Details of VAR-200805-0566

ID

VAR-200805-0566

CVE

CVE-2008-1036

TITLE

Apple Mac OS X of International Components for Unicode (ICU) Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2008-001406

DESCRIPTION

The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks. The security update addresses a total of 19 new vulnerabilities that affect the AFP Server, AppKit, Apple Pixlet Video, ATS, CFNetwork, CoreFoundation, CoreGraphics, CoreTypes, CUPS, Help Viewer, iCal, International Components for Unicode, Image Capture, ImageIO, Kernel, Mail, Single Sign-On, and Wiki Server components of Mac OS X. The International Components for Unicode (ICU) is prone to a vulnerability related to the handling of certain invalid character sequences. An attacker may leverage this vulnerability to bypass content filters. This may lead to cross-site scripting attacks or the disclosure of sensitive information in some cases. Other attacks are also possible. NOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities), but has been given its own record to better document the vulnerability. I. Further details are available in the US-CERT Vulnerability Notes Database. II. III. These and other updates are available via Software Update or via Apple Downloads. IV. Please send email to <cert@cert.org> with "TA08-150A Feedback VU#566875" in the subject. _________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. _________________________________________________________________ Produced 2008 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History May 29 2008: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo Yvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx 403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN RjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom vmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI DcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ== =QvSr -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Secunia Network Software Inspector 2.0 (NSI) - Public Beta The Public Beta has ended. Thanks to all that participated. 1) An error in AFP server allows connected users or guests to access files and directories that are not within a shared directory. 2) Some vulnerabilities in Apache can be exploited by malicious people to conduct cross-site scripting attacks or to cause a DoS (Denial of Service). 3) An unspecified error in AppKit can potentially be exploited to execute arbitrary code when a user opens a specially crafted document file with an editor that uses AppKit (e.g. TextEdit). 4) Multiple unspecified errors exist in the processing of Pixlet video files. These can be exploited to cause memory corruption and potentially allow for execution of arbitrary code when a user opens a specially crafted movie file. 5) An unspecified error exists in Apple Type Services when processing embedded fonts in PDF files. This can be exploited to cause a memory corruption when a PDF file containing a specially crafted embedded font is printed. Successful exploitation may allow execution of arbitrary code. 6) An error in Safari's SSL client certificate handling can lead to an information disclosure of the first client certificate found in the keychain when a web server issues a client certificate request. 7) An integer overflow exists in CoreFoundation when handling CFData objects. This can be exploited to cause a heap-based buffer overflow if an application calls "CFDataReplaceBytes" with an invalid "length" argument. 8) An error due to an uninitialised variable in CoreGraphics can potentially be exploited to execute arbitrary code when a specially crafted PDF is opened. 9) A weakness is caused due to users not being warned before opening certain potentially unsafe content types. 11) Some vulnerabilities in Adobe Flash Player can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, or to potentially compromise a user's system. For more information: SA28083 12) An integer underflow error in Help Viewer when handling help:topic URLs can be exploited to cause a buffer overflow when a specially crafted help:topic URL is accessed. Successful exploitation may allow execution of arbitrary code. 14) Input passed to unspecified parameters in Image Capture's embedded web server is not properly sanitised before being used. This can be exploited to disclose the content of local files via directory traversal attacks. 15) An error in the handling of temporary files in Image Capture can be exploited by malicious, local users to manipulate files with the privilege of a user running Image Capture. 16) A boundary error in the BMP and GIF image decoding engine in ImageIO can be exploited to disclose content in memory. 17) Some vulnerabilities in ImageIO can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerabilities are caused due to the use of vulnerable libpng code. For more information: SA27093 SA27130 18) An integer overflow error in ImageIO within the processing of JPEG2000 images can be exploited to cause a heap-based buffer overflow when a specially crafted JPEG2000 image is viewed. Successful exploitation of this vulnerability may allow execution of arbitrary code. 19) An error in Mail is caused due to an uninitialised variable and can lead to disclosure of sensitive information and potentially execution of arbitrary code when mail is sent through an SMTP server over IPv6. For more information: SA28323 21) The sso_util command-line tool requires that passwords be passed to it in its arguments, which can be exploited by malicious, local users to disclose the passwords. 