Vulnerabilities > CVE-2013-0900 - Race Condition vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Race condition in the International Components for Unicode (ICU) functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Leveraging Race Conditions This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
- Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-203.NASL description chromium was updated to version 27.0.1425 having both stability and security fixes : - Bug and stability fixes : - Fixed crash after clicking through malware warning. (Issue: 173986) - Fixed broken command line to create extensions with locale info (Issue: 176187) - Hosted apps in Chrome will always be opened from app launcher. (Issue: 176267) - Added modal confirmation dialog to the enterprise profile sign-in flow. (Issue: 171236) - Fixed a crash with autofill. (Issues: 175454, 176576) - Fixed issues with sign-in. (Issues: 175672, 175819, 175541, 176190) - Fixed spurious profile shortcuts created with a system-level install. (Issue: 177047) - Fixed the background tab flashing with certain themes. (Issue: 175426) - Security Fixes: (bnc#804986) - High CVE-2013-0879: Memory corruption with web audio node - High CVE-2013-0880: Use-after-free in database handling - Medium CVE-2013-0881: Bad read in Matroska handling - High CVE-2013-0882: Bad memory access with excessive SVG parameters. - Medium CVE-2013-0883: Bad read in Skia. - Low CVE-2013-0884: Inappropriate load of NaCl. - Medium CVE-2013-0885: Too many API permissions granted to web store - Medium CVE-2013-0886: Incorrect NaCl signal handling. - Low CVE-2013-0887: Developer tools process has too many permissions and places too much trust in the connected server - Medium CVE-2013-0888: Out-of-bounds read in Skia - Low CVE-2013-0889: Tighten user gesture check for dangerous file downloads. - High CVE-2013-0890: Memory safety issues across the IPC layer. - High CVE-2013-0891: Integer overflow in blob handling. - Medium CVE-2013-0892: Lower severity issues across the IPC layer - Medium CVE-2013-0893: Race condition in media handling. - High CVE-2013-0894: Buffer overflow in vorbis decoding. - High CVE-2013-0895: Incorrect path handling in file copying. - High CVE-2013-0896: Memory management issues in plug-in message handling - Low CVE-2013-0897: Off-by-one read in PDF - High CVE-2013-0898: Use-after-free in URL handling - Low CVE-2013-0899: Integer overflow in Opus handling - Medium CVE-2013-0900: Race condition in ICU - Make adjustment for autodetecting of the PepperFlash library. The package with the PepperFlash hopefully will be soon available through packman - Update to 26.0.1411 - Bug and stability fixes - Update to 26.0.1403 - Bug and stability fixes - Using system libxml2 requires system libxslt. - Using system MESA does not work in i586 for some reason. - Also use system MESA, factory version seems adecuate now. - Always use system libxml2. - Restrict the usage of system libraries instead of the bundled ones to new products, too much hassle otherwise. - Also link kerberos and libgps directly, do not dlopen them. - Avoid using dlopen on system libraries, rpm or the package Manager do not handle this at all. tested for a few weeks and implemented with a macro so it can be easily disabled if problems arise. - Use SOME system libraries instead of the bundled ones, tested for several weeks and implemented with a macro for easy enable/Disable in case of trouble. - Update to 26.0.1393 - Bug and stability fixes - Security fixes - Update to 26.0.1375 - Bug and stability fixes - Update to 26.0.1371 - Bug and stability fixes - Update to 26.0.1367 - Bug and stability fixes last seen 2020-06-05 modified 2014-06-13 plugin id 74920 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74920 title openSUSE Security Update : chromium (openSUSE-SU-2013:0454-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201402-14.NASL description The remote host is affected by the vulnerability described in GLSA-201402-14 (International Components for Unicode: Denial of Service) Multiple vulnerabilities have been discovered in International Components for Unicode. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 72418 published 2014-02-11 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72418 title GLSA-201402-14 : International Components for Unicode: Denial of Service NASL family Solaris Local Security Checks NASL id SOLARIS11_ICU_20140819.NASL description The remote Solaris system is missing necessary patches to address security updates : - Race condition in the International Components for Unicode (ICU) functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. (CVE-2013-0900) last seen 2020-06-01 modified 2020-06-02 plugin id 80642 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80642 title Oracle Solaris Third-Party Patch Update : icu (cve_2013_0900_race_conditions) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2786.NASL description The Google Chrome Security Team discovered two issues (a race condition and a use-after-free issue) in the International Components for Unicode (ICU) library. last seen 2020-03-17 modified 2013-10-29 plugin id 70664 published 2013-10-29 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70664 title Debian DSA-2786-1 : icu - several vulnerabilities NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_DFD92CB27D4811E2AD4800262D5ED8EE.NASL description Google Chrome Releases reports : [172243] High CVE-2013-0879: Memory corruption with web audio node. Credit to Atte Kettunen of OUSPG. [171951] High CVE-2013-0880: Use-after-free in database handling. Credit to Chamal de Silva. [167069] Medium CVE-2013-0881: Bad read in Matroska handling. Credit to Atte Kettunen of OUSPG. [165432] High CVE-2013-0882: Bad memory access with excessive SVG parameters. Credit to Renata Hodovan. [142169] Medium CVE-2013-0883: Bad read in Skia. Credit to Atte Kettunen of OUSPG. [172984] Low CVE-2013-0884: Inappropriate load of NaCl. Credit to Google Chrome Security Team (Chris Evans). [172369] Medium