Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2011:194 | First vendor Publication | 2011-12-27 |
Vendor | Mandriva | Last vendor Modification | 2011-12-27 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability has been discovered and corrected in icu: A stack-based buffer overflow flaw was found in the way ICU performed variant canonicalization for some locale identifiers. If a specially-crafted locale representation was opened in an application linked against ICU, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application (CVE-2011-4599). The updated packages have been patched to correct this issue. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2011:194 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:15105 | |||
Oval ID: | oval:org.mitre.oval:def:15105 | ||
Title: | DSA-2397-1 icu -- buffer underflow | ||
Description: | It was discovered that a buffer overflow in the Unicode libraray ICU could lead to the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2397-1 CVE-2011-4599 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | icu |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15411 | |||
Oval ID: | oval:org.mitre.oval:def:15411 | ||
Title: | USN-1348-1 -- ICU vulnerability | ||
Description: | icu: International Components for Unicode library ICU could be made to crash or run programs as your login if it opened specially crafted data. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1348-1 CVE-2011-4599 | Version: | 5 |
Platform(s): | Ubuntu 11.04 Ubuntu 11.10 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | ICU |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22138 | |||
Oval ID: | oval:org.mitre.oval:def:22138 | ||
Title: | RHSA-2011:1815: icu security update (Moderate) | ||
Description: | Stack-based buffer overflow in the _canonicalize function in common/uloc.c in International Components for Unicode (ICU) before 49.1 allows remote attackers to execute arbitrary code via a crafted locale ID that is not properly handled during variant canonicalization. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:1815-01 CESA-2011:1815 CVE-2011-4599 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | icu |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23292 | |||
Oval ID: | oval:org.mitre.oval:def:23292 | ||
Title: | DEPRECATED: ELSA-2011:1815: icu security update (Moderate) | ||
Description: | Stack-based buffer overflow in the _canonicalize function in common/uloc.c in International Components for Unicode (ICU) before 49.1 allows remote attackers to execute arbitrary code via a crafted locale ID that is not properly handled during variant canonicalization. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:1815-01 CVE-2011-4599 | Version: | 7 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | icu |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23739 | |||
Oval ID: | oval:org.mitre.oval:def:23739 | ||
Title: | ELSA-2011:1815: icu security update (Moderate) | ||
Description: | Stack-based buffer overflow in the _canonicalize function in common/uloc.c in International Components for Unicode (ICU) before 49.1 allows remote attackers to execute arbitrary code via a crafted locale ID that is not properly handled during variant canonicalization. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:1815-01 CVE-2011-4599 | Version: | 6 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | icu |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28161 | |||
Oval ID: | oval:org.mitre.oval:def:28161 | ||
Title: | DEPRECATED: ELSA-2011-1815 -- icu security update (moderate) | ||
Description: | [4.2.1-9.1] - Resolves: rhbz#766539 CVE-2011-4599 localeID overflow | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-1815 CVE-2011-4599 | Version: | 4 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | icu |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2012-09-26 | Name : Gentoo Security Advisory GLSA 201209-07 (icu) File : nvt/glsa_201209_07.nasl |
2012-09-25 | Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2012-004) File : nvt/gb_macosx_su12-004.nasl |
2012-07-30 | Name : CentOS Update for icu CESA-2011:1815 centos5 x86_64 File : nvt/gb_CESA-2011_1815_icu_centos5_x86_64.nasl |
2012-07-30 | Name : CentOS Update for icu CESA-2011:1815 centos6 File : nvt/gb_CESA-2011_1815_icu_centos6.nasl |
2012-04-02 | Name : Fedora Update for icu FEDORA-2011-17101 File : nvt/gb_fedora_2011_17101_icu_fc16.nasl |
2012-02-12 | Name : Debian Security Advisory DSA 2397-1 (icu) File : nvt/deb_2397_1.nasl |
2012-02-01 | Name : Ubuntu Update for icu USN-1348-1 File : nvt/gb_ubuntu_USN_1348_1.nasl |
2011-12-30 | Name : Mandriva Update for icu MDVSA-2011:194 (icu) File : nvt/gb_mandriva_MDVSA_2011_194.nasl |
2011-12-23 | Name : Fedora Update for icu FEDORA-2011-17119 File : nvt/gb_fedora_2011_17119_icu_fc15.nasl |
2011-12-16 | Name : CentOS Update for icu CESA-2011:1815 centos5 i386 File : nvt/gb_CESA-2011_1815_icu_centos5_i386.nasl |
2011-12-16 | Name : RedHat Update for icu RHSA-2011:1815-01 File : nvt/gb_RHSA-2011_1815-01_icu.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
77698 | International Components for Unicode (ICU) source/common/uloc.c _canonicalize... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_icu_20120918.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_icu-120117.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_icu-120117.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-33.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1815.nasl - Type : ACT_GATHER_INFO |
2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_icu-121219.nasl - Type : ACT_GATHER_INFO |
2012-09-27 | Name : The remote device is affected by multiple vulnerabilities. File : appletv_5_1.nasl - Type : ACT_GATHER_INFO |
2012-09-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201209-07.nasl - Type : ACT_GATHER_INFO |
2012-09-20 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_10_7_5.nasl - Type : ACT_GATHER_INFO |
2012-09-20 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_SecUpd2012-004.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111213_icu_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-01-31 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2397.nasl - Type : ACT_GATHER_INFO |
2012-01-27 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1348-1.nasl - Type : ACT_GATHER_INFO |
2012-01-20 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_icu-120116.nasl - Type : ACT_GATHER_INFO |
2011-12-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-194.nasl - Type : ACT_GATHER_INFO |
2011-12-23 | Name : The remote Fedora host is missing a security update. File : fedora_2011-17119.nasl - Type : ACT_GATHER_INFO |
2011-12-23 | Name : The remote Fedora host is missing a security update. File : fedora_2011-17101.nasl - Type : ACT_GATHER_INFO |
2011-12-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1815.nasl - Type : ACT_GATHER_INFO |
2011-12-14 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1815.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:42:38 |
|