Vulnerabilities > CVE-2013-0211 - Numeric Errors vulnerability in multiple products

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL

Summary

Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-0667-1.NASL
    descriptionlibarchive was updated to fix a directory traversal in the bsdcpio tool, which allowed attackers supplying crafted archives to overwrite files. (CVE-2015-2304) Also, a integer overflow was fixed that could also overflow buffers. (CVE-2013-0211) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id83710
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83710
    titleSUSE SLED12 / SLES12 Security Update : libarchive (SUSE-SU-2015:0667-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2015:0667-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(83710);
      script_version("2.10");
      script_cvs_date("Date: 2019/09/11 11:22:11");
    
      script_cve_id("CVE-2013-0211", "CVE-2015-2304");
      script_bugtraq_id(58926, 73137);
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : libarchive (SUSE-SU-2015:0667-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "libarchive was updated to fix a directory traversal in the bsdcpio
    tool, which allowed attackers supplying crafted archives to overwrite
    files. (CVE-2015-2304)
    
    Also, a integer overflow was fixed that could also overflow buffers.
    (CVE-2013-0211)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=800024"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=920870"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2013-0211/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-2304/"
      );
      # https://www.suse.com/support/update/announcement/2015/suse-su-20150667-1.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?aadbb1a7"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 12 :
    
    zypper in -t patch SUSE-SLE-SDK-12-2015-155=1
    
    SUSE Linux Enterprise Server 12 :
    
    zypper in -t patch SUSE-SLE-SERVER-12-2015-155=1
    
    SUSE Linux Enterprise Desktop 12 :
    
    zypper in -t patch SUSE-SLE-DESKTOP-12-2015-155=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libarchive-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libarchive13");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libarchive13-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/09/30");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/03/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP0", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libarchive-debugsource-3.1.2-9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libarchive13-3.1.2-9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libarchive13-debuginfo-3.1.2-9.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libarchive-debugsource-3.1.2-9.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libarchive13-3.1.2-9.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libarchive13-debuginfo-3.1.2-9.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libarchive");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-248.NASL
    descriptionlibarchive was updated to fix a directory traversal in the bsdcpio tool, which allowed attackers supplying crafted archives to overwrite files. (CVE-2015-2304) Also, a integer overflow was fixed that could also overflow buffers. (CVE-2013-0211)
    last seen2020-06-05
    modified2015-03-24
    plugin id82012
    published2015-03-24
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82012
    titleopenSUSE Security Update : libarchive (openSUSE-2015-248)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2015-248.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(82012);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2013-0211", "CVE-2015-2304");
    
      script_name(english:"openSUSE Security Update : libarchive (openSUSE-2015-248)");
      script_summary(english:"Check for the openSUSE-2015-248 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "libarchive was updated to fix a directory traversal in the bsdcpio
    tool, which allowed attackers supplying crafted archives to overwrite
    files. (CVE-2015-2304)
    
