Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0363

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2009-0363
Last Modified 17 Mar 2010 12:00:00
Published 17 Feb 2009 12:30:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-0363

Summary

Multiple buffer overflows in (a) BarnOwl before 1.0.5 and (b) owl 2.1.11 allow remote attackers to execute arbitrary code via vectors involving (1) a crafted zcrypt message, related to zcrypt.c; (2) a reply command on a message with a Zephyr Cc: list, related to zwrite.c; and unspecified other use of the products.

Vulnerable Systems

Application

  • Barnowl 1.0.0

  • Barnowl 1.0.1

  • Barnowl 1.0.2

  • Barnowl 1.0.2.1

  • Barnowl 1.0.3

  • Barnowl 1.0.4

  • Barnowl 1.0.4.1

  • Ktools Owl 2.1.11


References

CONFIRM - https://bugs.launchpad.net/ubuntu/+source/owl/+bug/329165

XF - barnowl-owl-zcrypt-bo(48824)

MLIST - [debian-testing-security-announce] 20090213 Security update for Debian Testing - 2009-02-14

CONFIRM - http://bugs.debian.org/515118

CONFIRM - http://barnowl.mit.edu/wiki/barnowl-1.0.5-announce

CONFIRM - http://barnowl.mit.edu/browser/ChangeLog


Last Updated: 27 May 2016 10:50:12