CVE-2013-0885: Too many API permissions granted to web store. [171065] [170836] Low CVE-2013-0887: Developer tools process has too many permissions and places too much trust in the connected server. [170666] Medium CVE-2013-0888: Out-of-bounds read in Skia. Credit to Google Chrome Security Team (Inferno). [170569] Low CVE-2013-0889: Tighten user gesture check for dangerous file downloads. [169973] [169966] High CVE-2013-0890: Memory safety issues across the IPC layer. Credit to Google Chrome Security Team (Chris Evans). [169685] High CVE-2013-0891: Integer overflow in blob handling. Credit to Google Chrome Security Team (Juri Aedla). [169295] [168710] [166493] [165836] [165747] [164958] [164946] Medium CVE-2013-0892: Lower severity issues across the IPC layer. Credit to Google Chrome Security Team (Chris Evans). [168570] Medium CVE-2013-0893: Race condition in media handling. Credit to Andrew Scherkus of the Chromium development community. [168473] High CVE-2013-0894: Buffer overflow in vorbis decoding. Credit to Google Chrome Security Team (Inferno). [Linux / Mac] [167840] High CVE-2013-0895: Incorrect path handling in file copying. Credit to Google Chrome Security Team (Juri Aedla). [166708] High CVE-2013-0896: Memory management issues in plug-in message handling. Credit to Google Chrome Security Team (Cris Neckar). [165537] Low CVE-2013-0897: Off-by-one read in PDF. Credit to Mateusz Jurczyk, with contributions by Gynvael Coldwind, both from Google Security Team. [164643] High CVE-2013-0898: Use-after-free in URL handling. Credit to Alexander Potapenko of the Chromium development community. [160480] Low CVE-2013-0899: Integer overflow in Opus handling. Credit to Google Chrome Security Team (Juri Aedla). [152442] Medium CVE-2013-0900: Race condition in ICU. Credit to Google Chrome Security Team (Inferno). last seen 2020-06-01 modified 2020-06-02 plugin id 64859 published 2013-02-24 reporter This script is Copyright (C) 2013-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64859 title FreeBSD : chromium -- multiple vulnerabilities (dfd92cb2-7d48-11e2-ad48-00262d5ed8ee) NASL family Fedora Local Security Checks NASL id FEDORA_2013-3546.NASL description Resolves: rhbz#918168 CVE-2013-0900 race condition allows DoS Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-03-17 plugin id 65593 published 2013-03-17 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/65593 title Fedora 18 : icu-49.1.1-8.fc18 (2013-3546) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201309-16.NASL description The remote host is affected by the vulnerability described in GLSA-201309-16 (Chromium, V8: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact : A context-dependent attacker could entice a user to open a specially crafted website or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other, unspecified, impact. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 70112 published 2013-09-25 reporter This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70112 title GLSA-201309-16 : Chromium, V8: Multiple vulnerabilities NASL family Windows NASL id GOOGLE_CHROME_25_0_1364_97.NASL description The version of Google Chrome installed on the remote host is a version prior to 25.0.1364.97. It is, therefore, affected by the following vulnerabilities : - An unspecified memory corruption error exists related to last seen 2020-06-01 modified 2020-06-02 plugin id 64813 published 2013-02-22 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64813 title Google Chrome < 25.0.1364.97 Multiple Vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2013-3538.NASL description Resolves: rhbz#918168 CVE-2013-0900 race condition allows DoS Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-03-17 plugin id 65592 published 2013-03-17 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/65592 title Fedora 17 : icu-4.8.1.1-5.fc17 (2013-3538) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1989-1.NASL description It was discovered that ICU contained a race condition affecting multi- threaded applications. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 12.04 LTS and Ubuntu 12.10. (CVE-2013-0900) It was discovered that ICU incorrectly handled memory operations. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. (CVE-2013-2924). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 70452 published 2013-10-16 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70452 title Ubuntu 12.04 LTS / 12.10 / 13.04 : icu vulnerabilities (USN-1989-1) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-258.NASL description Updated icu packages fix security vulnerabilities : It was discovered that ICU contained a race condition affecting multi-threaded applications. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program (CVE-2013-0900). It was discovered that ICU incorrectly handled memory operations. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program (CVE-2013-2924). last seen 2020-06-01 modified 2020-06-02 plugin id 70678 published 2013-10-29 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70678 title Mandriva Linux Security Advisory : icu (MDVSA-2013:258)
Oval
| accepted | 2013-08-12T04:08:28.714-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | Race condition in the International Components for Unicode (ICU) functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||||||||||||
| family | windows | ||||||||||||
| id | oval:org.mitre.oval:def:16404 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2013-02-24T15:45:10.582-05:00 | ||||||||||||
| title | Race condition in the International Components for Unicode (ICU) functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X | ||||||||||||
| version | 44 |
References
- http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html
- https://code.google.com/p/chromium/issues/detail?id=152442
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16404
- http://www.debian.org/security/2013/dsa-2786
- http://lists.opensuse.org/opensuse-updates/2013-03/msg00045.html
- http://jvn.jp/en/jp/JVN70739377/index.html