Vulnerability CVE-2010-0409

Vulnerability Name:

CVE-2010-0409 (CCN-56060)

Assigned:

2010-01-31

Published:

2010-01-31

Updated:

2010-03-31

Summary:

Buffer overflow in the GMIME_UUENCODE_LEN macro in gmime/gmime-encodings.h in GMime before 2.4.15 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via input data for a uuencode operation.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-119

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2010-0409

Source: CONFIRM
Type: Patch
http://ftp.gnome.org/pub/GNOME/sources/gmime/2.4/gmime-2.4.14-2.4.15.diff.gz

Source: CCN
Type: GNOME Web site
gmime-2.4.15.changes

Source: CONFIRM
Type: UNKNOWN
http://ftp.gnome.org/pub/GNOME/sources/gmime/2.4/gmime-2.4.15.changes

Source: SUSE
Type: UNKNOWN
SUSE-SR:2010:006

Source: CCN
Type: SA38459
GMime Uuencode Size Macro Buffer Overflow Vulnerability

Source: SECUNIA
Type: UNKNOWN
38459

Source: SECUNIA
Type: UNKNOWN
38915

Source: CCN
Type: GMime Web site
GMime

Source: DEBIAN
Type: DSA-2082
gmime2.2 -- buffer overflow

Source: MLIST
Type: UNKNOWN
[oss-security] 20100203 CVE Request -- GMime-2.4.15

Source: MLIST
Type: UNKNOWN
[oss-security] 20100203 Re: CVE Request -- GMime-2.4.15

Source: CCN
Type: OSVDB ID: 62084
GMime gmime/gmime-encodings.h GMIME_UUENCODE_LEN() Macro Uuencode Operation Overflow

Source: CCN
Type: BID-38078
Gnome GMIME_UUENCODE_LEN() Macro Buffer Overflow Vulnerability

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=561457

Source: XF
Type: UNKNOWN
gmime-gmimeuuencodelen-bo(56060)

Source: SUSE
Type: SUSE-SR:2010:006
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:gnome:gmime:2.4.0:*:*:*:*:*:*:*