    Also, a integer overflow was fixed that could also overflow buffers.
    (CVE-2013-0211)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=800024"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=920870"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libarchive packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bsdtar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bsdtar-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libarchive-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libarchive-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libarchive13");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libarchive13-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libarchive13-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libarchive13-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/03/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE13\.1|SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1 / 13.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE13.1", reference:"bsdtar-3.1.2-3.5.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"bsdtar-debuginfo-3.1.2-3.5.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"libarchive-debugsource-3.1.2-3.5.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"libarchive-devel-3.1.2-3.5.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"libarchive13-3.1.2-3.5.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"libarchive13-debuginfo-3.1.2-3.5.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libarchive13-32bit-3.1.2-3.5.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libarchive13-debuginfo-32bit-3.1.2-3.5.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"bsdtar-3.1.2-7.5.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"bsdtar-debuginfo-3.1.2-7.5.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"libarchive-debugsource-3.1.2-7.5.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"libarchive-devel-3.1.2-7.5.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"libarchive13-3.1.2-7.5.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"libarchive13-debuginfo-3.1.2-7.5.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libarchive13-32bit-3.1.2-7.5.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libarchive13-debuginfo-32bit-3.1.2-7.5.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bsdtar / bsdtar-debuginfo / libarchive-debugsource / etc");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1470.NASL
    descriptionAccording to the versions of the libarchive package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in libarchive. A specially crafted MTREE file could cause a small out-of-bounds read, potentially disclosing a small amount of application memory.(CVE-2015-8925) - A vulnerability was found in libarchive. An attempt to create an ISO9660 volume with 2GB or 4GB filenames could cause the application to crash.(CVE-2016-6250) - A vulnerability was found in libarchive. A specially crafted RAR file could cause the application to read memory beyond the end of the decompression buffer.(CVE-2015-8934) - A vulnerability was found in libarchive
    last seen2020-06-01
    modified2020-06-02
    plugin id124794
    published2019-05-13
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124794
    titleEulerOS Virtualization 3.0.1.0 : libarchive (EulerOS-SA-2019-1470)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_7C63775EBE3111E5B5FE002590263BF5.NASL
    descriptionMITRE reports : Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow. Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive. Libarchive issue tracker reports : Using a crafted tar file bsdtar can perform an out-of-bounds memory read which will lead to a SEGFAULT. The issue exists when the executable skips data in the archive. The amount of data to skip is defined in byte offset [16-19] If ASLR is disabled, the issue can lead to an infinite loop.
    last seen2020-06-01
    modified2020-06-02
    plugin id87984
    published2016-01-19
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87984
    titleFreeBSD : libarchive -- multiple vulnerabilities (7c63775e-be31-11e5-b5fe-002590263bf5)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201406-02.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201406-02 (libarchive: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libarchive. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user or automated process to open a specially crafted archive using an application linked against libarchive, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id74259
    published2014-06-02
    reporterThis script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/74259
    titleGLSA-201406-02 : libarchive: Multiple vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-4576.NASL
    descriptionThis update fixes CVE-2013-0211 libarchive: read buffer overflow on 64-bit systems. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2013-04-08
    plugin id65837
    published2013-04-08
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/65837
    titleFedora 17 : mingw-libarchive-3.0.4-4.fc17 (2013-4576)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-4592.NASL
    descriptionThis update fixes CVE-2013-0211 libarchive: read buffer overflow on 64-bit systems. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2013-04-08
    plugin id65838
    published2013-04-08
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/65838
    titleFedora 18 : mingw-libarchive-3.0.4-4.fc18 (2013-4592)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-4537.NASL
    descriptionThis update fixes CVE-2013-0211 libarchive: read buffer overflow on 64-bit systems Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2013-04-13
    plugin id65954
    published2013-04-13
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/65954
    titleFedora 18 : libarchive-3.0.4-4.fc18 (2013-4537)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2013-147.NASL
    descriptionA vulnerability has been found and corrected in libarchive : Fabian Yamaguchi reported a read buffer overflow flaw in libarchive on 64-bit systems where sizeof(size_t) is equal to 8. In the archive_write_zip_data() function in libarchive/ archive_write_set_format_zip.c, the
    last seen2020-06-01
    modified2020-06-02
    plugin id66157
    published2013-04-20
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/66157
    titleMandriva Linux Security Advisory : libarchive (MDVSA-2013:147)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2549-1.NASL
    descriptionIt was discovered that the libarchive bsdcpio utility extracted absolute paths by default without using the --insecure flag, contrary to expectations. If a user or automated system were tricked into extracting cpio archives containing absolute paths, a remote attacker may be able to write to arbitrary files. (CVE-2015-2304) Fabian Yamaguchi discovered that libarchive incorrectly handled certain type conversions. A remote attacker could possibly use this issue to cause libarchive to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2013-0211). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id82268
    published2015-03-26
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82268
    titleUbuntu 12.04 LTS / 14.04 LTS / 14.10 : libarchive vulnerabilities (USN-2549-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-4522.NASL
    descriptionThis update fixes CVE-2013-0211 libarchive: read buffer overflow on 64-bit systems Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2013-04-13
    plugin id65953
    published2013-04-13
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/65953
    titleFedora 17 : libarchive-3.0.4-3.fc17 (2013-4522)
  • NASL familyCGI abuses
    NASL idSPLUNK_642.NASL
    descriptionAccording to its self-reported version number, the version of Splunk Enterprise hosted on the remote web server is 5.0.x, 6.0.x prior to 6.0.12, 6.1.x prior to 6.1.11, 6.2.x prior to 6.2.11, 6.3.x prior to 6.3.6, or 6.4.x prior to 6.4.2; or else it is Splunk Light version 6.4.x prior to 6.4.2. It is, therefore, affected by the following vulnerabilities : - An integer signedness error exists in libarchive in the archive_write_zip_data() function within file archive_write_set_format_zip.c due to improper conversion between unsigned and signed integer types when running on 64-bit CPUs. An unauthenticated, remote attacker can exploit this to cause a buffer overflow, resulting in a denial of service condition. (CVE-2013-0211) - A path traversal vulnerability exists in libarchive in the bsdcpio() function within file in cpio/cpio.c due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted path in an archive, to write to arbitrary files. (CVE-2015-2304) - A heap-based buffer overflow condition exists in libarchive in the zip_read_mac_metadata() function within file archive_read_support_format_zip.c due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this, via specially crafted entry-size values in a ZIP archive, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-1541) - Multiple flaws exist in the OpenSSL library in the aesni_cbc_hmac_sha1_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha1.c and the aesni_cbc_hmac_sha256_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha256.c that are triggered when the connection uses an AES-CBC cipher and AES-NI is supported by the server. A man-in-the-middle attacker can exploit these to conduct a padding oracle attack, resulting in the ability to decrypt the network traffic. (CVE-2016-2107) - An unspecified cross-site scripting (XSS) vulnerability exists due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in the user
    last seen2020-06-01
    modified2020-06-02
    plugin id92790
    published2016-08-08
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92790
    titleSplunk Enterprise < 5.0.16 / 6.0.12 / 6.1.11 / 6.2.11 / 6.3.6 / 6.4.2 or Splunk Light < 6.4.2 Multiple Vulnerabilities