Amazon Linux AMI : icu Buffer Overflow Vulnerability (ALAS-2012-33)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Amazon Linux AMI host is missing a security update.

Description :

A stack-based buffer overflow flaw was found in the way ICU performed
variant canonicalization for some locale identifiers. If a
specially-crafted locale representation was opened in an application
linked against ICU, it could cause the application to crash or,
possibly, execute arbitrary code with the privileges of the user
running the application.

See also :

http://www.nessus.org/u?9b0912f4

Solution :

Run 'yum update icu' to update your system. Be sure to restart all
applications that are linked against ICU for the update to take
effect.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Amazon Linux Local Security Checks

Nessus Plugin ID: 69640 ()

Bugtraq ID:

CVE ID: CVE-2011-4599