Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | clearsilver security update |
| Informations | |||
|---|---|---|---|
| Name | DSA-2355 | First vendor Publication | 2011-11-30 |
| Vendor | Debian | Last vendor Modification | 2011-11-30 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Leo Iannacone and Colin Watson discovered a format string vulnerability in the Python bindings for the Clearsilver HTML template system, which may lead to denial of service or the execution of arbitrary code. For the oldstable distribution (lenny), this problem has been fixed in version 0.10.4-1.3+lenny1. For the stable distribution (squeeze), this problem has been fixed in version 0.10.5-1+squeeze1. For the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your clearsilver packages. |
Original Source
| Url : http://www.debian.org/security/2011/dsa-2355 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-134 | Uncontrolled Format String (CWE/SANS Top 25) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:15125 | |||
| Oval ID: | oval:org.mitre.oval:def:15125 | ||
| Title: | DSA-2355-1 clearsilver -- format string vulnerability | ||
| Description: | Leo Iannacone and Colin Watson discovered a format string vulnerability in the Python bindings for the Clearsilver HTML template system, which may lead to denial of service or the execution of arbitrary code. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2355-1 CVE-2011-4357 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | clearsilver |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-04-02 | Name : Fedora Update for clearsilver FEDORA-2011-17042 File : nvt/gb_fedora_2011_17042_clearsilver_fc16.nasl |
| 2012-02-11 | Name : Debian Security Advisory DSA 2355-1 (clearsilver) File : nvt/deb_2355_1.nasl |
| 2011-12-23 | Name : Fedora Update for clearsilver FEDORA-2011-17040 File : nvt/gb_fedora_2011_17040_clearsilver_fc15.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 77419 | clearsilver python/neo_cgi.c p_cgi_error() Function Format String Remote Memo... A format string flaw exists in clearsilver . The p_cgi_error() function fails to properly sanitize format string specifiers (e.g., %s and %x). With a specially crafted request, a remote attacker can crash the service or possibly execute arbitrary code. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2011-12-23 | Name : The remote Fedora host is missing a security update. File : fedora_2011-17040.nasl - Type : ACT_GATHER_INFO |
| 2011-12-23 | Name : The remote Fedora host is missing a security update. File : fedora_2011-17042.nasl - Type : ACT_GATHER_INFO |
| 2011-12-02 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2355.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:30:37 |
|