22) An error in Wiki Server can be exploited to determine valid local user names when nonexistent blogs are accessed. ORIGINAL ADVISORY: http://support.apple.com/kb/HT1897 OTHER REFERENCES: SA18008: http://secunia.com/advisories/18008/ SA18307: http://secunia.com/advisories/18307/ SA26273: http://secunia.com/advisories/26273/ SA26636: http://secunia.com/advisories/26636/ SA27093: http://secunia.com/advisories/27093/ SA27130: http://secunia.com/advisories/27130/ SA28081: http://secunia.com/advisories/28081/ SA28083: http://secunia.com/advisories/28083/ SA28323: http://secunia.com/advisories/28323/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . =========================================================== Ubuntu Security Notice USN-747-1 March 26, 2009 icu vulnerability CVE-2008-1036 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libicu34 3.4.1a-1ubuntu1.6.06.2 Ubuntu 7.10: libicu36 3.6-3ubuntu0.2 Ubuntu 8.04 LTS: libicu38 3.8-6ubuntu0.1 Ubuntu 8.10: libicu38 3.8.1-2ubuntu0.1 After a standard system upgrade you need to restart applications linked against libicu, such as OpenOffice.org, to effect the necessary changes. Details follow: It was discovered that libicu did not correctly handle certain invalid encoded data. If a user or automated system were tricked into processing specially crafted data with applications linked against libicu, certain content filters could be bypassed. ---------------------------------------------------------------------- Did you know? Our assessment and impact rating along with detailed information such as exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more about our commercial solutions: http://secunia.com/advisories/business_solutions/ Click here to trial our solutions: http://secunia.com/advisories/try_vi/ ---------------------------------------------------------------------- TITLE: Red Hat update for icu SECUNIA ADVISORY ID: SA34290 VERIFY ADVISORY: http://secunia.com/advisories/34290/ DESCRIPTION: Red Hat has issued an update for icu. For more information: SA34246 SOLUTION: Updated packages are available via Red Hat Network. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1762-1 security@debian.org http://www.debian.org/security/ Steffen Joeris April 02, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : icu Vulnerability : insufficient input sanitising Problem type : remote Debian-specific: no CVE Id : CVE-2008-1036 It was discovered that icu, the internal components for Unicode, did not properly sanitise invalid encoded data, which could lead to cross- site scripting attacks. For the stable distribution (lenny), this problem has been fixed in version 3.8.1-3+lenny1. For the oldstable distribution (etch), this problem has been fixed in version 3.6-2etch2. For the testing distribution (squeeze) and the unstable distribution (sid), this problem has been fixed in version 4.0.1-1. We recommend that you upgrade your icu packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Debian (oldstable) - ------------------ Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/i/icu/icu_3.6-2etch2.diff.gz Size/MD5 checksum: 14912 d15e89ba186f4003cf0fe25523bf5b68 http://security.debian.org/pool/updates/main/i/icu/icu_3.6-2etch2.dsc Size/MD5 checksum: 600 be64e9d5a346866e9cb5c0f60243d2fe http://security.debian.org/pool/updates/main/i/icu/icu_3.6.orig.tar.gz Size/MD5 checksum: 9778863 0f1bda1992b4adca62da68a7ad79d830 Architecture independent packages: http://security.debian.org/pool/updates/main/i/icu/icu-doc_3.6-2etch2_all.deb Size/MD5 checksum: 3334030 c6e6fbd348c8d802746a890393a767a5 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_alpha.deb Size/MD5 checksum: 5584350 c988d1810f2abe6aca3c530061343674 http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_alpha.deb Size/MD5 checksum: 7009562 489c1341f1331b8664ec201d7b0896ac amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_amd64.deb Size/MD5 checksum: 5444828 4cf4fecae90466c879a1b506da4b54da http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_amd64.deb Size/MD5 checksum: 6584058 b74be6476a73b13f397c742dd05a46ef arm architecture (ARM) http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_arm.deb Size/MD5 checksum: 5455872 ffd9a4362bd56c95ac8c9e2d59b0f85b http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_arm.deb Size/MD5 checksum: 6625136 a64d8a5965f960b7a42f175465552d1b i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_i386.deb Size/MD5 checksum: 6480730 bab51b594e5b159ec97c4d0a78e137d4 http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_i386.deb Size/MD5 checksum: 5464844 6022ce1a314dc2ac9ba6a4e7c2364c0f ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_ia64.deb Size/MD5 checksum: 7240032 54c98bff14b4d4b9106cbe4a0f37a790 http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_ia64.deb Size/MD5 checksum: 5865936 dfe2b9a21d02b3f6d0328076e90884b9 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_mips.deb Size/MD5 checksum: 5747772 6f7e94aa52df7e55632aded82da5be5b http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_mips.deb Size/MD5 checksum: 7032276 c873f62a11e599880d349171be6724b7 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_mipsel.deb Size/MD5 checksum: 6767430 c34cfe617b2fa3b0ac265f445a77b151 http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_mipsel.deb Size/MD5 checksum: 5462642 42cec53922ec7b565c314daca3480331 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_powerpc.deb Size/MD5 checksum: 6889534 dbbcea68da2b4cde02734cf8af6a8bdd http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_powerpc.deb Size/MD5 checksum: 5748424 4af92234d22b585cdce7912733bc309e s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_s390.deb Size/MD5 checksum: 6895200 637a01ea921657380bd42959e4bd5adf http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_s390.deb Size/MD5 checksum: 5777440 b1be81050b86652f9c1d943bc4887dc7 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_sparc.deb