Weekly Vulnerabilities Reports > January 26 to February 1, 2009
Overview
2 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 2 high severity vulnerabilities. This weekly summary report vulnerabilities in 3 products from 3 vendors including Vmware, ISC, and Gratisoft. Vulnerabilities are notably categorized as "Unchecked Return Value", and "Incorrect Authorization".
- 1 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities are exploitable by an anonymous user.
- Vmware has the most reported vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
0 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|
2 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-01-30 | CVE-2009-0034 | Gratisoft Vmware | Incorrect Authorization vulnerability in multiple products parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. | 7.8 |
2009-01-26 | CVE-2009-0265 | ISC | Unchecked Return Value vulnerability in ISC Bind Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and CVE-2009-0025. | 7.5 |
0 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|
0 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|