Executive Summary
Summary | |
---|---|
Title | New wordnet packages fix regression |
Informations | |||
---|---|---|---|
Name | DSA-1634 | First vendor Publication | 2008-09-01 |
Vendor | Debian | Last vendor Modification | 2008-09-20 |
Severity (Vendor) | N/A | Revision | 2 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A regression was discovered in the original patch addressing this issue for WordNet, which this update fixes. For reference the text of the original advisory follows. Rob Holland discovered several programming errors in WordNet, an electronic lexical database of the English language. These flaws could allow arbitrary code execution when used with untrusted input, for example when WordNet is in use as a back end for a web application. For the stable distribution (etch), these problems have been fixed in version 1:2.1-4+etch2. For the unstable distribution (sid), these problems have been fixed in version 1:3.0-13. We recommend that you upgrade your wordnet package. |
Original Source
Url : http://www.debian.org/security/2008/dsa-1634 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 |
OpenVAS Exploits
Date | Description |
---|---|
2009-04-09 | Name : Mandriva Update for wordnet MDVSA-2008:182 (wordnet) File : nvt/gb_mandriva_MDVSA_2008_182.nasl |
2009-04-09 | Name : Mandriva Update for wordnet MDVSA-2008:182-1 (wordnet) File : nvt/gb_mandriva_MDVSA_2008_182_1.nasl |
2008-10-09 | Name : Gentoo Security Advisory GLSA 200810-01 (wordnet) File : nvt/glsa_200810_01.nasl |
2008-09-24 | Name : Debian Security Advisory DSA 1634-2 (wordnet) File : nvt/deb_1634_2.nasl |
2008-09-17 | Name : Debian Security Advisory DSA 1634-1 (wordnet) File : nvt/deb_1634_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
45153 | WordNet wn Multiple Function Overflow |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-182.nasl - Type : ACT_GATHER_INFO |
2008-10-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200810-01.nasl - Type : ACT_GATHER_INFO |
2008-09-05 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1634.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:27:51 |
|