Vulnerabilities > CVE-2007-4770 - Resource Management Errors vulnerability in Icu-Project International Components for Unicode
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2008-026.NASL description Will Drewry reported multiple flaws in how libicu processed certain malformed regular expressions. If an application linked against libicu, such as OpenOffice.org, processed a carefully-crafted regular expression, it could potentially cause the execution of arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 37215 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/37215 title Mandriva Linux Security Advisory : icu (MDVSA-2008:026) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2008:026. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(37215); script_version ("1.13"); script_cvs_date("Date: 2019/08/02 13:32:50"); script_cve_id("CVE-2007-4770", "CVE-2007-4771"); script_xref(name:"MDVSA", value:"2008:026"); script_name(english:"Mandriva Linux Security Advisory : icu (MDVSA-2008:026)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Will Drewry reported multiple flaws in how libicu processed certain malformed regular expressions. If an application linked against libicu, such as OpenOffice.org, processed a carefully-crafted regular expression, it could potentially cause the execution of arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct these issues." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:icu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:icu-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64icu-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64icu36"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libicu-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libicu36"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0"); script_set_attribute(attribute:"patch_publication_date", value:"2008/01/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2008.0", reference:"icu-3.6-4.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"icu-doc-3.6-4.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64icu-devel-3.6-4.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64icu36-3.6-4.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libicu-devel-3.6-4.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libicu36-3.6-4.1mdv2008.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Fedora Local Security Checks NASL id FEDORA_2008-1076.NASL description CVE-2007-4770 & CVE-2007-4771 Flaws in icu regexp handling. Technical details can be found at http://sourceforge.net/mailarchive/message.php?msg_name= d03a2ffb0801221538x68825e42xb4a4aaf0fcccecbd%2540mail.gmail.com Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 30087 published 2008-01-27 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30087 title Fedora 7 : icu-3.6-20.fc7 (2008-1076) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2008-1076. # include("compat.inc"); if (description) { script_id(30087); script_version ("1.15"); script_cvs_date("Date: 2019/08/02 13:32:26"); script_cve_id("CVE-2007-4770", "CVE-2007-4771"); script_bugtraq_id(27455); script_xref(name:"FEDORA", value:"2008-1076"); script_name(english:"Fedora 7 : icu-3.6-20.fc7 (2008-1076)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "CVE-2007-4770 & CVE-2007-4771 Flaws in icu regexp handling. Technical details can be found at http://sourceforge.net/mailarchive/message.php?msg_name= d03a2ffb0801221538x68825e42xb4a4aaf0fcccecbd%2540mail.gmail.com Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # http://sourceforge.net/mailarchive/message.php?msg_name= script_set_attribute( attribute:"see_also", value:"https://sourceforge.net/p/legacy_/mailarchive/message.php?msg_name=" ); # https://lists.fedoraproject.org/pipermail/package-announce/2008-January/007274.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?80f6f24f" ); script_set_attribute(attribute:"solution", value:"Update the affected icu package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:icu"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:7"); script_set_attribute(attribute:"patch_publication_date", value:"2008/01/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/01/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 7.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC7", reference:"icu-3.6-20.fc7")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "icu"); }
