Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name MDVSA-2010:255 First vendor Publication 2010-12-15
Vendor Mandriva Last vendor Modification 2010-12-15
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability was discovered and corrected in php-intl:

Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and earlier allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument (CVE-2010-4409).

The updated packages have been upgraded to php-intl-1.1.2 and patched to correct this issue.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2010:255

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-189 Numeric Errors (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 364

ExploitDB Exploits

id Description
2010-12-10 PHP 5.3.3 NumberFormatter::getSymbol Integer Overflow

OpenVAS Exploits

Date Description
2012-06-21 Name : PHP version smaller than 5.3.4
File : nvt/nopsec_php_5_3_4.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201110-06 (php)
File : nvt/glsa_201110_06.nasl
2011-08-26 Name : Mac OS X v10.6.6 Multiple Vulnerabilities (2011-001)
File : nvt/secpod_macosx_su11-001.nasl
2011-03-25 Name : Mandriva Update for php MDVSA-2011:052 (php)
File : nvt/gb_mandriva_MDVSA_2011_052.nasl
2011-03-25 Name : Mandriva Update for php MDVSA-2011:053 (php)
File : nvt/gb_mandriva_MDVSA_2011_053.nasl
2011-01-14 Name : Ubuntu Update for php5 vulnerabilities USN-1042-1
File : nvt/gb_ubuntu_USN_1042_1.nasl
2011-01-11 Name : Fedora Update for maniadrive FEDORA-2010-18976
File : nvt/gb_fedora_2010_18976_maniadrive_fc14.nasl
2011-01-11 Name : Fedora Update for php-eaccelerator FEDORA-2010-18976
File : nvt/gb_fedora_2010_18976_php-eaccelerator_fc14.nasl
2011-01-11 Name : Fedora Update for php FEDORA-2010-18976
File : nvt/gb_fedora_2010_18976_php_fc14.nasl
2011-01-11 Name : Fedora Update for maniadrive FEDORA-2010-19011
File : nvt/gb_fedora_2010_19011_maniadrive_fc13.nasl
2011-01-11 Name : Fedora Update for php-eaccelerator FEDORA-2010-19011
File : nvt/gb_fedora_2010_19011_php-eaccelerator_fc13.nasl
2011-01-11 Name : Fedora Update for php FEDORA-2010-19011
File : nvt/gb_fedora_2010_19011_php_fc13.nasl
2010-12-28 Name : Mandriva Update for php MDVSA-2010:254 (php)
File : nvt/gb_mandriva_MDVSA_2010_254.nasl
2010-12-28 Name : Mandriva Update for php-intl MDVSA-2010:255 (php-intl)
File : nvt/gb_mandriva_MDVSA_2010_255.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
69651 PHP NumberFormatter::getSymbol Function Invalid Argument Overflow DoS

PHP is prone to an overflow condition. The 'NumberFormatter::getSymbol' function fails to properly sanitize user-supplied input resulting in an integer overflow. With an invalid argument, a context-dependent attacker can potentially cause a denial of service.

Nessus® Vulnerability Scanner

Date Description
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-57.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_icu-120117.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_icu-120117.nasl - Type : ACT_GATHER_INFO
2013-01-25 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_icu-121219.nasl - Type : ACT_GATHER_INFO
2012-04-20 Name : The remote web server is affected by multiple vulnerabilities.
File : hpsmh_7_0_0_24.nasl - Type : ACT_GATHER_INFO
2012-01-20 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_icu-120116.nasl - Type : ACT_GATHER_INFO
2012-01-20 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_icu-7928.nasl - Type : ACT_GATHER_INFO
2011-10-12 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201110-06.nasl - Type : ACT_GATHER_INFO
2011-03-24 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-052.nasl - Type : ACT_GATHER_INFO
2011-03-24 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-053.nasl - Type : ACT_GATHER_INFO
2011-03-22 Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_10_6_7.nasl - Type : ACT_GATHER_INFO
2011-01-12 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1042-1.nasl - Type : ACT_GATHER_INFO
2011-01-05 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2010-18976.nasl - Type : ACT_GATHER_INFO
2011-01-05 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2010-19011.nasl - Type : ACT_GATHER_INFO
2010-12-16 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-254.nasl - Type : ACT_GATHER_INFO
2010-12-13 Name : The remote web server uses a version of PHP that is affected by multiple flaws.
File : php_5_3_4.nasl - Type : ACT_GATHER_INFO