Vulnerabilities > CVE-2014-4909 - Numeric Errors vulnerability in multiple products
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2014-390.NASL description Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write. last seen 2020-06-01 modified 2020-06-02 plugin id 78333 published 2014-10-12 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/78333 title Amazon Linux AMI : transmission (ALAS-2014-390) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2014-390. # include("compat.inc"); if (description) { script_id(78333); script_version("1.3"); script_cvs_date("Date: 2018/04/18 15:09:35"); script_cve_id("CVE-2014-4909"); script_xref(name:"ALAS", value:"2014-390"); script_name(english:"Amazon Linux AMI : transmission (ALAS-2014-390)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write." ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2014-390.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update transmission' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:transmission"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:transmission-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:transmission-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:transmission-daemon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:transmission-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2014/07/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"transmission-2.84-1.9.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"transmission-cli-2.84-1.9.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"transmission-common-2.84-1.9.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"transmission-daemon-2.84-1.9.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"transmission-debuginfo-2.84-1.9.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "transmission / transmission-cli / transmission-common / etc"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2988.NASL description Ben Hawkes discovered that incorrect handling of peer messages in the Transmission bittorrent client could result in denial of service or the execution of arbitrary code. last seen 2020-03-17 modified 2014-07-26 plugin id 76843 published 2014-07-26 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76843 title Debian DSA-2988-1 : transmission - security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-2988. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(76843); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-4909"); script_bugtraq_id(68487); script_xref(name:"DSA", value:"2988"); script_name(english:"Debian DSA-2988-1 : transmission - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Ben Hawkes discovered that incorrect handling of peer messages in the Transmission bittorrent client could result in denial of service or the execution of arbitrary code." ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/transmission" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2014/dsa-2988" ); script_set_attribute( attribute:"solution", value: "Upgrade the transmission packages. For the stable distribution (wheezy), this problem has been fixed in version 2.52-3+nmu2." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:transmission"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"patch_publication_date", value:"2014/07/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/26"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"transmission", reference:"2.52-3+nmu2")) flag++; if (deb_check(release:"7.0", prefix:"transmission-cli", reference:"2.52-3+nmu2")) flag++; if (deb_check(release:"7.0", prefix:"transmission-common", reference:"2.52-3+nmu2")) flag++; if (deb_check(release:"7.0", prefix:"transmission-daemon", reference:"2.52-3+nmu2")) flag++; if (deb_check(release:"7.0", prefix:"transmission-dbg", reference:"2.52-3+nmu2")) flag++; if (deb_check(release:"7.0", prefix:"transmission-gtk", reference:"2.52-3+nmu2")) flag++; if (deb_check(release:"7.0", prefix:"transmission-qt", reference:"2.52-3+nmu2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-484.NASL description transmission was updated to fix a peer communication vulnerability (no known exploits). (bnc#887079, CVE-2014-4909). last seen 2020-06-05 modified 2014-08-12 plugin id 77128 published 2014-08-12 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77128 title openSUSE Security Update : transmission (openSUSE-SU-2014:0980-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2014-484. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(77128); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2014-4909"); script_name(english:"openSUSE Security Update : transmission (openSUSE-SU-2014:0980-1)"); script_summary(english:"Check for the openSUSE-2014-484 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "transmission was updated to fix a peer communication vulnerability (no known exploits). (bnc#887079, CVE-2014-4909)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=887079" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2014-08/msg00011.html" ); script_set_attribute( attribute:"solution", value:"Update the affected transmission packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:transmission"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:transmission-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:transmission-daemon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:transmission-daemon-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:transmission-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:transmission-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:transmission-gtk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:transmission-gtk-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:transmission-gtk-lang"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:transmission-qt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:transmission-qt-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:transmission-qt-lang"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1"); script_set_attribute(attribute:"patch_publication_date", value:"2014/07/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE13.1", reference:"transmission-2.82-2.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"transmission-common-2.82-2.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"transmission-daemon-2.82-2.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"transmission-daemon-debuginfo-2.82-2.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"transmission-debuginfo-2.82-2.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"transmission-debugsource-2.82-2.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"transmission-gtk-2.82-2.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"transmission-gtk-debuginfo-2.82-2.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"transmission-gtk-lang-2.82-2.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"transmission-qt-2.82-2.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"transmission-qt-debuginfo-2.82-2.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"transmission-qt-lang-2.82-2.4.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "transmission"); }NASL family Fedora Local Security Checks NASL id FEDORA_2014-8331.NASL description update to 2.84 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-07-21 plugin id 76610 published 2014-07-21 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/76610 title Fedora 20 : transmission-2.84-1.fc20 (2014-8331) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2279-1.NASL description Ben Hawkes discovered that Transmission incorrectly handled certain peer messages. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 76559 published 2014-07-17 reporter Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76559 title Ubuntu 12.04 LTS / 13.10 / 14.04 LTS : transmission vulnerability (USN-2279-1) NASL family Fedora Local Security Checks NASL id FEDORA_2014-8332.NASL description update to 2.84 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-08-15 plugin id 77204 published 2014-08-15 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77204 title Fedora 19 : transmission-2.84-1.fc19 (2014-8332)
References
- http://inertiawar.com/submission.go
- http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135539.html
- http://lists.opensuse.org/opensuse-updates/2014-08/msg00011.html
- http://secunia.com/advisories/59897
- http://secunia.com/advisories/60108
- http://secunia.com/advisories/60527
- http://www.debian.org/security/2014/dsa-2988
- http://www.openwall.com/lists/oss-security/2014/07/10/4
- http://www.openwall.com/lists/oss-security/2014/07/11/5
- http://www.osvdb.org/108997
- http://www.securityfocus.com/bid/68487
- http://www.ubuntu.com/usn/USN-2279-1
- https://bugs.gentoo.org/show_bug.cgi?id=516822
- https://bugzilla.redhat.com/show_bug.cgi?id=1118290
- https://trac.transmissionbt.com/wiki/Changes#version-2.84
- https://twitter.com/benhawkes/statuses/484378151959539712