---

Codenomicon Labs

Advisories

Note that some of these vulnerabilities have been found by our customers individually using our Defensics fuzzing tools, and security testing services. Please let us know if you know other public vulnerability advisories regarding bugs fixed using Codenomicon solutions.

---

2011:

Vulnerability in open source Bluetooth bluez-hcidump

• CERT-FI Advisory on bluez-hcidump
• CVE-2011-3334

Five vulnerabilities in the BGP and OSPF daemons of Quagga

• CERT-FI Advisory on Quagga
• CVE-2011-3323
• CVE-2011-3324
• CVE-2011-3325
• CVE-2011-3326
• CVE-2011-3327

2010:

Two vulnerabilities in the BGP daemon of Quagga

• CERT-FI Advisory on Quagga
• Codenomicon news
• Quagga 0.99.17 release note
• CVE-2010-2948
• CVE-2010-2949

SMB Stack Exhaustion Vulnerability

• MS10-054 - Vulnerabilities in SMB Server Could Allow Remote Code Execution
• Microsoft Security Bulletin Summary for August 2010
• CVE-2010-2552

Two vulnerabilities in OpenLDAP

• CERT-FI Advisory on OpenLDAP
• Codenomicon news
• CVE-2010-0211
• CVE-2010-0212

Linux SCTP INIT message handling

• CERT-FI Advisory on Linux SCTP INIT message handling
• CVE-2010-1173

Lexmark vulnerabilities in HTTP and SSL

• HTTP Denial of Service Vulnerability Notification for Lexmark Printers and Multi-Function Printers
• CVE-2010-0101
• SSL Denial of Service Vulnerability Notification for Lexmark Printers and Multi-Function Printers
• CVE-2004-0079 (Regression)

Microsoft SMB implementations

• Microsoft Security Bulletin MS10-012
• CVE-2010-0020

Linux Kernel (with CERT-FI):

• CERT-FI advisory
• Codenomicon news
• CVE-2007-4567 (Regression)
• CVE-2010-0006

---

2009:

XML (several open source libraries, with CERT-FI):

• Codenomicon page on XML issues
• Press Release
• CERT-FI Advisory
• CVE-2009-3720 (libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software)
• CVE-2009-1885 (Apache Xerces C++ 2.7.0 and 2.8.0)
• CVE-2009-2414 (libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17)
• CVE-2009-2416 (libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17)
• CVE-2009-2625 (Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6)
• List of affected software products and vendors includes (at least): Python Expat, Xerces C++, Libxml2, Sun Java, Xerces Java, OpenJDK, Apple, Google, OpenOffice, Sun StarOffice, Sun StarSuite, Oracle, VMware, ...

Squid (with CERT-FI):

• Squid advisory
• CVE-2009-2621
• CVE-2009-2622

Squid (with CERT-FI):

• Press Release
• Squid advisory
• CVE-2009-0478

---

2008:

OpenSSL (with CERT-FI):

• CERT-FI advisory
• OpenSSL advisory
• CVE-2008-0891

GnuTLS (with CERT-FI):

• GnuTLS update
• CERT-FI advisory
• CVE-2008-1948, CVE-2008-1949, CVE-2008-1950

NetBSD (with CERT-FI):

• CERT-FI advisory
• NetBSD advisory
• CVE-2008-2464

SMB libraries:

• Microsoft advisory
• CVE-2008-4038

---

2007:

OpenGGSN (by VTT):

• Advisory from VTT

---

2005:

Image libraries (with NISCC):

• Press Release
• Advisory from Microsoft

---

2004:

OpenSSL (with NISCC and RedHat):

• Red Hat
• CVE-2004-0081

Apache (with NISCC and RedHat):

• Red Hat
• CVE-2004-0786

---

---

---

---