Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4357

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-4357
Last Modified 12 Dec 2011 12:00:00
Published 10 Dec 2011 12:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-4357

Summary

Format string vulnerability in the p_cgi_error function in python/neo_cgi.c in the Python CGI Kit (neo_cgi) module for Clearsilver 0.10.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers that are not properly handled when creating CGI error messages using the cgi_error API function.

Vulnerable Systems

Application

  • Brandon Long Clearsilver 0.1

  • Brandon Long Clearsilver 0.10.1

  • Brandon Long Clearsilver 0.10.2

  • Brandon Long Clearsilver 0.10.3

  • Brandon Long Clearsilver 0.10.4

  • Brandon Long Clearsilver 0.10.5

  • Brandon Long Clearsilver 0.2

  • Brandon Long Clearsilver 0.2.1

  • Brandon Long Clearsilver 0.3

  • Brandon Long Clearsilver 0.4

  • Brandon Long Clearsilver 0.5

  • Brandon Long Clearsilver 0.6

  • Brandon Long Clearsilver 0.7

  • Brandon Long Clearsilver 0.7.1

  • Brandon Long Clearsilver 0.7.2

  • Brandon Long Clearsilver 0.8.0

  • Brandon Long Clearsilver 0.8.1

  • Brandon Long Clearsilver 0.9.0

  • Brandon Long Clearsilver 0.9.1

  • Brandon Long Clearsilver 0.9.14

  • Brandon Long Clearsilver 0.9.2

  • Brandon Long Clearsilver 0.9.3

  • Brandon Long Clearsilver 0.9.6

  • Brandon Long Clearsilver 0.9.7


References

XF - clearsilver-neocgi-format-string(71599)

MLIST - [oss-security] 20111127 CVE Request -- ClearSilver (neo_cgi) -- Format string flaw by processing CGI error messages in Python module

DEBIAN - DSA-2355

CONFIRM - http://tech.groups.yahoo.com/group/ClearSilver/message/1422

SECUNIA - 47016

OSVDB - 77419

CONFIRM - http://code.google.com/p/clearsilver/source/detail?r=919


Last Updated: 27 May 2016 10:57:51