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200805-16.NASL description The remote host is affected by the vulnerability described in GLSA-200805-16 (OpenOffice.org: Multiple vulnerabilities) iDefense Labs reported multiple vulnerabilities in OpenOffice.org: multiple heap-based buffer overflows when parsing the last seen 2020-06-01 modified 2020-06-02 plugin id 32353 published 2008-05-16 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/32353 title GLSA-200805-16 : OpenOffice.org: Multiple vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200805-16. # # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(32353); script_version("1.23"); script_cvs_date("Date: 2019/08/02 13:32:45"); script_cve_id("CVE-2007-4770", "CVE-2007-4771", "CVE-2007-5745", "CVE-2007-5746", "CVE-2007-5747", "CVE-2008-0320"); script_xref(name:"GLSA", value:"200805-16"); script_name(english:"GLSA-200805-16 : OpenOffice.org: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200805-16 (OpenOffice.org: Multiple vulnerabilities) iDefense Labs reported multiple vulnerabilities in OpenOffice.org: multiple heap-based buffer overflows when parsing the 'Attribute' and 'Font' Description records of Quattro Pro (QPRO) files (CVE-2007-5745), an integer overflow when parsing the EMR_STRETCHBLT record of an EMF file, resulting in a heap-based buffer overflow (CVE-2007-5746), an integer underflow when parsing Quattro Pro (QPRO) files, resulting in an excessive loop and a stack-based buffer overflow (CVE-2007-5747), and a heap-based buffer overflow when parsing the 'DocumentSummaryInformation' stream in an OLE file (CVE-2008-0320). Furthermore, Will Drewry (Google Security) reported vulnerabilities in the memory management of the International Components for Unicode (CVE-2007-4770, CVE-2007-4771), which was resolved with GLSA 200803-20. However, the binary version of OpenOffice.org uses an internal copy of said library. Impact : A remote attacker could entice a user to open a specially crafted document, possibly resulting in the remote execution of arbitrary code with the privileges of the user running OpenOffice.org. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200803-20" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200805-16" ); script_set_attribute( attribute:"solution", value: "All OpenOffice.org users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-office/openoffice-2.4.0' All OpenOffice.org binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-office/openoffice-bin-2.4.0'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'OpenOffice OLE Importer DocumentSummaryInformation Stream Handling Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_cwe_id(119, 189, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:openoffice"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:openoffice-bin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2008/05/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/05/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"app-office/openoffice-bin", unaffected:make_list("ge 2.4.0"), vulnerable:make_list("lt 2.4.0"))) flag++; if (qpkg_check(package:"app-office/openoffice", unaffected:make_list("ge 2.4.0"), vulnerable:make_list("lt 2.4.0"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "OpenOffice.org"); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0090.NASL description Updated icu packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The International Components for Unicode (ICU) library provides robust and full-featured Unicode services. Will Drewry reported multiple flaws in the way libicu processed certain malformed regular expressions. If an application linked against ICU, such as OpenOffice.org, processed a carefully crafted regular expression, it may be possible to execute arbitrary code as the user running the application. (CVE-2007-4770, CVE-2007-4771) All users of icu should upgrade to these updated packages, which contain backported patches to resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 30091 published 2008-01-27 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30091 title RHEL 5 : icu (RHSA-2008:0090) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:0090. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(30091); script_version ("1.24"); script_cvs_date("Date: 2019/10/25 13:36:13"); script_cve_id("CVE-2007-4770", "CVE-2007-4771"); script_bugtraq_id(27455); script_xref(name:"RHSA", value:"2008:0090"); script_name(english:"RHEL 5 : icu (RHSA-2008:0090)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated icu packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The International Components for Unicode (ICU) library provides robust and full-featured Unicode services. Will Drewry reported multiple flaws in the way libicu processed certain malformed regular expressions. If an application linked against ICU, such as OpenOffice.org, processed a carefully crafted regular expression, it may be possible to execute arbitrary code as the user running the application. (CVE-2007-4770, CVE-2007-4771) All users of icu should upgrade to these updated packages, which contain backported patches to resolve these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-4770" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-4771" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2008:0090" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:icu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libicu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libicu-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libicu-doc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2008/01/28"); script_set_attribute(attribute:"patch_publication_date", value:"2008/01/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/01/27"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2008:0090"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"icu-3.6-5.11.