Executive Summary
Summary | |
---|---|
Title | Little CMS vulnerability |
Informations | |||
---|---|---|---|
Name | USN-1043-1 | First vendor Publication | 2011-01-12 |
Vendor | Ubuntu | Last vendor Modification | 2011-01-12 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 9.10 Ubuntu 10.04 LTS Ubuntu 10.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: Ubuntu 9.10: Ubuntu 10.04 LTS: Ubuntu 10.10: In general, a standard system update will make all the necessary changes. Details follow: It was discovered that a NULL pointer dereference in the code for handling transformations of monochrome profiles could allow an attacker to cause a denial of service through a specially crafted image. (CVE-2009-0793) |
Original Source
Url : http://www.ubuntu.com/usn/USN-1043-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11340 | |||
Oval ID: | oval:org.mitre.oval:def:11340 | ||
Title: | cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for "transformations of monochrome profiles." | ||
Description: | cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for "transformations of monochrome profiles." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0793 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13518 | |||
Oval ID: | oval:org.mitre.oval:def:13518 | ||
Title: | USN-1043-1 -- lcms vulnerability | ||
Description: | It was discovered that a NULL pointer dereference in the code for handling transformations of monochrome profiles could allow an attacker to cause a denial of service through a specially crafted image | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1043-1 CVE-2009-0793 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 10.10 Ubuntu 9.10 Ubuntu 10.04 | Product(s): | lcms |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for java CESA-2009:0377 centos5 i386 File : nvt/gb_CESA-2009_0377_java_centos5_i386.nasl |
2011-01-14 | Name : Ubuntu Update for lcms vulnerability USN-1043-1 File : nvt/gb_ubuntu_USN_1043_1.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:121-1 (lcms) File : nvt/mdksa_2009_121_1.nasl |
2009-08-17 | Name : Mandrake Security Advisory MDVSA-2009:162 (java-1.6.0-openjdk) File : nvt/mdksa_2009_162.nasl |
2009-06-23 | Name : Mandrake Security Advisory MDVSA-2009:137 (java-1.6.0-openjdk) File : nvt/mdksa_2009_137.nasl |
2009-06-05 | Name : Mandrake Security Advisory MDVSA-2009:121 (lcms) File : nvt/mdksa_2009_121.nasl |
2009-05-11 | Name : Fedora Core 9 FEDORA-2009-3914 (lcms) File : nvt/fcore_2009_3914.nasl |
2009-05-11 | Name : Fedora Core 10 FEDORA-2009-3967 (lcms) File : nvt/fcore_2009_3967.nasl |
2009-04-20 | Name : Gentoo Security Advisory GLSA 200904-19 (littlecms) File : nvt/glsa_200904_19.nasl |
2009-04-15 | Name : RedHat Security Advisory RHSA-2009:0377 File : nvt/RHSA_2009_0377.nasl |
2009-04-15 | Name : Debian Security Advisory DSA 1769-1 (openjdk-6) File : nvt/deb_1769_1.nasl |
2009-04-15 | Name : Fedora Core 9 FEDORA-2009-3425 (java-1.6.0-openjdk) File : nvt/fcore_2009_3425.nasl |
2009-04-15 | Name : Fedora Core 10 FEDORA-2009-3426 (java-1.6.0-openjdk) File : nvt/fcore_2009_3426.nasl |
2009-04-15 | Name : CentOS Security Advisory CESA-2009:0377 (java-1.6.0-openjdk) File : nvt/ovcesa2009_0377.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
56310 | Little CMS (lcms) cmsxform.c Image Handling Monochrome Profile Transformation... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0377.nasl - Type : ACT_GATHER_INFO |
2011-01-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1043-1.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0377.nasl - Type : ACT_GATHER_INFO |
2009-08-31 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_6_0-openjdk-090826.nasl - Type : ACT_GATHER_INFO |
2009-08-31 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-openjdk-090827.nasl - Type : ACT_GATHER_INFO |
2009-06-21 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-137.nasl - Type : ACT_GATHER_INFO |
2009-05-22 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-121.nasl - Type : ACT_GATHER_INFO |
2009-05-11 | Name : The remote Fedora host is missing a security update. File : fedora_2009-3914.nasl - Type : ACT_GATHER_INFO |
2009-05-11 | Name : The remote Fedora host is missing a security update. File : fedora_2009-3967.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Fedora host is missing a security update. File : fedora_2009-3426.nasl - Type : ACT_GATHER_INFO |
2009-04-21 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200904-19.nasl - Type : ACT_GATHER_INFO |
2009-04-13 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1769.nasl - Type : ACT_GATHER_INFO |
2009-04-08 | Name : The remote Fedora host is missing a security update. File : fedora_2009-3425.nasl - Type : ACT_GATHER_INFO |
2009-04-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0377.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:58:11 |
|