OR cpe:/a:gnome:gmime:2.4.1:*:*:*:*:*:*:*

OR cpe:/a:gnome:gmime:2.4.2:*:*:*:*:*:*:*

OR cpe:/a:gnome:gmime:2.4.3:*:*:*:*:*:*:*

OR cpe:/a:gnome:gmime:2.4.4:*:*:*:*:*:*:*

OR cpe:/a:gnome:gmime:2.4.5:*:*:*:*:*:*:*

OR cpe:/a:gnome:gmime:2.4.6:*:*:*:*:*:*:*

OR cpe:/a:gnome:gmime:2.4.7:*:*:*:*:*:*:*

OR cpe:/a:gnome:gmime:2.4.8:*:*:*:*:*:*:*

OR cpe:/a:gnome:gmime:2.4.9:*:*:*:*:*:*:*

OR cpe:/a:gnome:gmime:2.4.10:*:*:*:*:*:*:*

OR cpe:/a:gnome:gmime:2.4.11:*:*:*:*:*:*:*

OR cpe:/a:gnome:gmime:2.4.12:*:*:*:*:*:*:*

OR cpe:/a:gnome:gmime:2.4.13:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:42314	P	Security update for python3 (Important)	2022-07-11
oval:org.opensuse.security:def:20100409	V	CVE-2010-0409	2022-05-20
oval:org.opensuse.security:def:31375	P	Security update for libvirt (Important)	2022-01-10
oval:org.opensuse.security:def:31374	P	Security update for libsndfile (Important)	2022-01-05
oval:org.opensuse.security:def:31334	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:33061	P	Security update for glib-networking (Important)	2021-12-13
oval:org.opensuse.security:def:26175	P	Security update for xen (Moderate)	2021-12-01
oval:org.opensuse.security:def:26168	P	Security update for the Linux Kernel (Important)	2021-11-19
oval:org.opensuse.security:def:32213	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:31689	P	Security update for glibc (Moderate)	2021-10-06
oval:org.opensuse.security:def:31690	P	Security update for webkit2gtk3 (Important)	2021-10-06
oval:org.opensuse.security:def:32194	P	Security update for xen (Important)	2021-09-23
oval:org.opensuse.security:def:26136	P	Security update for gd (Moderate)	2021-09-23
oval:org.opensuse.security:def:31684	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:31263	P	Security update for libesmtp (Important)	2021-09-02
oval:org.opensuse.security:def:26112	P	Security update for sssd (Important)	2021-08-30
oval:org.opensuse.security:def:32170	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)	2021-08-25
oval:org.opensuse.security:def:42116	P	Security update for openssl-1_1 (Important)	2021-08-24
oval:org.opensuse.security:def:31242	P	Security update for djvulibre (Important)	2021-08-05
oval:org.opensuse.security:def:32150	P	Security update for the Linux Kernel (Important)	2021-07-22
oval:org.opensuse.security:def:29398	P	Security update for the Linux Kernel (Important)	2021-07-20
oval:org.opensuse.security:def:32128	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)	2021-06-18
oval:org.opensuse.security:def:31634	P	Security update for qemu (Important)	2021-06-08
oval:org.opensuse.security:def:36137	P	gmime-2.2.23-1.50.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36415	P	gmime-2_4-devel-2.4.8-1.2.55 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42544	P	gmime-2.2.23-1.50.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:31631	P	Security update for gstreamer-plugins-bad (Important)	2021-06-07
oval:org.opensuse.security:def:31189	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-06-04
oval:org.opensuse.security:def:29362	P	Security update for python3 (Important)	2021-05-17
oval:org.opensuse.security:def:32089	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:31615	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:26040	P	Security update for gdm (Important)	2021-04-28
oval:org.opensuse.security:def:26036	P	Security update for MozillaFirefox (Important)	2021-04-27
oval:org.opensuse.security:def:26028	P	Security update for xorg-x11-server (Important)	2021-04-13
oval:org.opensuse.security:def:31604	P	Security update for spamassassin (Important)	2021-04-12
oval:org.opensuse.security:def:31603	P	Security update for fwupdate (Important)	2021-04-08
oval:org.opensuse.security:def:33100	P	Security update for wavpack (Important)	2021-03-24
oval:org.opensuse.security:def:31741	P	Security update for wpa_supplicant (Important)	2021-03-09
oval:org.opensuse.security:def:32269	P	Security update for the Linux Kernel (Important)	2021-03-09
oval:org.opensuse.security:def:31739	P	Security update for openldap2 (Important)	2021-03-03
oval:org.opensuse.security:def:32263	P	Security update for java-1_8_0-ibm (Important)	2021-02-26
oval:org.opensuse.security:def:26189	P	Security update for subversion (Important)	2021-02-10
oval:org.opensuse.security:def:26087	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:31177	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:26034	P	Security update for openldap2 (Moderate)	2021-01-14
oval:org.opensuse.security:def:31178	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:25976	P	Security update for curl (Moderate)	2020-12-10
oval:org.opensuse.security:def:25971	P	Security update for fontforge (Moderate)	2020-12-04
oval:org.opensuse.security:def:41963	P	gmime-2.2.23-1.41.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35907	P	gmime-2.2.23-1.50.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35556	P	gmime-2.2.23-1.41.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35709	P	gmime-2.2.23-1.50.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:31025	P	Security update for java-1_7_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:28146	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:31478	P	Security update for puppet (Moderate)	2020-12-01