Size/MD5 checksum: 6772296 b0bb6f8d327193d0e9055e8eb8f98a51 http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_sparc.deb Size/MD5 checksum: 5671528 fa33dfa1c2278405708d23cd94be6919 Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/i/icu/icu_3.8.1-3+lenny1.dsc Size/MD5 checksum: 1297 daaf6d8629a5cde19dcfed98bc9a84a9 http://security.debian.org/pool/updates/main/i/icu/icu_3.8.1.orig.tar.gz Size/MD5 checksum: 10591204 ca52a1eb5050478f5f7d24e16ce01f57 http://security.debian.org/pool/updates/main/i/icu/icu_3.8.1-3+lenny1.diff.gz Size/MD5 checksum: 20267 9c9d1d71c50f4deec44e95a9d5ea2530 Architecture independent packages: http://security.debian.org/pool/updates/main/i/icu/icu-doc_3.8.1-3+lenny1_all.deb Size/MD5 checksum: 3774790 1a1cd3c7fde641350322461af9f57a37 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_alpha.deb Size/MD5 checksum: 7565948 02e495e8771842e904cf67a80de61b82 http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_alpha.deb Size/MD5 checksum: 6065532 de58265aad775defadbb2a7b6af9d88d http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_alpha.deb Size/MD5 checksum: 2364976 a28a051462a4b40c1ca94b663145ce16 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/i/icu/lib32icu-dev_3.8.1-3+lenny1_amd64.deb Size/MD5 checksum: 6062920 3a90fc0d97f43436e4cca417a662b0f8 http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_amd64.deb Size/MD5 checksum: 7131010 c7bcc67bf7ebc77254f2b5b9f312f1bb http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_amd64.deb Size/MD5 checksum: 2401370 d54929d018b9c28224299bad4b3fd3a7 http://security.debian.org/pool/updates/main/i/icu/lib32icu38_3.8.1-3+lenny1_amd64.deb Size/MD5 checksum: 5920040 bfbb1dd39f462c2737a114f40fc3b494 http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_amd64.deb Size/MD5 checksum: 5932356 bcf6d7dab8a71f00e702384b97cf19a4 arm architecture (ARM) http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_arm.deb Size/MD5 checksum: 2286786 ce4bb8567f48cc3cf235368db8963544 http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_arm.deb Size/MD5 checksum: 7183924 fbc8204644ef5e0fc74fc22f7d26034a http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_arm.deb Size/MD5 checksum: 5907872 93989d0a25c86c9e38e6317ca420fbc4 armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_armel.deb Size/MD5 checksum: 1755700 89f87c26a0ce9a7f923a05d9b2555673 http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_armel.deb Size/MD5 checksum: 7411842 70fc597eeb9c0e9e68d0137e0216f124 http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_armel.deb Size/MD5 checksum: 5847710 08c26011ddb182edb57549e671d6cc61 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_hppa.deb Size/MD5 checksum: 6377564 b8b8b1a62a0a02dd8469f7c172d92415 http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_hppa.deb Size/MD5 checksum: 7663982 cae24c749162aa3f4a896ec5dbde678a http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_hppa.deb Size/MD5 checksum: 2357154 3ba097e27ead38178bbb8f804f13d77a i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_i386.deb Size/MD5 checksum: 2278828 f9111677c4e7b9244bd643d748e2f18c http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_i386.deb Size/MD5 checksum: 5920016 7aecb5bc8fe15f0c1b5ef5c4419eab6a http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_i386.deb Size/MD5 checksum: 6991888 351e9f8d60f139c335bf7ea07235dc08 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_ia64.deb Size/MD5 checksum: 6396240 7c56b1d5f54c9f6a4a2a6fc9698e4337 http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_ia64.deb Size/MD5 checksum: 7825392 c99733de07fe43de5c0c1d923ebf93aa http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_ia64.deb Size/MD5 checksum: 2207992 757e5e5c49c66411cc7e1077808c7576 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_mips.deb Size/MD5 checksum: 7599142 1d81608602f7b3a18dc8e3d03bf603ff http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_mips.deb Size/MD5 checksum: 6207630 d7bd482f6030f1ae4ff75c4735947b08 http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_mips.deb Size/MD5 checksum: 2472538 2f7b6f0c8a5dfa6ce877b8305a6779b0 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_mipsel.deb Size/MD5 checksum: 2405182 59d89f0a9a81429ec02f87debcb8e6a3 http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_mipsel.deb Size/MD5 checksum: 5898892 94257031e244b5b52e9cbe8e37bb1f30 http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_mipsel.deb Size/MD5 checksum: 7293408 f70b0c75989a5983f6921ee323b99c3c powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_powerpc.deb Size/MD5 checksum: 6290800 bae34e705b5213d14a638350398a7d29 http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_powerpc.deb Size/MD5 checksum: 7460598 8edd0cb02d62dfc5ce69c872e413ca39 http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_powerpc.deb Size/MD5 checksum: 2376240 00fc0ad10f85fded7380fcaaccbe1514 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_s390.deb Size/MD5 checksum: 7434356 de117fb929327d908c11ede36daa9166 http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_s390.deb Size/MD5 checksum: 6269494 a17ae098f688e8a14bc79854013cada4 http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_s390.deb Size/MD5 checksum: 2468406 d57fdf831571e1147f213051a50f8fdd sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_sparc.deb Size/MD5 checksum: 6144646 e12966bb72793d7e6220eafd5ddb0c88 http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_sparc.deb Size/MD5 checksum: 2133070 454335db0966dc15c78261ef1a8fdcfc http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_sparc.deb Size/MD5 checksum: 7302732 432d9fdee1502bf363d1db33ee6519ab These files will probably be moved into the stable distribution on its next update

