Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4599

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-4599
Last Modified 21 Sep 2012 11:27:33
Published 21 Jun 2012 11:55:11
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-4599

Summary

Stack-based buffer overflow in the _canonicalize function in common/uloc.c in International Components for Unicode (ICU) before 49.1 allows remote attackers to execute arbitrary code via a crafted locale ID that is not properly handled during variant canonicalization.

Vulnerable Systems

Application

  • Icu Project International Components For Unicode 3.6

  • Icu Project International Components For Unicode 3.8

  • Icu Project International Components For Unicode 4.8

  • Icu Project International Components For Unicode 49


References

XF - icu-canonicalize-bo(71726)

BID - 51006

OSVDB - 77698

MLIST - [oss-security] 20111209 Re: CVE Request: icu out of bounds access

MLIST - [oss-security] 20111209 CVE Request: icu out of bounds access

MANDRIVA - MDVSA-2011:194

DEBIAN - DSA-2397

UBUNTU - USN-1348-1

SECUNIA - 47775

SECUNIA - 47714

SECUNIA - 47674

SECUNIA - 47227

SECUNIA - 47146

REDHAT - RHSA-2011:1815

SUSE - openSUSE-SU-2012:0100

CONFIRM - http://code.google.com/p/chromium/issues/detail?id=106441

CONFIRM - http://bugs.icu-project.org/trac/ticket/8984

CONFIRM - http://support.apple.com/kb/HT5503

CONFIRM - http://support.apple.com/kb/HT5501

APPLE - APPLE-SA-2012-09-19-2

APPLE - APPLE-SA-2012-09-19-1

Related Patches

Apple 2012-09-19 Mac OS X Server 10.7.5 Update

Apple 2012-09-19 Mac OS X 10.7.5 Update

Apple 2012-09-19 Mac OS X Server 10.7.5 Combo Update

Apple 2012-09-19 Mac OS X 10.7.5 Combo Update

Apple 2012-09-19 Security Update 2012-004 Server (Snow Leopard)

Apple 2012-09-19 Security Update 2012-004 (Snow Leopard)

Red Hat 2011:1815-01 RHSA Moderate: icu security update for RHEL 5 x86

Red Hat 2011:1815-01 RHSA Moderate: icu security update for RHEL 5 x86_64

Novell SUSE 2012:5653 icu security update for SLE 11 SP1 i586

Novell SUSE 2012:5653 icu security update for SLE 11 SP1 x86_64

Novell SUSE 2012:7204 icu security update for SLE 11 SP2 i586

Novell SUSE 2012:7204 icu security update for SLE 11 SP2 x86_64

Novell SUSE 2012:8022 libreoffice-345 security update for SLED 10 SP4 i586

Novell SUSE 2012:8022 libreoffice-345 security update for SLED 10 SP4 x86_64


Last Updated: 27 May 2016 10:56:34