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"icu-3.6-5.11.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"icu-3.6-5.11.1")) flag++; if (rpm_check(release:"RHEL5", reference:"libicu-3.6-5.11.1")) flag++; if (rpm_check(release:"RHEL5", reference:"libicu-devel-3.6-5.11.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"libicu-doc-3.6-5.11.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"libicu-doc-3.6-5.11.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"libicu-doc-3.6-5.11.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "icu / libicu / libicu-devel / libicu-doc"); } }
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200803-20.NASL description The remote host is affected by the vulnerability described in GLSA-200803-20 (International Components for Unicode: Multiple vulnerabilities) Will Drewry (Google Security) reported a vulnerability in the regular expression engine when using back references to capture \\0 characters (CVE-2007-4770). He also found that the backtracking stack size is not limited, possibly allowing for a heap-based buffer overflow (CVE-2007-4771). Impact : A remote attacker could submit specially crafted regular expressions to an application using the library, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application or a Denial of Service. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 31446 published 2008-03-13 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31446 title GLSA-200803-20 : International Components for Unicode: Multiple vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200803-20. # # The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(31446); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:32:44"); script_cve_id("CVE-2007-4770", "CVE-2007-4771"); script_xref(name:"GLSA", value:"200803-20"); script_name(english:"GLSA-200803-20 : International Components for Unicode: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200803-20 (International Components for Unicode: Multiple vulnerabilities) Will Drewry (Google Security) reported a vulnerability in the regular expression engine when using back references to capture \\0 characters (CVE-2007-4770). He also found that the backtracking stack size is not limited, possibly allowing for a heap-based buffer overflow (CVE-2007-4771). Impact : A remote attacker could submit specially crafted regular expressions to an application using the library, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application or a Denial of Service. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200803-20" ); script_set_attribute( attribute:"solution", value: "All International Components for Unicode users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-libs/icu-3.8.1-r1'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:icu"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2008/03/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/03/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-libs/icu", unaffected:make_list("ge 3.8.1-r1", "rge 3.6-r2"), vulnerable:make_list("lt 3.8.1-r1"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "International Components for Unicode"); }
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2008-0090.NASL description From Red Hat Security Advisory 2008:0090 : Updated icu packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The International Components for Unicode (ICU) library provides robust and full-featured Unicode services. Will Drewry reported multiple flaws in the way libicu processed certain malformed regular expressions. If an application linked against ICU, such as OpenOffice.org, processed a carefully crafted regular expression, it may be possible to execute arbitrary code as the user running the application. (CVE-2007-4770, CVE-2007-4771) All users of icu should upgrade to these updated packages, which contain backported patches to resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 67646 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67646 title Oracle Linux 5 : icu (ELSA-2008-0090) NASL family SuSE Local Security Checks NASL id SUSE_ICU-5013.NASL description Certain regular expressions could crash the ICU library (CVE-2007-4770, CVE-2007-4771). last seen 2020-06-01 modified 2020-06-02 plugin id 31399 published 2008-03-07 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31399 title openSUSE 10 Security Update : icu (icu-5013) NASL family Fedora Local Security Checks NASL id FEDORA_2008-1036.NASL description CVE-2007-4770 & CVE-2007-4771 Flaws in icu regexp handling. Technical