Signature Detail
Short Name |
HTTP:STC:DTOA-MC |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Multiple Web Browsers dtoa Memory Corruption |
Release Date |
2012/11/05 |
Update Number |
2200 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Multiple Web Browsers dtoa Memory Corruption
This signature detects attempts to exploit a known vulnerability against various versions of Mozilla Firefox and Opera. A successful attack can lead to memory corruption and arbitrary code execution. Failed attempts could result in a denial of service condition.
Extended Description
Multiple BSD distributions are prone to a memory-corruption vulnerability because the software fails to properly bounds-check data used as an array index. Attackers may exploit this issue to execute arbitrary code within the context of affected applications. The following are vulnerable: OpenBSD 4.5 NetBSD 5.0 FreeBSD 6.4 and 7.2 Other software based on the BSD code base may also be affected.
Affected Products
- Apple Mac OS X 10.5.8
- Apple Mac OS X 10.6
- Apple Mac OS X 10.6.1
- Apple Mac OS X 10.6.2
- Apple Mac OS X Server 10.5.8
- Apple Mac OS X Server 10.6
- Apple Mac OS X Server 10.6.1
- Apple Mac OS X Server 10.6.2
- Debian Linux 5.0
- Debian Linux 5.0 Alpha
- Debian Linux 5.0 Amd64
- Debian Linux 5.0 Arm
- Debian Linux 5.0 Armel
- Debian Linux 5.0 Hppa
- Debian Linux 5.0 Ia-32
- Debian Linux 5.0 Ia-64
- Debian Linux 5.0 M68k
- Debian Linux 5.0 Mips
- Debian Linux 5.0 Mipsel
- Debian Linux 5.0 Powerpc
- Debian Linux 5.0 S/390
- Debian Linux 5.0 Sparc
- Flock 2.5.2
- FreeBSD 6.4 -RELEASE
- FreeBSD 6.4-RELEASE-P2
- FreeBSD 6.4 -RELEASE-P3
- FreeBSD 6.4-RELEASE-P4
- FreeBSD 6.4-RELEASE-P5
- FreeBSD 6.4 -STABLE
- FreeBSD 7.2-PRERELEASE
- FreeBSD 7.2-RC2
- FreeBSD 7.2-RELEASE-P1
- FreeBSD 7.2-STABLE
- Jsoftware J 6.02.023
- Mandriva Corporate Server 4.0
- Mandriva Corporate Server 4.0.0 X86 64
- Mandriva Linux Mandrake 2008.0
- Mandriva Linux Mandrake 2008.0 X86 64
- Mandriva Linux Mandrake 2009.1
- Mandriva Linux Mandrake 2009.1 X86 64
- Mandriva Linux Mandrake 2010.0
- Mandriva Linux Mandrake 2010.0 X86 64
- Mozilla Camino 1.6.10
- Mozilla Sunbird 0.9
- Mozilla Thunderbird 2.0.0.23
- NetBSD 5.0
- OpenBSD 4.5
- Red Hat Enterprise Linux 5 Server
- Red Hat Enterprise Linux Desktop Version 4
- Red Hat Enterprise Linux AS 4
- Red Hat Enterprise Linux Desktop 5 Client
- Red Hat Enterprise Linux Desktop Workstation 5 Client
- Red Hat Enterprise Linux ES 4
- Red Hat Enterprise Linux WS 4
- Ubuntu Ubuntu Linux 8.04 LTS Amd64
- Ubuntu Ubuntu Linux 8.04 LTS I386
- Ubuntu Ubuntu Linux 8.04 LTS Lpia
- Ubuntu Ubuntu Linux 8.04 LTS Powerpc
- Ubuntu Ubuntu Linux 8.04 LTS Sparc
- Ubuntu Ubuntu Linux 8.10 Amd64
- Ubuntu Ubuntu Linux 8.10 I386
- Ubuntu Ubuntu Linux 8.10 Lpia
- Ubuntu Ubuntu Linux 8.10 Powerpc
- Ubuntu Ubuntu Linux 8.10 Sparc
- Ubuntu Ubuntu Linux 9.04 Amd64
- Ubuntu Ubuntu Linux 9.04 I386
- Ubuntu Ubuntu Linux 9.04 Lpia
- Ubuntu Ubuntu Linux 9.04 Powerpc
- Ubuntu Ubuntu Linux 9.04 Sparc
- Ubuntu Ubuntu Linux 9.10 Amd64
- Ubuntu Ubuntu Linux 9.10 I386
- Ubuntu Ubuntu Linux 9.10 Lpia
- Ubuntu Ubuntu Linux 9.10 Powerpc
- Ubuntu Ubuntu Linux 9.10 Sparc
References
- BugTraq: 35510
- CVE: CVE-2009-0689