CVE-2009-0217

Common Vulnerabilities and Exposures

Upstream information

CVE-2009-0217 at MITRE

Description

The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.

NVD CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)

Novell/SUSE information

Novell Bugzilla entries: 514421, 521184, 521564, 530661, 530708, 530717, 548655, 561859

SUSE Security Advisories:

SUSE-SA:2009:053, published Wed, 04 Nov 2009 15:00:00 +0000
SUSE-SA:2010:004, published Tue, 12 Jan 2010 17:00:00 +0000
SUSE-SA:2010:017, published Tue, 16 Mar 2010 15:00:00 +0000

List of released packages

Product(s)	Fixed package version(s)	References
Novell Linux Desktop 9 for x86 Novell Linux Desktop 9 for x86_64	`OpenOffice_org >= 1.1.5-0.28` `OpenOffice_org-ar >= 1.1.5-0.28` `OpenOffice_org-ca >= 1.1.5-0.28` `OpenOffice_org-cs >= 1.1.5-0.28` `OpenOffice_org-da >= 1.1.5-0.28` `OpenOffice_org-de >= 1.1.5-0.28` `OpenOffice_org-el >= 1.1.5-0.28` `OpenOffice_org-en >= 1.1.5-0.28` `OpenOffice_org-en-help >= 1.1.5-0.28` `OpenOffice_org-es >= 1.1.5-0.28` `OpenOffice_org-et >= 1.1.5-0.28` `OpenOffice_org-fi >= 1.1.5-0.28` `OpenOffice_org-fr >= 1.1.5-0.28` `OpenOffice_org-gnome >= 1.1.5-0.28` `OpenOffice_org-hu >= 1.1.5-0.28` `OpenOffice_org-it >= 1.1.5-0.28` `OpenOffice_org-ja >= 1.1.5-0.28` `OpenOffice_org-kde >= 1.1.5-0.28` `OpenOffice_org-ko >= 1.1.5-0.28` `OpenOffice_org-nl >= 1.1.5-0.28` `OpenOffice_org-pl >= 1.1.5-0.28` `OpenOffice_org-pt >= 1.1.5-0.28` `OpenOffice_org-pt-BR >= 1.1.5-0.28` `OpenOffice_org-ru >= 1.1.5-0.28` `OpenOffice_org-sk >= 1.1.5-0.28` `OpenOffice_org-sl >= 1.1.5-0.28` `OpenOffice_org-sv >= 1.1.5-0.28` `OpenOffice_org-tr >= 1.1.5-0.28` `OpenOffice_org-zh-CN >= 1.1.5-0.28` `OpenOffice_org-zh-TW >= 1.1.5-0.28`	sles9-nld.x86-64 sles9-nld.x86 YOU Patch Nr: 12567
SUSE Linux Enterprise Desktop 10 SP3 for AMD64 and Intel EM64T SUSE Linux Enterprise Desktop 10 SP3 for x86	`OpenOffice_org >= 3.2-0.6.1` `OpenOffice_org-af >= 3.2-0.6.1` `OpenOffice_org-ar >= 3.2-0.6.1` `OpenOffice_org-ca >= 3.2-0.6.1` `OpenOffice_org-cs >= 3.2-0.6.1` `OpenOffice_org-da >= 3.2-0.6.1` `OpenOffice_org-de >= 3.2-0.6.1` `OpenOffice_org-es >= 3.2-0.6.1` `OpenOffice_org-fi >= 3.2-0.6.1` `OpenOffice_org-fr >= 3.2-0.6.1` `OpenOffice_org-galleries >= 3.2-0.6.1` `OpenOffice_org-gnome >= 3.2-0.6.1` `OpenOffice_org-gu-IN >= 3.2-0.6.1` `OpenOffice_org-hi-IN >= 3.2-0.6.1` `OpenOffice_org-hu >= 3.2-0.6.1` `OpenOffice_org-it >= 3.2-0.6.1` `OpenOffice_org-ja >= 3.2-0.6.1` `OpenOffice_org-kde >= 3.2-0.6.1` `OpenOffice_org-mono >= 3.2-0.6.1` `OpenOffice_org-nb >= 3.2-0.6.1` `OpenOffice_org-nl >= 3.2-0.6.1` `OpenOffice_org-nld >= 3.2-0.6.1` `OpenOffice_org-nn >= 3.2-0.6.1` `OpenOffice_org-pl >= 3.2-0.6.1` `OpenOffice_org-pt-BR >= 3.2-0.6.1` `OpenOffice_org-ru >= 3.2-0.6.1` `OpenOffice_org-sk >= 3.2-0.6.1` `OpenOffice_org-sv >= 3.2-0.6.1` `OpenOffice_org-xh >= 3.2-0.6.1` `OpenOffice_org-zh-CN >= 3.2-0.6.1` `OpenOffice_org-zh-TW >= 3.2-0.6.1` `OpenOffice_org-zu >= 3.2-0.6.1`	sles10-sp3-debuginfo.x86-64 sled10-sp3.x86 sle10-sp3-sdk.x86-64 sled10-sp3.x86-64 sle10-sp3-sdk.x86 sles10-sp3-debuginfo.x86 ZYPP Patch Nr: 6884
SUSE Linux Enterprise Desktop 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Desktop 10 SP2 for x86	`OpenOffice_org >= 3.2-0.5.2` `OpenOffice_org-af >= 3.2-0.5.2` `OpenOffice_org-ar >= 3.2-0.5.2` `OpenOffice_org-ca >= 3.2-0.5.2` `OpenOffice_org-cs >= 3.2-0.5.2` `OpenOffice_org-da >= 3.2-0.5.2` `OpenOffice_org-de >= 3.2-0.5.2` `OpenOffice_org-el >= 3.2-0.5.2` `OpenOffice_org-en-GB >= 3.2-0.5.2` `OpenOffice_org-es >= 3.2-0.5.2` `OpenOffice_org-fi >= 3.2-0.5.2` `OpenOffice_org-fr >= 3.2-0.5.2` `OpenOffice_org-galleries >= 3.2-0.5.2` `OpenOffice_org-gnome >= 3.2-0.5.2` `OpenOffice_org-gu-IN >= 3.2-0.5.2` `OpenOffice_org-hi-IN >= 3.2-0.5.2` `OpenOffice_org-hu >= 3.2-0.5.2` `OpenOffice_org-it >= 3.2-0.5.2` `OpenOffice_org-ja >= 3.2-0.5.2` `OpenOffice_org-kde >= 3.2-0.5.2` `OpenOffice_org-ko >= 3.2-0.5.2` `OpenOffice_org-mono >= 3.2-0.5.2` `OpenOffice_org-nb >= 3.2-0.5.2` `OpenOffice_org-nl >= 3.2-0.5.2` `OpenOffice_org-nld >= 3.2-0.5.2` `OpenOffice_org-nn >= 3.2-0.5.2` `OpenOffice_org-pl >= 3.2-0.5.2` `OpenOffice_org-pt-BR >= 3.2-0.5.2` `OpenOffice_org-ru >= 3.2-0.5.2` `OpenOffice_org-sk >= 3.2-0.5.2` `OpenOffice_org-sv >= 3.2-0.5.2` `OpenOffice_org-xh >= 3.2-0.5.2` `OpenOffice_org-zh-CN >= 3.2-0.5.2` `OpenOffice_org-zh-TW >= 3.2-0.5.2` `OpenOffice_org-zu >= 3.2-0.5.2`	sled10-sp2.x86 sle10-sp2-sdk.x86-64 sle10-sp2-sdk.x86 sles10-sp2-debuginfo.x86 sles10-sp2-debuginfo.x86-64 sled10-sp2.x86-64 ZYPP Patch Nr: 6883
SUSE Linux Enterprise 10 SP2 DEBUGINFO for AMD64 and Intel EM64T SUSE Linux Enterprise 10 SP2 DEBUGINFO for x86	`OpenOffice_org-debuginfo >= 3.2-0.5.2`	sled10-sp2.x86 sle10-sp2-sdk.x86-64 sle10-sp2-sdk.x86 sles10-sp2-debuginfo.x86 sles10-sp2-debuginfo.x86-64 sled10-sp2.x86-64 ZYPP Patch Nr: 6883

Markets

Products By Category

Novell

NetIQ (Moving soon to NetIQ.com)

A-Z

Contribute