Trust: 2.7

sources: NVD: CVE-2008-1036 // JVNDB: JVNDB-2008-001406 // BID: 29412 // BID: 29488 // VULHUB: VHN-31161 // PACKETSTORM: 66818 // PACKETSTORM: 66804 // PACKETSTORM: 76128 // PACKETSTORM: 75728 // PACKETSTORM: 76295

AFFECTED PRODUCTS

vendor:	redhat	model:	enterprise linux	scope:	eq	version:	5	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.5.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.5.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.4.11	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.5	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.5.1	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.5.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.5	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.4.11	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	v10.5.3	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	lt	version:	v10.5.3	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	3 (x86)	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	3 (x86-64)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	5 (server)	Trust: 0.8
vendor:	red hat	model:	enterprise linux desktop	scope:	eq	version:	5.0 (client)	Trust: 0.8
vendor:	red hat	model:	rhel desktop workstation	scope:	eq	version:	5 (client)	Trust: 0.8
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.2	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.1	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.11	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.2	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.1	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.11	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	ne	version:	x10.5.3	Trust: 0.6
vendor:	apple	model:	mac os	scope:	ne	version:	x10.5.3	Trust: 0.6
vendor:	ubuntu	model:	linux sparc	scope:	eq	version:	8.10	Trust: 0.3
vendor:	ubuntu	model:	linux powerpc	scope:	eq	version:	8.10	Trust: 0.3
vendor:	ubuntu	model:	linux lpia	scope:	eq	version:	8.10	Trust: 0.3
vendor:	ubuntu	model:	linux i386	scope:	eq	version:	8.10	Trust: 0.3
vendor:	ubuntu	model:	linux amd64	scope:	eq	version:	8.10	Trust: 0.3
vendor:	ubuntu	model:	linux lts sparc	scope:	eq	version:	8.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts powerpc	scope:	eq	version:	8.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts lpia	scope:	eq	version:	8.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts i386	scope:	eq	version:	8.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts amd64	scope:	eq	version:	8.04	Trust: 0.3
vendor:	ubuntu	model:	linux sparc	scope:	eq	version:	7.10	Trust: 0.3
vendor:	ubuntu	model:	linux powerpc	scope:	eq	version:	7.10	Trust: 0.3
vendor:	ubuntu	model:	linux lpia	scope:	eq	version:	7.10	Trust: 0.3
vendor:	ubuntu	model:	linux i386	scope:	eq	version:	7.10	Trust: 0.3
vendor:	ubuntu	model:	linux amd64	scope:	eq	version:	7.10	Trust: 0.3
vendor:	ubuntu	model:	linux lts sparc	scope:	eq	version:	6.06	Trust: 0.3
vendor:	ubuntu	model:	linux lts powerpc	scope:	eq	version:	6.06	Trust: 0.3
vendor:	ubuntu	model:	linux lts i386	scope:	eq	version:	6.06	Trust: 0.3
vendor:	ubuntu	model:	linux lts amd64	scope:	eq	version:	6.06	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop workstation client	scope:	eq	version:	5	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop client	scope:	eq	version:	5	Trust: 0.3
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	5	Trust: 0.3
vendor:	pardus	model:	linux	scope:	eq	version:	20080	Trust: 0.3
vendor:	icu	model:	project international components for unicode	scope:	eq	version:	3.8.1	Trust: 0.3
vendor:	icu	model:	project international components for unicode	scope:	eq	version:	3.8	Trust: 0.3
vendor:	icu	model:	project international components for unicode	scope:	eq	version:	3.6	Trust: 0.3
vendor:	debian	model:	linux sparc	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux s/390	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux powerpc	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux mipsel	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux mips	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux m68k	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux ia-64	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux ia-32	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux hppa	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux armel	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux arm	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux amd64	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux alpha	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux sparc	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux s/390	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux powerpc	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux mipsel	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux mips	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux m68k	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux ia-64	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux ia-32	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux hppa	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux armel	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux arm	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux amd64	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux alpha	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux	scope:	eq	version:	4.0	Trust: 0.3
vendor:	icu	model:	project international components for unicode	scope:	ne	version:	4.0	Trust: 0.3

sources: BID: 29412 // BID: 29488 // JVNDB: JVNDB-2008-001406 // CNNVD: CNNVD-200806-008 // NVD: CVE-2008-1036

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2008-1036
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2008-1036
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200806-008
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-31161
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2008-1036
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-31161
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-31161 // JVNDB: JVNDB-2008-001406 // CNNVD: CNNVD-200806-008 // NVD: CVE-2008-1036

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-31161 // JVNDB: JVNDB-2008-001406 // NVD: CVE-2008-1036

THREAT TYPE

network

Trust: 0.6

sources: BID: 29412 // BID: 29488

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 76295 // CNNVD: CNNVD-200806-008

CONFIGURATIONS

sources: JVNDB: JVNDB-2008-001406

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-31161

PATCH

title:	Mac OS X 10.5.3	url:	http://support.apple.com/kb/HT1897	Trust: 0.8
title:	Mac OS X 10.5.3	url:	http://support.apple.com/kb/HT1897?viewlocale=ja_JP	Trust: 0.8
title:	icu-3.6-5.11.2	url:	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=420	Trust: 0.8
title:	RHSA-2009:0296	url:	https://rhn.redhat.com/errata/RHSA-2009-0296.html	Trust: 0.8
title:	RHSA-2009:0296	url:	https://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-0296J.html	Trust: 0.8

