{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "REJECTED", "cveId": "CVE-2009-0786", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-09-17T01:55:49.584Z", "dateRejected": "2023-02-12T00:00:00", "dateReserved": "2009-03-04T00:00:00Z", "datePublished": "2009-05-21T23:00:00Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-02-12T00:00:00"}, "rejectedReasons": [{"lang": "en", "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This was originally intended for a report about TCP Wrappers and the hosts_ctl API function, but further investigation showed that this was documented behavior by that function. Notes: Future CVE identifiers might be assigned to applications that mis-use the API in a security-relevant fashion."}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This was originally intended for a report about TCP Wrappers and the hosts_ctl API function, but further investigation showed that this was documented behavior by that function. Notes: Future CVE identifiers might be assigned to applications that mis-use the API in a security-relevant fashion."}], "id": "CVE-2009-0786", "lastModified": "2023-11-07T02:03:44.133", "metrics": {}, "published": "2009-05-22T11:53:45.640", "references": [], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Rejected"}

{"affected_release": [{"advisory": "RHBA-2007:0565", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "tcp_wrappers-0:7.6-40.4.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2007-11-07T00:00:00Z"}], "bugzilla": {"description": "tcp_wrappers: hosts_ctl() does not handle hostnames specified in /etc/hosts.{allow,deny} correctly", "id": "491095", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=491095"}, "csaw": false, "cvss": {"cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "status": "verified"}, "details": ["[REJECTED CVE] A flaw was found in the tcp_wrappers related to the handling of hostnames specified in the host access rules in /etc/hosts.allow and /etc/hosts.deny. This issue affects applications like net-snmp snmpd and OpenLDAP daemons that uses the hosts_ctl() tcp_wrappers interface function. The flaw prevents correct matching of access rules with hostnames, potentially leading to incorrectly denied access (if in an allow rule) or bypassed access restrictions (if in a deny rule). Attackers could exploit this to gain unauthorized access or disrupt legitimate connections."], "name": "CVE-2009-0786", "public_date": "2009-03-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2009-0786\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-0786"], "statement": "This CVE has been rejected upstream, because this was originally intended for a report about TCP Wrappers and the hosts_ctl API function, but further investigation showed that this was documented behavior by that function.\nRed Hat has also evaluated this issue and determined that it does not meet the criteria to be classified as a security vulnerability. This assessment is based on the issue not posing a significant security risk, being a result of misconfiguration or usage error, or falling outside the scope of security considerations. \nAs such, this CVE has been marked as \"Rejected\" in alignment with Red Hat's vulnerability management policies.\nIf you have additional information or concerns regarding this determination, please contact Red Hat Product Security for further clarification.\nAlso, please note that this issue was previously fixed as bug (access incorrectly denied) and patches are available in Red Hat Enterprise Linux 5 (RHBA-2007:0565).", "threat_severity": "Moderate"}