[VIM] First CVE of 2009 :)

Steven M. Christey coley at linus.mitre.org
Mon Jan 5 21:45:49 UTC 2009

OK, 2 out of 3 ain't bad.

The first CVE that was originally public in 2009 was CVE-2008-2381
(reserved), public on 20090102.

The first public CVE with a 2009 tag was CVE-2009-0022 (reserved by Red
Hat), public on 20090105.  (Last year's winner was CVE-2008-0061, public
on 20080103; in 2007, CVE-2007-0015 was public on 20070101).

Due to an odd little blip in CVE content creation, the first non-reserved
CVE built on public data is still forthcoming, though many are waiting in
the wings for the final editing step, including two that were published
January 1 that will likely appear after higher-priority issues that were
published later than that.  Its sequence number will be 0041 or greater.

As you may surmise, CVE numbers don't go public sequentially.  That's
because of the reserved CVEs, our internal prioritization for which issues
to publish first, and vacation/holiday oddities.

More useless trivia to follow, no doubt...

- Steve

Name: CVE-2008-2381
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2381
Reference: CONFIRM:http://gforge.org/scm/viewvc.php/branches/Branch_4_5/gforge/common/include/GroupJoinRequest.class?root=gforge&r1=4590&r2=6709
Reference: CONFIRM:http://gforge.org/scm/viewvc.php/branches/Branch_4_5/gforge/common/include/GroupJoinRequest.class?root=gforge&view=log
Reference: CONFIRM:http://security-tracker.debian.net/tracker/CVE-2008-2381
Reference: SECUNIA:33229
Reference: URL:http://secunia.com/advisories/33229

SQL injection vulnerability in the create function in
common/include/GroupJoinRequest.class in GForge 4.5 and 4.6 allows
remote attackers to execute arbitrary SQL commands via the comments

Name: CVE-2009-0022
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0022
Reference: CONFIRM:http://www.samba.org/samba/security/CVE-2009-0022.html
Reference: SECUNIA:33379
Reference: URL:http://secunia.com/advisories/33379

Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows
remote authenticated users to access the root filesystem via a crafted
connection request that specifies a blank share name.

More information about the VIM mailing list