| The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them. |
|
 |
|
|
|
vulnerability note CVE-2009-2483
NetBSD: denial of service via proplib
Synthesis of the vulnerability
| A local attacker can stop applications or drivers using proplib. |
Severity: 1/4.
Creation date: 24/06/2009.
|
Impacted products
Description of the vulnerability
The proplib library is used to manipulate property lists (plist), using booleans (true, false), integers (integer, real) or strings (string), stored in an XML tree.
The _prop_object_internalize_by_tag() function of the src/common/lib/libprop/prop_object.c file reads XML tags. However, when an XML tag is not standard (such as "<number>"), this function dereferences the poi->poi_tag pointer which is NULL. This error stops the program.
A local attacker can therefore stop applications or drivers using proplib. |
Share this bulletin
Complete Vigil@nce bulletin
Characteristics
Title: NetBSD: denial of service via proplib.
Keywords: NULL NetBSD XML _prop_object_internalize_by_tag denial poi_tag prop_object proplib service.
Identifiers: BID-35466, CVE-2009-2483, NetBSD-SA2009-003, VIGILANCE-VUL-8819.
|
Information sources
Solutions for this vulnerability
Supplements
Computer vulnerabilities tracking service
Vigil@nce provides an applications vulnerabilities alert. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.
|
