Mission and Overview
NVD is the U.S. government repository of standards based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA).
Resource Status
NVD contains:

Last updated: 5/28/2016 6:58:43 AM

CVE Publication rate: 20.23

Email List

NVD provides four mailing lists to the public. For information and subscription instructions please visit NVD Mailing Lists

Workload Index
Vulnerability Workload Index: 12.5
About Us
NVD is a product of the NIST Computer Security Division and is sponsored by the Department of Homeland Security's National Cyber Security Division. It supports the U.S. government multi-agency (OSD, DHS, NSA, DISA, and NIST) Information Security Automation Program. It is the U.S. government content repository for the Security Content Automation Protocol (SCAP).

National Cyber Awareness System

Vulnerability Summary for CVE-2009-4080

Original release date: 11/29/2009
Last revised: 12/19/2009
Source: US-CERT/NIST

Overview

Multiple unspecified vulnerabilities in ldap_cachemgr (aka the LDAP client configuration cache daemon) in Sun Solaris 9 and 10, and OpenSolaris before snv_78, allow local users to cause a denial of service (daemon crash) via vectors involving multiple serviceSearchDescriptor attributes and a call to the getldap_lookup function, and unspecified other vectors.

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score: 2.1 LOW
Impact Subscore: 2.9
Exploitability Subscore: 3.9
CVSS Version 2 Metrics:
Access Vector: Locally exploitable
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: SECTRACK
Name: 1023239
External Source: BID
Name: 37129
External Source: VUPEN
Name: ADV-2009-3336
External Source: CONFIRM
Name: http://sunsolve.sun.com/search/document.do?assetkey=1-21-112960-69-1
Type: Patch Information
External Source: SUNALERT
Name: 231402
Type: Advisory

Vulnerable software and versions

+ Configuration 1
+ OR
cpe:/o:sun:solaris:8
cpe:/o:sun:solaris:9
cpe:/o:sun:solaris:10
cpe:/o:sun:opensolaris:snv_01
cpe:/o:sun:opensolaris:snv_02
cpe:/o:sun:opensolaris:snv_03
cpe:/o:sun:opensolaris:snv_04
cpe:/o:sun:opensolaris:snv_05
cpe:/o:sun:opensolaris:snv_06
cpe:/o:sun:opensolaris:snv_07
cpe:/o:sun:opensolaris:snv_08
cpe:/o:sun:opensolaris:snv_09
cpe:/o:sun:opensolaris:snv_11
cpe:/o:sun:opensolaris:snv_12
cpe:/o:sun:opensolaris:snv_14
cpe:/o:sun:opensolaris:snv_15
cpe:/o:sun:opensolaris:snv_16
cpe:/o:sun:opensolaris:snv_17
cpe:/o:sun:opensolaris:snv_18
cpe:/o:sun:opensolaris:snv_19
cpe:/o:sun:opensolaris:snv_20
cpe:/o:sun:opensolaris:snv_21
cpe:/o:sun:opensolaris:snv_22
cpe:/o:sun:opensolaris:snv_23
cpe:/o:sun:opensolaris:snv_24
cpe:/o:sun:opensolaris:snv_25
cpe:/o:sun:opensolaris:snv_26
cpe:/o:sun:opensolaris:snv_27
cpe:/o:sun:opensolaris:snv_28
cpe:/o:sun:opensolaris:snv_29
cpe:/o:sun:opensolaris:snv_30
cpe:/o:sun:opensolaris:snv_31
cpe:/o:sun:opensolaris:snv_32
cpe:/o:sun:opensolaris:snv_33
cpe:/o:sun:opensolaris:snv_34
cpe:/o:sun:opensolaris:snv_35
cpe:/o:sun:opensolaris:snv_36
cpe:/o:sun:opensolaris:snv_37
cpe:/o:sun:opensolaris:snv_38
cpe:/o:sun:opensolaris:snv_39
cpe:/o:sun:opensolaris:snv_40
cpe:/o:sun:opensolaris:snv_73
cpe:/o:sun:opensolaris:snv_72
cpe:/o:sun:opensolaris:snv_71
cpe:/o:sun:opensolaris:snv_70
cpe:/o:sun:opensolaris:snv_69
cpe:/o:sun:opensolaris:snv_68
cpe:/o:sun:opensolaris:snv_67
cpe:/o:sun:opensolaris:snv_66
cpe:/o:sun:opensolaris:snv_65
cpe:/o:sun:opensolaris:snv_64
cpe:/o:sun:opensolaris:snv_63
cpe:/o:sun:opensolaris:snv_62
cpe:/o:sun:opensolaris:snv_61
cpe:/o:sun:opensolaris:snv_60
cpe:/o:sun:opensolaris:snv_59
cpe:/o:sun:opensolaris:snv_58
cpe:/o:sun:opensolaris:snv_57
cpe:/o:sun:opensolaris:snv_56
cpe:/o:sun:opensolaris:snv_55
cpe:/o:sun:opensolaris:snv_54
cpe:/o:sun:opensolaris:snv_53
cpe:/o:sun:opensolaris:snv_52
cpe:/o:sun:opensolaris:snv_51
cpe:/o:sun:opensolaris:snv_50
cpe:/o:sun:opensolaris:snv_49
cpe:/o:sun:opensolaris:snv_48
cpe:/o:sun:opensolaris:snv_47
cpe:/o:sun:opensolaris:snv_46
cpe:/o:sun:opensolaris:snv_45
cpe:/o:sun:opensolaris:snv_44
cpe:/o:sun:opensolaris:snv_43
cpe:/o:sun:opensolaris:snv_42
cpe:/o:sun:opensolaris:snv_41
cpe:/o:sun:opensolaris:snv_74
cpe:/o:sun:opensolaris:snv_75
cpe:/o:sun:opensolaris:snv_76
cpe:/o:sun:opensolaris:snv_77 and previous versions

* Denotes Vulnerable Software
Changes related to vulnerability configurations

Technical Details

Vulnerability Type (View All)