Executive Summary
Summary | |
---|---|
Title | wxGTK: User-assisted execution of arbitrary code |
Informations | |||
---|---|---|---|
Name | GLSA-201009-01 | First vendor Publication | 2010-09-02 |
Vendor | Gentoo | Last vendor Modification | 2010-09-02 |
Severity (Vendor) | Normal | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis An integer overflow vulnerability in wxGTK might enable remote attackers to cause the execution of arbitrary code. Background Description Impact Workaround Resolution All wxGTK 2.8 users should upgrade to an updated version: NOTE: This is a legacy GLSA. Updates for all affected architectures are available since August 9, 2009. It is likely that your system is already no longer affected by this issue. References Availability http://security.gentoo.org/glsa/glsa-201009-01.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-201009-01.xml |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:18460 | |||
Oval ID: | oval:org.mitre.oval:def:18460 | ||
Title: | DSA-1890-1 wxwidgets2.6 wxwidgets2.8 wxwindows2.4 - arbitrary code execution | ||
Description: | Tielei Wang has discovered an integer overflow in wxWidgets, the wxWidgets Cross-platform C++ GUI toolkit, which allows the execution of arbitrary code via a crafted JPEG file. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1890-1 CVE-2009-2369 | Version: | 9 |
Platform(s): | Debian GNU/Linux 4.0 Debian GNU/Linux 5.0 | Product(s): | wxwidgets2.6 wxwindows2.4 wxwidgets2.8 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2011-03-09 | Name : Gentoo Security Advisory GLSA 201009-01 (wxGTK) File : nvt/glsa_201009_01.nasl |
2009-09-21 | Name : Debian Security Advisory DSA 1890-1 (wxwindows2.4 wxwidgets2.6 wxwidgets2.8) File : nvt/deb_1890_1.nasl |
2009-09-02 | Name : Mandrake Security Advisory MDVSA-2009:204 (wxgtk) File : nvt/mdksa_2009_204.nasl |
2009-07-29 | Name : Fedora Core 11 FEDORA-2009-7755 (compat-wxGTK26) File : nvt/fcore_2009_7755.nasl |
2009-07-29 | Name : Fedora Core 10 FEDORA-2009-7763 (compat-wxGTK26) File : nvt/fcore_2009_7763.nasl |
2009-07-29 | Name : Fedora Core 11 FEDORA-2009-7780 (wxGTK) File : nvt/fcore_2009_7780.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
55520 | wxWidgets src/common/image.cpp wxImage::Create() Function JPEG File Handling ... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-09-03 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201009-01.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1890.nasl - Type : ACT_GATHER_INFO |
2009-08-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-204.nasl - Type : ACT_GATHER_INFO |
2009-07-23 | Name : The remote Fedora host is missing a security update. File : fedora_2009-7780.nasl - Type : ACT_GATHER_INFO |
2009-07-20 | Name : The remote Fedora host is missing a security update. File : fedora_2009-7755.nasl - Type : ACT_GATHER_INFO |
2009-07-20 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-7763.nasl - Type : ACT_GATHER_INFO |
2009-07-20 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-7794.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:36:55 |
|