Vulnerabilities > CVE-2013-0211 - Numeric Errors vulnerability in multiple products

Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow.

Vulnerable Configurations

Part	Description	Count
Application	Libarchive Libarchive Libarchive 3.1.2	1
OS	Canonical Canonical Ubuntu Linux 12.04 Canonical Ubuntu Linux 14.10 Canonical Ubuntu Linux 14.04	3
OS	Opensuse Opensuse Opensuse 13.1 Opensuse Opensuse 13.2	2
OS	Fedoraproject Fedoraproject Fedora 17 Fedoraproject Fedora 18	2
OS	Freebsd Freebsd Freebsd 9.3	1

Common Weakness Enumeration (CWE)

CWE-189 - Numeric Errors

Nessus

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2015-0667-1.NASL
description	libarchive was updated to fix a directory traversal in the bsdcpio tool, which allowed attackers supplying crafted archives to overwrite files. (CVE-2015-2304) Also, a integer overflow was fixed that could also overflow buffers. (CVE-2013-0211) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	83710
published	2015-05-20
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/83710
title	SUSE SLED12 / SLES12 Security Update : libarchive (SUSE-SU-2015:0667-1)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2015:0667-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(83710); script_version("2.10"); script_cvs_date("Date: 2019/09/11 11:22:11"); script_cve_id("CVE-2013-0211", "CVE-2015-2304"); script_bugtraq_id(58926, 73137); script_name(english:"SUSE SLED12 / SLES12 Security Update : libarchive (SUSE-SU-2015:0667-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "libarchive was updated to fix a directory traversal in the bsdcpio tool, which allowed attackers supplying crafted archives to overwrite files. (CVE-2015-2304) Also, a integer overflow was fixed that could also overflow buffers. (CVE-2013-0211) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=800024" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=920870" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2013-0211/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2304/" ); # https://www.suse.com/support/update/announcement/2015/suse-su-20150667-1.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?aadbb1a7" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 12 : zypper in -t patch SUSE-SLE-SDK-12-2015-155=1 SUSE Linux Enterprise Server 12 : zypper in -t patch SUSE-SLE-SERVER-12-2015-155=1 SUSE Linux Enterprise Desktop 12 : zypper in -t patch SUSE-SLE-DESKTOP-12-2015-155=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libarchive-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libarchive13"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libarchive13-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/09/30"); script_set_attribute(attribute:"patch_publication_date", value:"2015/03/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/20"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release !~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S\|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED12\|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp); if (os_ver == "SLED12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP0", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"0", reference:"libarchive-debugsource-3.1.2-9.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libarchive13-3.1.2-9.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libarchive13-debuginfo-3.1.2-9.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libarchive-debugsource-3.1.2-9.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libarchive13-3.1.2-9.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libarchive13-debuginfo-3.1.2-9.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libarchive"); }

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2015-248.NASL
description	libarchive was updated to fix a directory traversal in the bsdcpio tool, which allowed attackers supplying crafted archives to overwrite files. (CVE-2015-2304) Also, a integer overflow was fixed that could also overflow buffers. (CVE-2013-0211)
last seen	2020-06-05
modified	2015-03-24
plugin id	82012
published	2015-03-24
reporter	This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/82012
title	openSUSE Security Update : libarchive (openSUSE-2015-248)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2015-248. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(82012); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2013-0211", "CVE-2015-2304"); script_name(english:"openSUSE Security Update : libarchive (openSUSE-2015-248)"); script_summary(english:"Check for the openSUSE-2015-248 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "libarchive was updated to fix a directory traversal in the bsdcpio tool, which allowed attackers supplying crafted archives to overwrite files. (CVE-2015-2304) Also, a integer overflow was fixed that could also overflow buffers. (CVE-2013-0211)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=800024" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=920870" ); script_set_attribute( attribute:"solution", value:"Update the affected libarchive packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bsdtar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bsdtar-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libarchive-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libarchive-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libarchive13"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libarchive13-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libarchive13-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libarchive13-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2"); script_set_attribute(attribute:"patch_publication_date", value:"2015/03/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE13\.1\|SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1 / 13.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE13.1", reference:"bsdtar-3.1.2-3.5.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"bsdtar-debuginfo-3.1.2-3.5.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libarchive-debugsource-3.1.2-3.5.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libarchive-devel-3.1.2-3.5.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libarchive13-3.1.2-3.5.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libarchive13-debuginfo-3.1.2-3.5.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libarchive13-32bit-3.1.2-3.5.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libarchive13-debuginfo-32bit-3.1.2-3.5.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"bsdtar-3.1.2-7.5.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"bsdtar-debuginfo-3.1.2-7.5.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libarchive-debugsource-3.1.2-7.5.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libarchive-devel-3.1.2-7.5.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libarchive13-3.1.2-7.5.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libarchive13-debuginfo-3.1.2-7.5.1") ) flag++; if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libarchive13-32bit-3.1.2-7.5.1") ) flag++; if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libarchive13-debuginfo-32bit-3.1.2-7.5.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bsdtar / bsdtar-debuginfo / libarchive-debugsource / etc"); }

