Vulnerabilities > CVE-2012-2677 - Numeric Errors vulnerability in Boost Pool 2.0.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Integer overflow in the ordered_malloc function in boost/pool/pool.hpp in Boost Pool before 3.9 makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large memory chunk size value, which causes less memory to be allocated than expected.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_BOOST-120705.NASL description The following issue has been fixed : - boost::pool last seen 2020-06-05 modified 2013-01-25 plugin id 64117 published 2013-01-25 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64117 title SuSE 11.1 Security Update : boost (SAT Patch Number 6507) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(64117); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2012-2677"); script_name(english:"SuSE 11.1 Security Update : boost (SAT Patch Number 6507)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The following issue has been fixed : - boost::pool's ordered_malloc could have overflowed when calculating the allocation size. (CVE-2012-2677)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=765443" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=767949" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-2677.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 6507."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:boost-license"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libboost_program_options1_36_0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libboost_regex1_36_0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libboost_signals1_36_0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libboost_thread1_36_0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2012/07/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, "SuSE 11.1"); flag = 0; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"boost-license-1.36.0-12.3.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"libboost_program_options1_36_0-1.36.0-12.3.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"libboost_signals1_36_0-1.36.0-12.3.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"libboost_thread1_36_0-1.36.0-12.3.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"boost-license-1.36.0-12.3.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libboost_program_options1_36_0-1.36.0-12.3.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libboost_signals1_36_0-1.36.0-12.3.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libboost_thread1_36_0-1.36.0-12.3.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"boost-license-1.36.0-12.3.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"libboost_program_options1_36_0-1.36.0-12.3.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"libboost_regex1_36_0-1.36.0-12.3.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"libboost_signals1_36_0-1.36.0-12.3.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE_BOOST-8210.NASL description Two problems have been fixed in the boost library : - boost::pool last seen 2020-06-05 modified 2012-07-17 plugin id 59983 published 2012-07-17 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59983 title SuSE 10 Security Update : boost (ZYPP Patch Number 8210) NASL family Fedora Local Security Checks NASL id FEDORA_2012-9818.NASL description - This update fixes a bug in Boost.Pool, which could under certain circumstances overflow allocated chunk size. This could have security implications for applications that use Boost pool without sanitizing pool parameters. - Boost.Locale library now contains backend code, which was left out before by mistake. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-06-28 plugin id 59745 published 2012-06-28 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59745 title Fedora 17 : boost-1.48.0-13.fc17 (2012-9818) NASL family Scientific Linux Local Security Checks NASL id SL_20130321_BOOST_ON_SL5_X.NASL description A flaw was found in the way the ordered_malloc() routine in Boost sanitized the last seen 2020-03-18 modified 2013-03-22 plugin id 65653 published 2013-03-22 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65653 title Scientific Linux Security Update : boost on SL5.x, SL6.x i386/x86_64 (20130321) NASL family Fedora Local Security Checks NASL id FEDORA_2012-9029.NASL description - This update fixes a bug in Boost.Pool, which could under certain circumstances overflow allocated chunk size. This could have security implications for applications that use Boost pool without sanitizing pool parameters. - Add a sub-package boost-math with math-related bits from Boost.TR1. This was left out by mistake. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-07-05 plugin id 59840 published 2012-07-05 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59840 title Fedora 16 : boost-1.47.0-7.fc16 (2012-9029) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0668.NASL description Updated boost packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The boost packages provide free, peer-reviewed, portable C++ source libraries with emphasis on libraries which work well with the C++ Standard Library. A flaw was found in the way the ordered_malloc() routine in Boost sanitized the last seen 2020-06-01 modified 2020-06-02 plugin id 65651 published 2013-03-22 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65651 title RHEL 5 / 6 : boost (RHSA-2013:0668) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-065.NASL description Updated boost packages fix security vulnerability : A security flaw was found in the way ordered_malloc() routine implementation in Boost, the free peer-reviewed portable C++ source libraries, performed last seen 2020-06-01 modified 2020-06-02 plugin id 66079 published 2013-04-20 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/66079 title Mandriva Linux Security Advisory : boost (MDVSA-2013:065) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-0668.NASL description From Red Hat Security Advisory 2013:0668 : Updated boost packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The boost packages provide free, peer-reviewed, portable C++ source libraries with emphasis on libraries which work well with the C++ Standard Library. A flaw was found in the way the ordered_malloc() routine in Boost sanitized the last seen 2020-06-01 modified 2020-06-02 plugin id 68794 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68794 title Oracle Linux 5 / 6 : boost (ELSA-2013-0668) NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL16946.NASL description Integer overflow in the ordered_malloc function in boost/pool/pool.hpp in Boost Pool before 3.9 makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large memory chunk size value, which causes less memory to be allocated than expected. (CVE-2012-2677) last seen 2020-06-01 modified 2020-06-02 plugin id 85954 published 2015-09-16 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85954 title F5 Networks BIG-IP : Boost memory allocator vulnerability (K16946) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2013-0668.NASL description Updated boost packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The boost packages provide free, peer-reviewed, portable C++ source libraries with emphasis on libraries which work well with the C++ Standard Library. A flaw was found in the way the ordered_malloc() routine in Boost sanitized the last seen 2020-06-01 modified 2020-06-02 plugin id 65644 published 2013-03-22 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65644 title CentOS 5 / 6 : boost (CESA-2013:0668)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://www.openwall.com/lists/oss-security/2012/06/05/1
- https://svn.boost.org/trac/boost/changeset/78326
- http://www.openwall.com/lists/oss-security/2012/06/07/13
- https://svn.boost.org/trac/boost/ticket/6701
- http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/
- http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083416.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082977.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:065
- https://security.gentoo.org/glsa/202105-04