Lucene search
K

Debian DSA-4646-1 : icu - security update

🗓️ 26 Mar 2020 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 43 Views

Debian DSA-4646-1: icu - integer overflow, denial of service, arbitrary cod

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: ICU Vulnerability Affects IBM Control Center (CVE-2020-10531)
16 Jun 202119:41
ibm
IBM Security Bulletins
Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js™ in IBM Cloud
15 Jun 202022:03
ibm
IBM Security Bulletins
Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities
13 Aug 202122:15
ibm
IBM Security Bulletins
Security Bulletin: IBM Cloud Transformation Advisor is affected by multiple Node.js vulnerabilities.
15 Sep 202016:30
ibm
IBM Security Bulletins
Security Bulletin: Multiple Vulnerabilities Affected for EDB
21 Jul 202513:52
ibm
IBM Security Bulletins
Security Bulletin: Multiple vulnerabilities in ICU libraries used in IBM DataPower Gateway
10 Sep 202114:15
ibm
IBM Security Bulletins
Security Bulletin: Netcool Operations Insight - Cloud Native Event Analytics is affected by a International Components for Unicode (ICU) for C/C++ vulnerability (CVE-2020-10531)
13 Aug 202013:19
ibm
IBM Security Bulletins
Security Bulletin: Version 10.19.0 of Node.js included in IBM Netcool Operations Insight 1.6.0.x has several security vulnerabilities
7 Aug 202011:11
ibm
IBM Security Bulletins
Security Bulletin: Multiple security vulnerabilities in Node.js affect IBM App Connect Enterprise V11
29 Jul 202007:36
ibm
IBM Security Bulletins
Security Bulletin: IBM DataPower Gateway affected by vulnerabilities in ICU [CVE-2017-14952 and CVE-2020-10531]
18 Aug 202213:01
ibm
Rows per page
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-4646. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('compat.inc');

if (description)
{
  script_id(134917);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/20");

  script_cve_id("CVE-2020-10531");
  script_xref(name:"DSA", value:"4646");

  script_name(english:"Debian DSA-4646-1 : icu - security update");

  script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing a security-related update.");
  script_set_attribute(attribute:"description", value:
"Andre Bargull discovered an integer overflow in the International
Components for Unicode (ICU) library which could result in denial of
service and potentially the execution of arbitrary code.");
  script_set_attribute(attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953747");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/icu");
  script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/stretch/icu");
  script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/buster/icu");
  script_set_attribute(attribute:"see_also", value:"https://www.debian.org/security/2020/dsa-4646");
  script_set_attribute(attribute:"solution", value:
"Upgrade the icu packages.

For the oldstable distribution (stretch), this problem has been fixed
in version 57.1-6+deb9u4.

For the stable distribution (buster), this problem has been fixed in
version 63.1-6+deb10u1.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-10531");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/03/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/03/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/26");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:icu");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:10.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Debian Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"10.0", prefix:"icu-devtools", reference:"63.1-6+deb10u1")) flag++;
if (deb_check(release:"10.0", prefix:"icu-doc", reference:"63.1-6+deb10u1")) flag++;
if (deb_check(release:"10.0", prefix:"libicu-dev", reference:"63.1-6+deb10u1")) flag++;
if (deb_check(release:"10.0", prefix:"libicu63", reference:"63.1-6+deb10u1")) flag++;
if (deb_check(release:"9.0", prefix:"icu-devtools", reference:"57.1-6+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"icu-devtools-dbg", reference:"57.1-6+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"icu-doc", reference:"57.1-6+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libicu-dev", reference:"57.1-6+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libicu57", reference:"57.1-6+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libicu57-dbg", reference:"57.1-6+deb9u4")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

20 Mar 2024 00:00Current
8High risk
Vulners AI Score8
CVSS 26.8
CVSS 3.18.8
EPSS0.02669
43