sources: JVNDB: JVNDB-2008-001406

EXTERNAL IDS

db:	NVD	id:	CVE-2008-1036	Trust: 3.0
db:	BID	id:	29412	Trust: 2.8
db:	BID	id:	29488	Trust: 2.8
db:	USCERT	id:	TA08-150A	Trust: 2.6
db:	SECUNIA	id:	30430	Trust: 2.6
db:	SECTRACK	id:	1020139	Trust: 2.5
db:	SECUNIA	id:	34290	Trust: 1.8
db:	SECUNIA	id:	34777	Trust: 1.7
db:	VUPEN	id:	ADV-2008-1697	Trust: 1.7
db:	XF	id:	42717	Trust: 1.4
db:	USCERT	id:	SA08-150A	Trust: 0.8
db:	JVNDB	id:	JVNDB-2008-001406	Trust: 0.8
db:	CNNVD	id:	CNNVD-200806-008	Trust: 0.7
db:	UBUNTU	id:	USN-747-1	Trust: 0.6
db:	WWW.US-CERT.GOV	id:	TA08-150A	Trust: 0.6
db:	REDHAT	id:	RHSA-2009:0296	Trust: 0.6
db:	APPLE	id:	APPLE-SA-2008-05-28	Trust: 0.6
db:	DEBIAN	id:	DSA-1762	Trust: 0.6
db:	PACKETSTORM	id:	76295	Trust: 0.2
db:	PACKETSTORM	id:	76128	Trust: 0.2
db:	VULHUB	id:	VHN-31161	Trust: 0.1
db:	PACKETSTORM	id:	66818	Trust: 0.1
db:	PACKETSTORM	id:	66804	Trust: 0.1
db:	PACKETSTORM	id:	75728	Trust: 0.1

sources: VULHUB: VHN-31161 // BID: 29412 // BID: 29488 // JVNDB: JVNDB-2008-001406 // PACKETSTORM: 66818 // PACKETSTORM: 66804 // PACKETSTORM: 76128 // PACKETSTORM: 75728 // PACKETSTORM: 76295 // CNNVD: CNNVD-200806-008 // NVD: CVE-2008-1036

