Vulnerabilities > CVE-2012-4024 - Out-Of-Bounds Write vulnerability in Squashfs Project Squashfs
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file (aka a crafted file for the -ef option). NOTE: probably in most cases, the list file is a trusted file constructed by the program's user; however, there are some realistic situations in which a list file would be obtained from an untrusted remote source.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2012-19227.NASL description Backported fixes for bz 842458 (CVE-2012-4024) and bz 842460 (CVE-2012-4025) Backported fix for bz 842458 (CVE-2012-4024) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-12-13 plugin id 63247 published 2012-12-13 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63247 title Fedora 16 : squashfs-tools-4.2-5.fc16 (2012-19227) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2012-19227. # include("compat.inc"); if (description) { script_id(63247); script_version("1.8"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-4024", "CVE-2012-4025"); script_bugtraq_id(54610); script_xref(name:"FEDORA", value:"2012-19227"); script_name(english:"Fedora 16 : squashfs-tools-4.2-5.fc16 (2012-19227)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Backported fixes for bz 842458 (CVE-2012-4024) and bz 842460 (CVE-2012-4025) Backported fix for bz 842458 (CVE-2012-4024) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=842458" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=842460" ); # https://lists.fedoraproject.org/pipermail/package-announce/2012-December/094615.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?0dbd80ea" ); script_set_attribute( attribute:"solution", value:"Update the affected squashfs-tools package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:squashfs-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:16"); script_set_attribute(attribute:"patch_publication_date", value:"2012/11/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/12/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^16([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 16.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC16", reference:"squashfs-tools-4.2-5.fc16")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "squashfs-tools"); }NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-128.NASL description Updated squashfs-tools packages fix security vulnerabilities : remote arbitrary code execution via crafted list file (CVE-2012-4024). integer overflow in queue_init() may lead to arbitrary code execution (CVE-2012-4025). last seen 2020-06-01 modified 2020-06-02 plugin id 66140 published 2013-04-20 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/66140 title Mandriva Linux Security Advisory : squashfs-tools (MDVSA-2013:128) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2013:128. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(66140); script_version("1.7"); script_cvs_date("Date: 2019/08/02 13:32:55"); script_cve_id("CVE-2012-4024", "CVE-2012-4025"); script_bugtraq_id(54610); script_xref(name:"MDVSA", value:"2013:128"); script_xref(name:"MGASA", value:"2013-0001"); script_name(english:"Mandriva Linux Security Advisory : squashfs-tools (MDVSA-2013:128)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Mandriva Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "Updated squashfs-tools packages fix security vulnerabilities : remote arbitrary code execution via crafted list file (CVE-2012-4024). integer overflow in queue_init() may lead to arbitrary code execution (CVE-2012-4025)." ); script_set_attribute( attribute:"solution", value:"Update the affected squashfs-tools package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:squashfs-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1"); script_set_attribute(attribute:"patch_publication_date", value:"2013/04/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/04/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"squashfs-tools-4.2-3.1.mbs1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1459.NASL description According to the versions of the squashfs-tools package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted block_log field in the superblock of a .sqsh file, leading to a heap-based buffer overflow.(CVE-2012-4025) - Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file (aka a crafted file for the -ef option). NOTE: probably in most cases, the list file is a trusted file constructed by the program last seen 2020-06-01 modified 2020-06-02 plugin id 124962 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124962 title EulerOS Virtualization 3.0.1.0 : squashfs-tools (EulerOS-SA-2019-1459) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201612-40.NASL description The remote host is affected by the vulnerability described in GLSA-201612-40 (SQUASHFS: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in SQUASHFS. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted .sqsh file using unsquashfs; possibly resulting in the execution of arbitrary code with the privileges of the process, or a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 95743 published 2016-12-13 reporter This script is Copyright (C) 2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/95743 title GLSA-201612-40 : SQUASHFS: Multiple vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2012-19056.NASL description Backported fixes for bz 842458 (CVE-2012-4024) and bz 842460 (CVE-2012-4025) Backported fix for bz 842458 (CVE-2012-4024) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-12-12 plugin id 63234 published 2012-12-12 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63234 title Fedora 18 : squashfs-tools-4.2-5.fc18 (2012-19056) NASL family Fedora Local Security Checks NASL id FEDORA_2012-19203.NASL description Backported fixes for bz 842458 (CVE-2012-4024) and bz 842460 (CVE-2012-4025) Backported fix for bz 842458 (CVE-2012-4024) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-12-13 plugin id 63246 published 2012-12-13 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63246 title Fedora 17 : squashfs-tools-4.2-5.fc17 (2012-19203)
References
- http://sourceforge.net/mailarchive/forum.php?thread_name=CAAoG81HL9oP8roPLLhftTSXTzSD%2BZcR66PRkVU%3Df76W3Mjde_w%40mail.gmail.com&forum_name=squashfs-devel
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:128
- http://www.openwall.com/lists/oss-security/2012/07/19/6
- http://www.osvdb.org/83898
- http://www.securityfocus.com/bid/54610
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77106
- https://security.gentoo.org/glsa/201612-40
- https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0001