FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2009-0689

This CVE name corresponds to:

Entered Topic
2015-12-31 mono -- DoS and code execution
2010-03-19 mozilla -- multiple vulnerabilities
2009-12-01 opera -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2009-0689 at cve.mitre.org

Details

Type Candidate
Name CVE-2009-0689
Phase Assigned(20090222)

Description

Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.

References

Source Reference
SREASONRES 20090625 Multiple Vendors libc/gdtoa printf(3) Array Overrun
SREASONRES 20091120 K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution)
SREASONRES 20091120 Opera 10.01 Remote Array Overrun (Arbitrary code execution)
SREASONRES 20091120 SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution)
SREASONRES 20091211 Sunbird 0.9 Array Overrun (code execution)
SREASONRES 20091211 Thunderbird 2.0.0.23 (lib) Remote Array Overrun (Arbitrary code execution)
SREASONRES 20091030 Multiple BSD printf(1) and multiple dtoa/*printf(3) vulnerabilities
SREASONRES 20091211 Camino 1.6.10 Remote Array Overrun (Arbitrary code execution)
SREASONRES 20091211 Flock 2.5.2 Remote Array Overrun (Arbitrary code execution)
SREASONRES 20100108 MacOS X 10.5/10.6 libc/strtod(3) buffer overflow
BUGTRAQ 20091120 K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution)
BUGTRAQ 20091120 SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution)
BUGTRAQ 20091210 Camino 1.6.10 Remote Array Overrun (Arbitrary code execution)
BUGTRAQ 20091210 Flock 2.5.2 Remote Array Overrun (Arbitrary code execution)
MISC http://secunia.com/secunia_research/2009-35/
CONFIRM http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gdtoa/gdtoaimp.h
CONFIRM http://www.mozilla.org/security/announce/2009/mfsa2009-59.html
CONFIRM http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/misc.c
CONFIRM http://www.opera.com/support/kb/view/942/
CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=516396
CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=516862
CONFIRM http://support.apple.com/kb/HT4077
CONFIRM http://support.apple.com/kb/HT4225
APPLE APPLE-SA-2010-03-29-1
APPLE APPLE-SA-2010-06-21-1
MANDRIVA MDVSA-2009:294
MANDRIVA MDVSA-2009:330
REDHAT RHSA-2009:1601
REDHAT RHSA-2010:0153
REDHAT RHSA-2010:0154
REDHAT RHSA-2014:0311
REDHAT RHSA-2014:0312
SUNALERT 272909
SUSE SUSE-SR:2009:018
SUSE SUSE-SR:2010:013
UBUNTU USN-915-1
BID 35510
OVAL oval:org.mitre.oval:def:6528
OVAL oval:org.mitre.oval:def:9541
SECTRACK 1022478
SECUNIA 37431
SECUNIA 37682
SECUNIA 37683
SECUNIA 38066
SECUNIA 39001
SECUNIA 38977
VUPEN ADV-2009-3297
VUPEN ADV-2009-3299
VUPEN ADV-2009-3334
VUPEN ADV-2010-0094
VUPEN ADV-2010-0648
VUPEN ADV-2010-0650

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.