REFERENCES

url:	http://www.securityfocus.com/bid/29412	Trust: 2.5
url:	http://www.securityfocus.com/bid/29488	Trust: 2.5
url:	http://www.us-cert.gov/cas/techalerts/ta08-150a.html	Trust: 2.5
url:	http://securitytracker.com/id?1020139	Trust: 2.5
url:	http://secunia.com/advisories/30430	Trust: 2.5
url:	http://lists.apple.com/archives/security-announce/2008//may/msg00001.html	Trust: 1.7
url:	http://www.debian.org/security/2009/dsa-1762	Trust: 1.7
url:	http://wiki.rpath.com/wiki/advisories:rpsa-2009-0064	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2009-0296.html	Trust: 1.7
url:	http://secunia.com/advisories/34290	Trust: 1.7
url:	http://secunia.com/advisories/34777	Trust: 1.7
url:	http://www.ubuntu.com/usn/usn-747-1	Trust: 1.7
url:	http://www.frsirt.com/english/advisories/2008/1697	Trust: 1.4
url:	http://xforce.iss.net/xforce/xfdb/42717	Trust: 1.4
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10824	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2008/1697	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/42717	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1036	Trust: 0.8
url:	http://jvn.jp/cert/jvnta08-150a/	Trust: 0.8
url:	http://jvn.jp/tr/trta08-150a/index.html	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-1036	Trust: 0.8
url:	http://www.us-cert.gov/cas/alerts/sa08-150a.html	Trust: 0.8
url:	http://www.apple.com/macosx/	Trust: 0.6
url:	http://bugs.icu-project.org/trac/ticket/6175	Trust: 0.3
url:	http://bugs.icu-project.org/trac/ticket/6198	Trust: 0.3
url:	http://icu-project.org/download/4.0.html	Trust: 0.3
url:	http://icu-project.org/	Trust: 0.3
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2008-1036	Trust: 0.2
url:	http://support.apple.com/kb/ht1338?viewlocale=en_us>	Trust: 0.1
url:	http://www.us-cert.gov/legal.html>	Trust: 0.1
url:	http://support.apple.com/kb/ht1897>	Trust: 0.1
url:	http://www.kb.cert.org/vuls/byid?searchview&query=apple_security_update_2008_003>	Trust: 0.1
url:	http://www.us-cert.gov/cas/signup.html>.	Trust: 0.1
url:	http://www.us-cert.gov/reading_room/securing_browser/>	Trust: 0.1
url:	http://www.us-cert.gov/cas/techalerts/ta08-150a.html>	Trust: 0.1
url:	http://secunia.com/advisories/26273/	Trust: 0.1
url:	http://www.apple.com/support/downloads/macosxserver1053update.html	Trust: 0.1
url:	http://secunia.com/advisories/18307/	Trust: 0.1
url:	http://secunia.com/advisories/27093/	Trust: 0.1
url:	http://www.apple.com/support/downloads/macosxserver1053comboupdate.html	Trust: 0.1
url:	http://www.apple.com/support/downloads/securityupdate2008003ppc.html	Trust: 0.1
url:	http://support.apple.com/kb/ht1897	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://www.apple.com/support/downloads/macosx1053update.html	Trust: 0.1
url:	http://www.apple.com/support/downloads/securityupdate2008003serverppc.html	Trust: 0.1
url:	http://www.apple.com/support/downloads/securityupdate2008003serveruniversal.html	Trust: 0.1
url:	http://secunia.com/advisories/27130/	Trust: 0.1
url:	http://secunia.com/advisories/30430/	Trust: 0.1
url:	http://secunia.com/network_software_inspector_2/	Trust: 0.1
url:	http://secunia.com/advisories/26636/	Trust: 0.1
url:	http://secunia.com/advisories/28083/	Trust: 0.1
url:	http://www.apple.com/support/downloads/securityupdate2008003intel.html	Trust: 0.1
url:	http://www.apple.com/support/downloads/macosx1053comboupdate.html	Trust: 0.1
url:	http://secunia.com/advisories/28081/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/18008/	Trust: 0.1
url:	http://secunia.com/product/96/	Trust: 0.1
url:	http://secunia.com/advisories/28323/	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu34-dev_3.4.1a-1ubuntu1.6.06.2_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu34_3.4.1a-1ubuntu1.6.06.2_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu-doc_3.4.1a-1ubuntu1.6.06.2_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu34_3.4.1a-1ubuntu1.6.06.2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.6.orig.tar.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.6-3ubuntu0.2.dsc	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu36-dev_3.6-3ubuntu0.2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu36-dev_3.6-3ubuntu0.2_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8-6ubuntu0.1.dsc	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8-6ubuntu0.1.diff.gz	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8-6ubuntu0.1_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8-6ubuntu0.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38-dbg_3.8.1-2ubuntu0.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38_3.8-6ubuntu0.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8.orig.tar.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu-dev_3.8-6ubuntu0.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/i/icu/lib32icu38_3.8.1-2ubuntu0.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8.1.orig.tar.gz	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/i/icu/libicu36-dev_3.6-3ubuntu0.2_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu36-dev_3.6-3ubuntu0.2_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8.1-2ubuntu0.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38-dbg_3.8-6ubuntu0.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38-dbg_3.8.1-2ubuntu0.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu34-dev_3.4.1a-1ubuntu1.6.06.2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.4.1a.orig.tar.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.4.1a-1ubuntu1.6.06.2.dsc	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu-doc_3.8-6ubuntu0.1_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38_3.8.1-2ubuntu0.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu34_3.4.1a-1ubuntu1.6.06.2_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.6-3ubuntu0.2.diff.gz	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8-6ubuntu0.1_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/i/icu/lib32icu-dev_3.8-6ubuntu0.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38_3.8.1-2ubuntu0.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu36_3.6-3ubuntu0.2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu36_3.6-3ubuntu0.2_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38-dbg_3.8-6ubuntu0.1_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8.1-2ubuntu0.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/i/icu/lib32icu38_3.8-6ubuntu0.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38_3.8-6ubuntu0.