:[libvir-list] 20090127 [libvirt] [PATCH] proxy: Fix use of uninitalized memory URL:https://www.redhat.com/archives/libvir-list/2009-January/msg00699.html MISC:[libvir-list] 20090128 Re: [libvirt] [PATCH] proxy: Fix use of uninitalized memory URL:https://www.redhat.com/archives/libvir-list/2009-January/msg00726.html MISC:[libvir-list] 20090128 Re: [libvirt] [PATCH] proxy: Fix use of uninitalized memory URL:https://www.redhat.com/archives/libvir-list/2009-January/msg00728.html MISC:[oss-security] 20090210 libvirt_proxy heads up URL:http://openwall.com/lists/oss-security/2009/02/10/8 MISC:http://git.et.redhat.com/?p=libvirt.git%3Ba=commitdiff%3Bh=2bb0657e28 URL:http://git.et.redhat.com/?p=libvirt.git%3Ba=commitdiff%3Bh=2bb0657e28 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=484947 URL:https://bugzilla.redhat.com/show_bug.cgi?id=484947 MISC:oval:org.mitre.oval:def:10127 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10127
Assigning CNA
Red Hat, Inc.
Date Record Created
20081215	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20081215)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)