Executive Summary
Summary | |
---|---|
Title | LibThai vulnerability |
Informations | |||
---|---|---|---|
Name | USN-887-1 | First vendor Publication | 2010-01-18 |
Vendor | Ubuntu | Last vendor Modification | 2010-01-18 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: Ubuntu 8.10: Ubuntu 9.04: Ubuntu 9.10: In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Tim Starling discovered that LibThai did not correctly handle long strings. A remote attacker could use specially-formed strings to execute arbitrary code with the user's privileges. |
Original Source
Url : http://www.ubuntu.com/usn/USN-887-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:13132 | |||
Oval ID: | oval:org.mitre.oval:def:13132 | ||
Title: | USN-887-1 -- libthai vulnerability | ||
Description: | Tim Starling discovered that LibThai did not correctly handle long strings. A remote attacker could use specially-formed strings to execute arbitrary code with the user�s privileges. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-887-1 CVE-2009-4012 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 8.10 Ubuntu 9.10 Ubuntu 9.04 | Product(s): | libthai |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18321 | |||
Oval ID: | oval:org.mitre.oval:def:18321 | ||
Title: | DSA-1971-1 libthai - arbitrary code execution | ||
Description: | Tim Starling discovered that libthai, a set of Thai language support routines, is vulnerable of integer/heap overflow. This vulnerability could allow an attacker to run arbitrary code by sending a very long string. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1971-1 CVE-2009-4012 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 Debian GNU/Linux 5.0 | Product(s): | libthai |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2010-01-20 | Name : Ubuntu Update for libthai vulnerability USN-887-1 File : nvt/gb_ubuntu_USN_887_1.nasl |
2010-01-19 | Name : Mandriva Update for libthai MDVSA-2010:010 (libthai) File : nvt/gb_mandriva_MDVSA_2010_010.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
61715 | LibThai Unspecified String Handling Overflows |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1971.nasl - Type : ACT_GATHER_INFO |
2010-02-02 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libthai-100115.nasl - Type : ACT_GATHER_INFO |
2010-02-02 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libthai-100115.nasl - Type : ACT_GATHER_INFO |
2010-02-02 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libthai-100115.nasl - Type : ACT_GATHER_INFO |
2010-01-19 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-887-1.nasl - Type : ACT_GATHER_INFO |
2010-01-18 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-010.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:06:31 |
|