oval:org.opensuse.security:def:31844	P	Security update for clamav (Important)	2020-12-01
oval:org.opensuse.security:def:31950	P	Security update for grub2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32619	P	xpdf-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32379	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:25686	P	Security update for wicked (Important)	2020-12-01
oval:org.opensuse.security:def:25533	P	Security update for ed (Low)	2020-12-01
oval:org.opensuse.security:def:25602	P	Security update for java-1_7_1-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:26316	P	Recommended update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:26906	P	gmime on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31036	P	Security update for kdebase4-workspace	2020-12-01
oval:org.opensuse.security:def:28230	P	Security update for libtirpc (Moderate)	2020-12-01
oval:org.opensuse.security:def:31778	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:32482	P	NetworkManager-gnome on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31951	P	Security update for grub2 (Important)	2020-12-01
oval:org.opensuse.security:def:31821	P	Security update for avahi (Moderate)	2020-12-01
oval:org.opensuse.security:def:32407	P	Security update for wget (Moderate)	2020-12-01
oval:org.opensuse.security:def:32668	P	fvwm2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32773	P	postgresql on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25687	P	Security update for bluez (Important)	2020-12-01
oval:org.opensuse.security:def:25661	P	Security update for opensc (Low)	2020-12-01
oval:org.opensuse.security:def:26365	P	Security update of chromium (Important)	2020-12-01
oval:org.opensuse.security:def:26462	P	Security update for Mozilla Thunderbird (Important)	2020-12-01
oval:org.opensuse.security:def:31110	P	Security update for krb5	2020-12-01
oval:org.opensuse.security:def:28287	P	Security update for mysql (Moderate)	2020-12-01
oval:org.opensuse.security:def:31843	P	Security update for cairo (Moderate)	2020-12-01
oval:org.opensuse.security:def:31800	P	Security update for SuSEfirewall2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32521	P	gmime on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25107	P	Security update for openssl-1_1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31962	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:31913	P	Security update for gcc5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32563	P	libpulse-browse0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32707	P	libcgroup1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33411	P	Security update for salt (Moderate)	2020-12-01
oval:org.opensuse.security:def:25698	P	Security update for dpdk (Moderate)	2020-12-01
oval:org.opensuse.security:def:25742	P	Security update for ceph (Important)	2020-12-01
oval:org.opensuse.security:def:26263	P	Security update for libEMF (Important)	2020-12-01
oval:org.opensuse.security:def:26404	P	Security update for irssi (Moderate)	2020-12-01
oval:org.opensuse.security:def:27100	P	cpio on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31892	P	Security update for expat (Moderate)	2020-12-01
oval:org.opensuse.security:def:31997	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:25108	P	Security update for sssd (Moderate)	2020-12-01
oval:org.opensuse.security:def:32036	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31970	P	Security update for ipsec-tools (Moderate)	2020-12-01
oval:org.opensuse.security:def:25786	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:32729	P	librpcsecgss on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33450	P	Security update for gmime	2020-12-01
oval:org.opensuse.security:def:25964	P	Security update for libraw (Moderate)	2020-12-01
oval:org.opensuse.security:def:25762	P	Security update for Xerces-C (Moderate)	2020-12-01
oval:org.opensuse.security:def:25799	P	Security update for gcc48 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26594	P	libopensc2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26418	P	Security update for pdns-recursor (Moderate)	2020-12-01
oval:org.opensuse.security:def:27135	P	gmime on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31787	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:31931	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:32635	P	apache2-mod_php5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25119	P	Security update for libssh2_org (Moderate)	2020-12-01
oval:org.opensuse.security:def:25684	P	Security update for postgresql10 (Important)	2020-12-01
oval:org.opensuse.security:def:25825	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:26521	P	amavisd-new on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25965	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:25890	P	Security update for php5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26390	P	Security update for ark (Low)	2020-12-01
oval:org.opensuse.security:def:26643	P	systemtap on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26740	P	libarchive2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31391	P	Security update for pam (Moderate)	2020-12-01