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu34_3.4.1a-1ubuntu1.6.06.2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu34-dev_3.4.1a-1ubuntu1.6.06.2_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8-6ubuntu0.1_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8-6ubuntu0.1_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu36-dev_3.6-3ubuntu0.2_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu-dev_3.8-6ubuntu0.1_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8-6ubuntu0.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu34-dev_3.4.1a-1ubuntu1.6.06.2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu-dev_3.8.1-2ubuntu0.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu-doc_3.6-3ubuntu0.2_all.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/i/icu/libicu36_3.6-3ubuntu0.2_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu-dev_3.8.1-2ubuntu0.1_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8.1-2ubuntu0.1_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/i/icu/lib32icu-dev_3.8.1-2ubuntu0.1_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8.1-2ubuntu0.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu-doc_3.8.1-2ubuntu0.1_all.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8-6ubuntu0.1_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8.1-2ubuntu0.1_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8.1-2ubuntu0.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu36_3.6-3ubuntu0.2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.4.1a-1ubuntu1.6.06.2.diff.gz	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8-6ubuntu0.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu36_3.6-3ubuntu0.2_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8.1-2ubuntu0.1.diff.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8.1-2ubuntu0.1.dsc	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8.1-2ubuntu0.1_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8.1-2ubuntu0.1_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8.1-2ubuntu0.1_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8-6ubuntu0.1_powerpc.deb	Trust: 0.1
url:	https://rhn.redhat.com/errata/rhsa-2009-0296.html	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/34290/	Trust: 0.1
url:	http://rhn.redhat.com	Trust: 0.1
url:	http://secunia.com/advisories/business_solutions/	Trust: 0.1
url:	http://secunia.com/advisories/try_vi/	Trust: 0.1
url:	http://secunia.com/advisories/34246/	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_amd64.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/icu_3.6-2etch2.diff.gz	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_amd64.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_sparc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/icu_3.6.orig.tar.gz	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_mips.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_arm.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_arm.deb	Trust: 0.1
url:	http://www.debian.org/security/faq	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_alpha.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/icu-doc_3.8.1-3+lenny1_all.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_powerpc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_mips.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_i386.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_s390.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_sparc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_mipsel.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_alpha.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_amd64.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_s390.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/icu_3.8.1.orig.tar.gz	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_mips.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_alpha.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_armel.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_ia64.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_ia64.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/icu_3.8.1-3+lenny1.dsc	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_mips.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_powerpc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_sparc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_arm.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_arm.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_mipsel.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_amd64.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_i386.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_mipsel.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_i386.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_ia64.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/lib32icu-dev_3.8.1-3+lenny1_amd64.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_s390.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_s390.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_armel.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_powerpc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_powerpc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_sparc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/icu-doc_3.6-2etch2_all.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_mipsel.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_amd64.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_armel.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_hppa.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_mips.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_ia64.deb	Trust: 0.1
url:	http://packages.debian.org/<pkg>	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_s390.deb	Trust: 0.1
url:	http://security.debian.org/	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_i386.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/lib32icu38_3.8.1-3+lenny1_amd64.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/icu_3.8.1-3+lenny1.diff.gz	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_hppa.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_hppa.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_mipsel.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_alpha.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_arm.deb	Trust: 0.1
url:	http://www.debian.org/security/	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/icu_3.6-2etch2.dsc	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_powerpc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_sparc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_alpha.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_i386.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_ia64.deb	Trust: 0.1