details can be found at http://sourceforge.net/mailarchive/message.php?msg_name= d03a2ffb0801221538x68825e42xb4a4aaf0fcccecbd%2540mail.gmail.com Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 30086 published 2008-01-27 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30086 title Fedora 8 : icu-3.8-5.fc8 (2008-1036) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2008-0090.NASL description Updated icu packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The International Components for Unicode (ICU) library provides robust and full-featured Unicode services. Will Drewry reported multiple flaws in the way libicu processed certain malformed regular expressions. If an application linked against ICU, such as OpenOffice.org, processed a carefully crafted regular expression, it may be possible to execute arbitrary code as the user running the application. (CVE-2007-4770, CVE-2007-4771) All users of icu should upgrade to these updated packages, which contain backported patches to resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 43673 published 2010-01-06 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43673 title CentOS 5 : icu (CESA-2008:0090) NASL family Windows NASL id OPENOFFICE_240.NASL description The version of Sun Microsystems OpenOffice.org installed on the remote host is affected by several issues : - Heap overflow and arbitrary code execution vulnerabilities involving ODF text documents with XForms (CVE-2007-4770/4771). - Heap overflow and arbitrary code execution vulnerabilities involving Quattro Pro files (CVE-2007-5745/5747). - Heap overflow and arbitrary code execution vulnerabilities involving EMF files (CVE-2007-5746). - Heap overflow and arbitrary code execution vulnerabilities involving OLE files (CVE-2008-0320). last seen 2020-06-01 modified 2020-06-02 plugin id 31968 published 2008-04-17 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31968 title Sun OpenOffice.org < 2.4 Multiple Vulnerabilities NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-591-1.NASL description Will Drewry discovered that libicu did not properly handle last seen 2020-06-01 modified 2020-06-02 plugin id 31678 published 2008-03-26 reporter Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/31678 title Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : icu vulnerabilities (USN-591-1) NASL family SuSE Local Security Checks NASL id SUSE_ICU-5014.NASL description Certain regular expressions could crash the ICU library. (CVE-2007-4770 / CVE-2007-4771) last seen 2020-06-01 modified 2020-06-02 plugin id 31400 published 2008-03-07 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31400 title SuSE 10 Security Update : icu (ZYPP Patch Number 5014) NASL family SuSE Local Security Checks NASL id SUSE_OPENOFFICE_ORG-5053.NASL description This update of OpenOffice fixes various critical security vulnerabilities - heap-overflow when parsing PPT files (CVE-2008-0320) - various buffer-overflows while parsing QPRO files (CVE-2007-5745, CVE-2007-5747) - out-of-bound memory access and a heap-overflow in the regex engine of libICU (CVE-2007-4770,CVE-2007-4771) last seen 2020-06-01 modified 2020-06-02 plugin id 32023 published 2008-04-22 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/32023 title openSUSE 10 Security Update : OpenOffice_org (OpenOffice_org-5053) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1511.NASL description Several local vulnerabilities have been discovered in libicu, International Components for Unicode, The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-4770 libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames. - CVE-2007-4771 Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack. last seen 2020-06-01 modified 2020-06-02 plugin id 31358 published 2008-03-07 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/31358 title Debian DSA-1511-1 : libicu - various NASL family Scientific Linux Local Security Checks NASL id SL_20080125_ICU_ON_SL5_X.NASL description Will Drewry reported multiple flaws in the way libicu processed certain malformed regular expressions. If an application linked against ICU, such as OpenOffice.org, processed a carefully crafted regular expression, it may be possible to execute arbitrary code as the user running the application. (CVE-2007-4770, CVE-2007-4771) last seen 2020-06-01 modified 2020-06-02 plugin id 60352 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60352 title Scientific Linux Security Update : icu on SL5.x i386/x86_64
Oval
accepted 2013-04-29T04:12:03.133-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 5 oval oval:org.mitre.oval:def:11414 comment The operating system installed on the system is CentOS Linux 5.x oval oval:org.mitre.oval:def:15802 comment Oracle Linux 5.x oval oval:org.mitre.oval:def:15459
description libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames. family unix id oval:org.mitre.oval:def:11172 status accepted submitted 2010-07-09T03:56:16-04:00 title libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames. version 18 accepted 2008-04-21T04:00:22.668-04:00 class vulnerability contributors name Pai Peng organization Hewlett-Packard definition_extensions comment Solaris 9 (SPARC) is installed oval oval:org.mitre.oval:def:1457 comment Solaris 10 (SPARC) is installed oval oval:org.mitre.oval:def:1440 comment Solaris 9 (x86) is installed oval oval:org.mitre.oval:def:1683 comment Solaris 10 (x86) is installed oval oval:org.mitre.oval:def:1926
description libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames. family unix id oval:org.mitre.oval:def:5507 status accepted submitted 2008-03-11T10:54:47.000-04:00 title Multiple Security Vulnerabilities in ICU 3.2 Library Regular Expression Processing May Cause a Denial of Service (DoS) version 35
Redhat
advisories |
| ||||
rpms |
|
References
- http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
- http://rhn.redhat.com/errata/RHSA-2008-0090.html
- http://rhn.redhat.com/errata/RHSA-2008-0090.html
- http://secunia.com/advisories/28575
- http://secunia.com/advisories/28575
- http://secunia.com/advisories/28615
- http://secunia.com/advisories/28615
- http://secunia.com/advisories/28669
- http://secunia.com/advisories/28669
- http://secunia.com/advisories/28783
- http://secunia.com/advisories/28783
- http://secunia.com/advisories/29194
- http://secunia.com/advisories/29194
- http://secunia.com/advisories/29242
- http://secunia.com/advisories/29242
- http://secunia.com/advisories/29291
- http://secunia.com/advisories/29291
- http://secunia.com/advisories/29294
- http://secunia.com/advisories/29294
- http://secunia.com/advisories/29333
- http://secunia.com/advisories/29333
- http://secunia.com/advisories/29852
- http://secunia.com/advisories/29852
- http://secunia.com/advisories/29910
- http://secunia.com/advisories/29910
- http://secunia.com/advisories/29987
- http://secunia.com/advisories/29987
- http://secunia.com/advisories/30179
- http://secunia.com/advisories/30179
- http://security.gentoo.org/glsa/glsa-200803-20.xml
- http://security.gentoo.org/glsa/glsa-200803-20.xml
- http://security.gentoo.org/glsa/glsa-200805-16.xml
- http://security.gentoo.org/glsa/glsa-200805-16.xml
- http://securitytracker.com/id?1019269
- http://securitytracker.com/id?1019269
- http://sourceforge.net/mailarchive/message.php?msg_name=d03a2ffb0801221538x68825e42xb4a4aaf0fcccecbd%40mail.gmail.com
- http://sourceforge.net/mailarchive/message.php?msg_name=d03a2ffb0801221538x68825e42xb4a4aaf0fcccecbd%40mail.gmail.com
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-231641-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-231641-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-233922-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-233922-1
- http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0043
- http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0043
- http://www.debian.org/security/2008/dsa-1511
- http://www.debian.org/security/2008/dsa-1511
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:026
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:026
- http://www.novell.com/linux/security/advisories/2008_23_openoffice.html
- http://www.novell.com/linux/security/advisories/2008_23_openoffice.html
- http://www.openoffice.org/security/cves/CVE-2007-4770.html
- http://www.openoffice.org/security/cves/CVE-2007-4770.html
- http://www.openoffice.org/security/cves/CVE-2007-5745.html
- http://www.openoffice.org/security/cves/CVE-2007-5745.html
- http://www.securityfocus.com/archive/1/487677/100/0/threaded
- http://www.securityfocus.com/archive/1/487677/100/0/threaded
- http://www.securityfocus.com/bid/27455
- http://www.securityfocus.com/bid/27455
- http://www.ubuntu.com/usn/usn-591-1
- http://www.ubuntu.com/usn/usn-591-1
- http://www.vupen.com/english/advisories/2008/0282
- http://www.vupen.com/english/advisories/2008/0282
- http://www.vupen.com/english/advisories/2008/0807/references
- http://www.vupen.com/english/advisories/2008/0807/references
- http://www.vupen.com/english/advisories/2008/1375/references
- http://www.vupen.com/english/advisories/2008/1375/references
- https://bugzilla.redhat.com/show_bug.cgi?id=429023
- https://bugzilla.redhat.com/show_bug.cgi?id=429023
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39938
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39938
- https://issues.rpath.com/browse/RPL-2199
- https://issues.rpath.com/browse/RPL-2199
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11172
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11172
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5507
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5507
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00896.html
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00896.html
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00921.html
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00921.html