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-1470.NASL
description	According to the versions of the libarchive package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in libarchive. A specially crafted MTREE file could cause a small out-of-bounds read, potentially disclosing a small amount of application memory.(CVE-2015-8925) - A vulnerability was found in libarchive. An attempt to create an ISO9660 volume with 2GB or 4GB filenames could cause the application to crash.(CVE-2016-6250) - A vulnerability was found in libarchive. A specially crafted RAR file could cause the application to read memory beyond the end of the decompression buffer.(CVE-2015-8934) - A vulnerability was found in libarchive
last seen	2020-06-01
modified	2020-06-02
plugin id	124794
published	2019-05-13
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/124794
title	EulerOS Virtualization 3.0.1.0 : libarchive (EulerOS-SA-2019-1470)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_7C63775EBE3111E5B5FE002590263BF5.NASL
description	MITRE reports : Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow. Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive. Libarchive issue tracker reports : Using a crafted tar file bsdtar can perform an out-of-bounds memory read which will lead to a SEGFAULT. The issue exists when the executable skips data in the archive. The amount of data to skip is defined in byte offset [16-19] If ASLR is disabled, the issue can lead to an infinite loop.
last seen	2020-06-01
modified	2020-06-02
plugin id	87984
published	2016-01-19
reporter	This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87984
title	FreeBSD : libarchive -- multiple vulnerabilities (7c63775e-be31-11e5-b5fe-002590263bf5)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201406-02.NASL
description	The remote host is affected by the vulnerability described in GLSA-201406-02 (libarchive: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libarchive. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user or automated process to open a specially crafted archive using an application linked against libarchive, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	74259
published	2014-06-02
reporter	This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/74259
title	GLSA-201406-02 : libarchive: Multiple vulnerabilities

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2013-4576.NASL
description	This update fixes CVE-2013-0211 libarchive: read buffer overflow on 64-bit systems. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2013-04-08
plugin id	65837
published	2013-04-08
reporter	This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/65837
title	Fedora 17 : mingw-libarchive-3.0.4-4.fc17 (2013-4576)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2013-4592.NASL
description	This update fixes CVE-2013-0211 libarchive: read buffer overflow on 64-bit systems. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2013-04-08
plugin id	65838
published	2013-04-08
reporter	This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/65838
title	Fedora 18 : mingw-libarchive-3.0.4-4.fc18 (2013-4592)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2013-4537.NASL
description	This update fixes CVE-2013-0211 libarchive: read buffer overflow on 64-bit systems Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2013-04-13
plugin id	65954
published	2013-04-13
reporter	This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/65954
title	Fedora 18 : libarchive-3.0.4-4.fc18 (2013-4537)

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2013-147.NASL
description	A vulnerability has been found and corrected in libarchive : Fabian Yamaguchi reported a read buffer overflow flaw in libarchive on 64-bit systems where sizeof(size_t) is equal to 8. In the archive_write_zip_data() function in libarchive/ archive_write_set_format_zip.c, the
last seen	2020-06-01
modified	2020-06-02
plugin id	66157
published	2013-04-20
reporter	This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/66157
title	Mandriva Linux Security Advisory : libarchive (MDVSA-2013:147)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-2549-1.NASL
description	It was discovered that the libarchive bsdcpio utility extracted absolute paths by default without using the --insecure flag, contrary to expectations. If a user or automated system were tricked into extracting cpio archives containing absolute paths, a remote attacker may be able to write to arbitrary files. (CVE-2015-2304) Fabian Yamaguchi discovered that libarchive incorrectly handled certain type conversions. A remote attacker could possibly use this issue to cause libarchive to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2013-0211). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	82268
published	2015-03-26
reporter	Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/82268
title	Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : libarchive vulnerabilities (USN-2549-1)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2013-4522.NASL
description	This update fixes CVE-2013-0211 libarchive: read buffer overflow on 64-bit systems Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2013-04-13
plugin id	65953
published	2013-04-13
reporter	This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/65953
title	Fedora 17 : libarchive-3.0.4-3.fc17 (2013-4522)

NASL family	CGI abuses
NASL id	SPLUNK_642.NASL
description	According to its self-reported version number, the version of Splunk Enterprise hosted on the remote web server is 5.0.x, 6.0.x prior to 6.0.12, 6.1.x prior to 6.1.11, 6.2.x prior to 6.2.11, 6.3.x prior to 6.3.6, or 6.4.x prior to 6.4.2; or else it is Splunk Light version 6.4.x prior to 6.4.2. It is, therefore, affected by the following vulnerabilities : - An integer signedness error exists in libarchive in the archive_write_zip_data() function within file archive_write_set_format_zip.c due to improper conversion between unsigned and signed integer types when running on 64-bit CPUs. An unauthenticated, remote attacker can exploit this to cause a buffer overflow, resulting in a denial of service condition. (CVE-2013-0211) - A path traversal vulnerability exists in libarchive in the bsdcpio() function within file in cpio/cpio.c due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted path in an archive, to write to arbitrary files. (CVE-2015-2304) - A heap-based buffer overflow condition exists in libarchive in the zip_read_mac_metadata() function within file archive_read_support_format_zip.c due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this, via specially crafted entry-size values in a ZIP archive, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-1541) - Multiple flaws exist in the OpenSSL library in the aesni_cbc_hmac_sha1_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha1.c and the aesni_cbc_hmac_sha256_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha256.c that are triggered when the connection uses an AES-CBC cipher and AES-NI is supported by the server. A man-in-the-middle attacker can exploit these to conduct a padding oracle attack, resulting in the ability to decrypt the network traffic. (CVE-2016-2107) - An unspecified cross-site scripting (XSS) vulnerability exists due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in the user
last seen	2020-06-01
modified	2020-06-02
plugin id	92790
published	2016-08-08
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/92790
title	Splunk Enterprise < 5.0.16 / 6.0.12 / 6.1.11 / 6.2.11 / 6.3.6 / 6.4.2 or Splunk Light < 6.4.2 Multiple Vulnerabilities

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References