Bug 528081 (CVE-2009-3591)

Summary: CVE-2009-3591 dopewars: DoS via REQUESTJET message with an invalid location
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: susi.lehtola
Target Milestone: ---Keywords: Reopened, Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3591
Whiteboard: impact=moderate,source=cve,reported=20091008,public=20091006,cvss2=
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-02-10 07:43:00 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 528082    
Bug Blocks:    

Description Vincent Danen 2009-10-08 21:31:27 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-3591 to
the following vulnerability:

Name: CVE-2009-3591
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3591
Assigned: 20091008
Reference: BUGTRAQ:20091006 Dopewars 1.5.12 Server Denial of Service
Reference: URL: http://www.securityfocus.com/archive/1/archive/1/507012/100/0/threaded
Reference: CONFIRM: http://dopewars.svn.sourceforge.net/viewvc/dopewars/dopewars/trunk/ChangeLog?view=markup&pathrev=1033
Reference: CONFIRM: http://dopewars.svn.sourceforge.net/viewvc/dopewars/dopewars/trunk/src/serverside.c?r1=1023&r2=1033&pathrev=1033
Reference: BID:36606
Reference: URL: http://www.securityfocus.com/bid/36606
Reference: SECUNIA:36961
Reference: URL: http://secunia.com/advisories/36961

Dopewars 1.5.12 allows remote attackers to cause a denial of service
(segmentation fault) via a REQUESTJET message with an invalid
location.

Comment 2 Susi Lehtola 2009-10-09 10:53:00 UTC

*** This bug has been marked as a duplicate of bug 528082 ***

Comment 3 Fedora Update System 2009-10-09 13:44:35 UTC
dopewars-1.5.12-8.1033svn.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/dopewars-1.5.12-8.1033svn.fc11

Comment 4 Fedora Update System 2009-10-09 13:44:44 UTC
dopewars-1.5.12-8.1033svn.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/dopewars-1.5.12-8.1033svn.fc10

Comment 5 Fedora Update System 2009-10-14 01:30:36 UTC
dopewars-1.5.12-8.1033svn.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 6 Fedora Update System 2009-10-14 01:42:41 UTC
dopewars-1.5.12-8.1033svn.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.