CVE-2009-1436
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
27/04/2009
Last modified:
09/04/2025
Description
The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and 7.2-PRERELEASE does not properly initialize memory for Berkeley DB 1.85 database structures, which allows local users to obtain sensitive information by reading a database file.
Impact
Base Score 2.0
4.90
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:freebsd:freebsd:6.3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:6.3:release_p10:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:6.4:*:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:6.4:release_p4:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:6.4:stable:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:7.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:7.0:release-p12:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:7.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:7.1:release-p5:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:7.2:pre-release:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10756
- http://osvdb.org/53918
- http://secunia.com/advisories/34810
- http://security.freebsd.org/advisories/FreeBSD-SA-09:07.libc.asc
- http://www.securityfocus.com/bid/34666
- http://www.securitytracker.com/id?1022113=
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10756
- http://osvdb.org/53918
- http://secunia.com/advisories/34810
- http://security.freebsd.org/advisories/FreeBSD-SA-09:07.libc.asc
- http://www.securityfocus.com/bid/34666
- http://www.securitytracker.com/id?1022113=