Vulnerabilities > CVE-2010-2801 - Numeric Errors vulnerability in Cabextract Project Cabextract

047910
CVSS 5.1 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
high complexity
cabextract-project
CWE-189
nessus

Summary

Integer signedness error in the Quantum decompressor in cabextract before 1.3, when archive test mode is used, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Quantum archive in a .cab file, related to the libmspack library.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-14135.NASL
    description - Bug #620450 - CVE-2010-2800 cabextract: Infinite loop in MS-ZIP and Quantum decoders - Bug #620454 - CVE-2010-2801 cabextract: Integer wrap-around (crash) by processing certain *.cab files in test archive mode Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id49718
    published2010-10-06
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/49718
    titleFedora 14 : cabextract-1.3-1.fc14 / libmspack-0.2-0.1.20100723alpha.fc14 (2010-14135)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2010-14135.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(49718);
      script_version("1.10");
      script_cvs_date("Date: 2019/08/02 13:32:31");
    
      script_cve_id("CVE-2010-2800", "CVE-2010-2801");
      script_bugtraq_id(42131, 42173);
      script_xref(name:"FEDORA", value:"2010-14135");
    
      script_name(english:"Fedora 14 : cabextract-1.3-1.fc14 / libmspack-0.2-0.1.20100723alpha.fc14 (2010-14135)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - Bug #620450 - CVE-2010-2800 cabextract: Infinite loop in
        MS-ZIP and Quantum decoders
    
      - Bug #620454 - CVE-2010-2801 cabextract: Integer
        wrap-around (crash) by processing certain *.cab files in
        test archive mode
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=620450"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=620454"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2010-September/048537.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?64570af4"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2010-September/048538.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?1e97fc99"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected cabextract and / or libmspack packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cabextract");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libmspack");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:14");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2010/09/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/10/06");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^14([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 14.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC14", reference:"cabextract-1.3-1.fc14")) flag++;
    if (rpm_check(release:"FC14", reference:"libmspack-0.2-0.1.20100723alpha.fc14")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cabextract / libmspack");
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201312-09.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201312-09 (cabextract: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in cabextract. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted archive in a .cab file, related to the libmspack library, potentially resulting in arbitrary code execution or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id71453
    published2013-12-16
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/71453
    titleGLSA-201312-09 : cabextract: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201312-09.
    #
    # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(71453);
      script_version("1.7");
      script_cvs_date("Date: 2018/07/12 19:01:15");
    
      script_cve_id("CVE-2010-2800", "CVE-2010-2801");
      script_bugtraq_id(42131, 42173);
      script_xref(name:"GLSA", value:"201312-09");
    
      script_name(english:"GLSA-201312-09 : cabextract: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201312-09
    (cabextract: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in cabextract. Please
          review the CVE identifiers referenced below for details.
      
    Impact :
    
        A remote attacker could entice a user to open a specially crafted
          archive in a .cab file, related to the libmspack library, potentially
          resulting in arbitrary code execution or a Denial of Service condition.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201312-09"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All cabextract users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=app-arch/cabextract-1.3'
        NOTE: This is a legacy GLSA. Updates for all affected architectures are
          available since August 03, 2010. It is likely that your system is already
          no longer affected by this issue."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:cabextract");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/12/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/16");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"app-arch/cabextract", unaffected:make_list("ge 1.3"), vulnerable:make_list("lt 1.3"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cabextract");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-14634.NASL
    descriptionThe remote Fedora host is missing one or more security updates : cabextract-1.3-1.fc12 : - Mon Sep 13 2010 Dan Horak <dan[at]danny.cz> - 1.3-1 - updated to 1.3 - built with system copy of libmspack (CVE-2010-2800 CVE-2010-2801) libmspack-0.2-0.1.20100723alpha.fc12 : - Mon Aug 30 2010 Dan Horak <dan[at]danny.cz> - 0.2-0.1.20100723alpha - updated to 0.2alpha released 2010/07/23 - merged the doc subpackage with devel Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id49719
    published2010-10-06
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/49719
    titleFedora 12 : cabextract-1.3-1.fc12 / libmspack-0.2-0.1.20100723alpha.fc12 (2010-14634)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_CABEXTRACT-140627.NASL
    descriptioncabextract was updated to fix two security issues : - A potential endless loop in decoding files. (CVE-2010-2800) - Memory corruption due to integer overflows in buffer read handling. (CVE-2010-2801)
    last seen2020-06-05
    modified2014-07-11
    plugin id76472
    published2014-07-11
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/76472
    titleSuSE 11.3 Security Update : cabextract (SAT Patch Number 9437)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-14722.NASL
    descriptionThe remote Fedora host is missing one or more security updates : cabextract-1.3-1.fc13 : - Mon Sep 13 2010 Dan Horak <dan[at]danny.cz> - 1.3-1 - updated to 1.3 - built with system copy of libmspack (CVE-2010-2800 CVE-2010-2801) libmspack-0.2-0.1.20100723alpha.fc13 : - Mon Aug 30 2010 Dan Horak <dan[at]danny.cz> - 0.2-0.1.20100723alpha - updated to 0.2alpha released 2010/07/23 - merged the doc subpackage with devel Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id49720
    published2010-10-06
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/49720
    titleFedora 13 : cabextract-1.3-1.fc13 / libmspack-0.2-0.1.20100723alpha.fc13 (2010-14722)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2087.NASL
    descriptionIt was discovered that a programming error in the archive test mode of cabextract, a program to extract Microsoft Cabinet files, could lead to the execution of arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id48249
    published2010-08-05
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/48249
    titleDebian DSA-2087-1 : cabextract - programming error
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-154.NASL
    descriptionMultiple vulnerabilities has been found and corrected in cabextract : The MS-ZIP decompressor in cabextract before 1.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed MSZIP archive in a .cab file during a test or extract action, related to the libmspack library (CVE-2010-2800). Integer signedness error in the Quantum decompressor in cabextract before 1.3, when archive test mode is used, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Quantum archive in a .cab file, related to the libmspack library (CVE-2010-2801). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=4 90 The updated packages provides cabextract 1.3 which is not vulnerable to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id48348
    published2010-08-17
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/48348
    titleMandriva Linux Security Advisory : cabextract (MDVSA-2010:154)