oval:org.opensuse.security:def:32040	P	Security update for various KMPs (Moderate)	2020-12-01
oval:org.opensuse.security:def:31953	P	Security update for gstreamer-0_10-plugins-base (Moderate)	2020-12-01
oval:org.opensuse.security:def:32674	P	gmime on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25260	P	Security update for libzypp (Moderate)	2020-12-01
oval:org.opensuse.security:def:25183	P	Security update for libexif (Moderate)	2020-12-01
oval:org.opensuse.security:def:25737	P	Security update for libpng12 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25839	P	Security update for gimp (Moderate)	2020-12-01
oval:org.opensuse.security:def:26556	P	gmime on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26541	P	evince on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26682	P	cyrus-imapd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27378	P	build on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31395	P	Security update for perl	2020-12-01
oval:org.opensuse.security:def:31828	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:25261	P	Security update for python-cffi, python-cryptography (Moderate)	2020-12-01
oval:org.opensuse.security:def:25311	P	Security update for shim (Moderate)	2020-12-01
oval:org.opensuse.security:def:32320	P	Security update for rzsz (Moderate)	2020-12-01
oval:org.opensuse.security:def:25939	P	Security update for gstreamer-0_10-plugins-base (Moderate)	2020-12-01
oval:org.opensuse.security:def:27940	P	Security update for GraphicsMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:28576	P	Security update for libotr	2020-12-01
oval:org.opensuse.security:def:26696	P	file-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27413	P	gmime-2_4-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31386	P	Security update for openvpn-openssl1 (Important)	2020-12-01
oval:org.opensuse.security:def:31487	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:31984	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:32832	P	ark on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25272	P	Security update for vino (Moderate)	2020-12-01
oval:org.opensuse.security:def:25392	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:25837	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:25978	P	Security update for tcpdump, libpcap (Moderate)	2020-12-01
oval:org.opensuse.security:def:26674	P	boost-license on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27941	P	Security update for GraphicsMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:28371	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:28625	P	Security update for Image Magick	2020-12-01
oval:org.opensuse.security:def:28724	P	Security update for Linux kernel	2020-12-01
oval:org.opensuse.security:def:31460	P	Security update for postgresql94 (Important)	2020-12-01
oval:org.opensuse.security:def:31544	P	Security update for Samba	2020-12-01
oval:org.opensuse.security:def:32871	P	gmime on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25457	P	Security update for aspell (Moderate)	2020-12-01
oval:org.opensuse.security:def:25336	P	Security update for gcc10 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25449	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25992	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:26709	P	gmime on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27952	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:26249	P	Security update for libtomcrypt (Moderate)	2020-12-01
oval:org.opensuse.security:def:28523	P	Security update for openvpn-openssl1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:28664	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:31592	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:32057	P	Security update for kvm (Moderate)	2020-12-01
oval:org.opensuse.security:def:32318	P	Security update for rsync (Moderate)	2020-12-01
oval:org.opensuse.security:def:32423	P	Security update for wpa_supplicant (Moderate)	2020-12-01
oval:org.opensuse.security:def:25458	P	Security update for sqlite3 (Important)	2020-12-01
oval:org.opensuse.security:def:25464	P	Security update for java-11-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:25883	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26233	P	Security update for python-reportlab (Important)	2020-12-01
oval:org.opensuse.security:def:31024	P	Security update for java-1_7_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:28016	P	Security update for augeas (Moderate)	2020-12-01
oval:org.opensuse.security:def:26306	P	Security update for python-Jinja2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:28680	P	Security update for flash-player	2020-12-01
oval:org.opensuse.security:def:32357	P	Security update for squid3 (Important)	2020-12-01
oval:org.opensuse.security:def:25469	P	Security update for ncurses (Moderate)	2020-12-01
oval:org.opensuse.security:def:25545	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26871	P	bzip2 on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:12856	P	DSA-2082-1 gmime2.2 -- buffer overflow	2014-06-23
oval:org.debian:def:2082	V	buffer overflow	2010-08-02
oval:com.ubuntu.precise:def:20100409000	V	CVE-2010-0409 on Ubuntu 12.04 LTS (precise) - low.	2010-02-08

BACK