CREDITS

Melissa O'NeillPaul HaddadRodrigo CarvalhoGynvael Coldwind

Trust: 0.6

sources: CNNVD: CNNVD-200806-008

SOURCES

db:	VULHUB	id:	VHN-31161
db:	BID	id:	29412
db:	BID	id:	29488
db:	JVNDB	id:	JVNDB-2008-001406
db:	PACKETSTORM	id:	66818
db:	PACKETSTORM	id:	66804
db:	PACKETSTORM	id:	76128
db:	PACKETSTORM	id:	75728
db:	PACKETSTORM	id:	76295
db:	CNNVD	id:	CNNVD-200806-008
db:	NVD	id:	CVE-2008-1036

LAST UPDATE DATE

2025-04-10T22:08:02.900000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-31161	date:	2017-09-29T00:00:00
db:	BID	id:	29412	date:	2008-06-04T00:23:00
db:	BID	id:	29488	date:	2009-04-28T22:56:00
db:	JVNDB	id:	JVNDB-2008-001406	date:	2009-06-22T00:00:00
db:	CNNVD	id:	CNNVD-200806-008	date:	2021-07-14T00:00:00
db:	NVD	id:	CVE-2008-1036	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-31161	date:	2008-06-02T00:00:00
db:	BID	id:	29412	date:	2008-05-28T00:00:00
db:	BID	id:	29488	date:	2008-05-28T00:00:00
db:	JVNDB	id:	JVNDB-2008-001406	date:	2008-06-25T00:00:00
db:	PACKETSTORM	id:	66818	date:	2008-05-29T23:21:11
db:	PACKETSTORM	id:	66804	date:	2008-05-29T23:19:06
db:	PACKETSTORM	id:	76128	date:	2009-03-27T23:19:01
db:	PACKETSTORM	id:	75728	date:	2009-03-16T11:58:36
db:	PACKETSTORM	id:	76295	date:	2009-04-02T19:59:51
db:	CNNVD	id:	CNNVD-200806-008	date:	2008-05-28T00:00:00
db:	NVD	id:	CVE-2008-1036	date:	2008-06-02T21:30:00