Vulnerabilities > CVE-2009-4012 - Numeric Errors vulnerability in Linux.Thai Libthai
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple integer overflows in LibThai before 0.1.13 might allow context-dependent attackers to execute arbitrary code via long strings that trigger heap-based buffer overflows, related to (1) thbrk/thbrk.c and (2) thwbrk/thwbrk.c. NOTE: some of these details are obtained from third party information.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1971.NASL description Tim Starling discovered that libthai, a set of Thai language support routines, is vulnerable of integer/heap overflow. This vulnerability could allow an attacker to run arbitrary code by sending a very long string. last seen 2020-06-01 modified 2020-06-02 plugin id 44836 published 2010-02-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44836 title Debian DSA-1971-1 : libthai - integer overflow NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-010.NASL description Multiple vulnerabilities has been found and corrected in libthai : Tim Starling discovered that libthai, a set of Thai language support routines, is vulnerable of integer/heap overflow. This vulnerability could allow an attacker to run arbitrary code by sending a very long string (CVE-2009-4012). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 44042 published 2010-01-18 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44042 title Mandriva Linux Security Advisory : libthai (MDVSA-2010:010) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-887-1.NASL description Tim Starling discovered that LibThai did not correctly handle long strings. A remote attacker could use specially-formed strings to execute arbitrary code with the user last seen 2020-06-01 modified 2020-06-02 plugin id 44058 published 2010-01-19 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44058 title Ubuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : libthai vulnerability (USN-887-1) NASL family SuSE Local Security Checks NASL id SUSE_11_1_LIBTHAI-100115.NASL description very long strings could lead to a heap buffer overflow in libthai last seen 2020-06-01 modified 2020-06-02 plugin id 44368 published 2010-02-02 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44368 title openSUSE Security Update : libthai (libthai-1808) NASL family SuSE Local Security Checks NASL id SUSE_11_0_LIBTHAI-100115.NASL description very long strings could lead to a heap buffer overflow in libthai last seen 2020-06-01 modified 2020-06-02 plugin id 44362 published 2010-02-02 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44362 title openSUSE Security Update : libthai (libthai-1808) NASL family SuSE Local Security Checks NASL id SUSE_11_2_LIBTHAI-100115.NASL description very long strings could lead to a heap buffer overflow in libthai last seen 2020-06-01 modified 2020-06-02 plugin id 44372 published 2010-02-02 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44372 title openSUSE Security Update : libthai (libthai-1808)
References
- http://linux.thai.net/node/184
- http://linux.thai.net/svn/software/libthai/tags/r_0_1_13/ChangeLog
- http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00000.html
- http://secunia.com/advisories/38196
- http://secunia.com/advisories/38213
- http://secunia.com/advisories/38235
- http://secunia.com/advisories/38420
- http://security.debian.org/pool/updates/main/libt/libthai/libthai_0.1.6-1+etch1.diff.gz
- http://security.debian.org/pool/updates/main/libt/libthai/libthai_0.1.9-4+lenny1.diff.gz
- http://ubuntu.com/usn/usn-887-1
- http://www.debian.org/security/2010/dsa-1971
- http://www.securityfocus.com/bid/37822