FKIE_CVE-2009-1300

Vulnerability from fkie_nvd - Published: 2009-04-16 15:12 - Updated: 2025-04-09 00:30
Severity ?
Summary
apt 0.7.20 does not check when the date command returns an "invalid date" error, which can prevent apt from loading security updates in time zones for which DST occurs at midnight.
References
cve@mitre.orghttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=523213
cve@mitre.orghttp://secunia.com/advisories/34829
cve@mitre.orghttp://secunia.com/advisories/34832
cve@mitre.orghttp://secunia.com/advisories/34874
cve@mitre.orghttp://www.debian.org/security/2009/dsa-1779
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2009/04/08/11
cve@mitre.orghttps://bugs.launchpad.net/ubuntu/+source/coreutils/+bug/354793
cve@mitre.orghttps://usn.ubuntu.com/762-1/
af854a3a-2127-422b-91ae-364da2661108http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=523213
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34829
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34832
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34874
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2009/dsa-1779
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2009/04/08/11
af854a3a-2127-422b-91ae-364da2661108https://bugs.launchpad.net/ubuntu/+source/coreutils/+bug/354793
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/762-1/
Impacted products
Vendor Product Version
debian advanced_package_tool 0.7.20
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "63E05BE6-9BDF-441E-873E-A4D965B3494F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "apt 0.7.20 does not check when the date command returns an \"invalid date\" error, which can prevent apt from loading security updates in time zones for which DST occurs at midnight."
    },
    {
      "lang": "es",
      "value": "apt 0.7.20 no comprueba si el comando \"date\" devuelve un error de \"invalid date\" (fecha no v\u00e1lida) que puede prevenir a apt de la carga de actualizaciones de seguridad en zonas horarias para las cuales DST se produce a medianoche."
    }
  ],
  "id": "CVE-2009-1300",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-04-16T15:12:57.453",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=523213"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/34829"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/34832"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/34874"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2009/dsa-1779"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2009/04/08/11"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugs.launchpad.net/ubuntu/+source/coreutils/+bug/354793"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/762-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=523213"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34829"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34832"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34874"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2009/dsa-1779"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2009/04/08/11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.launchpad.net/ubuntu/+source/coreutils/+bug/354793"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/762-1/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.