Vulnerabilities > CVE-2014-8117 - Resource Management Errors vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DLA-145.NASL description Brief introduction CVE-2014-0237 The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls. CVE-2014-0238 The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long. CVE-2014-2270 softmagic.c in file before 5.17 and libmagic allows context dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable. CVE-2014-8117 - Stop reporting bad capabilities after the first few. - limit the number of program and section header number of sections - limit recursion level CVE-2015-TEMP (no official CVE number available yet) - NULL pointer deference (PHP bugs: 68739 68740) - out-of-bounds memory access (file bug: 398) additional patches from CVE-2014-3478 added NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2015-03-26 plugin id 82128 published 2015-03-26 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82128 title Debian DLA-145-1 : php5 security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-145-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(82128); script_version("1.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-0237", "CVE-2014-0238", "CVE-2014-2270", "CVE-2014-8117"); script_bugtraq_id(66002, 67759, 67765, 71692); script_name(english:"Debian DLA-145-1 : php5 security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "Brief introduction CVE-2014-0237 The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls. CVE-2014-0238 The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long. CVE-2014-2270 softmagic.c in file before 5.17 and libmagic allows context dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable. CVE-2014-8117 - Stop reporting bad capabilities after the first few. - limit the number of program and section header number of sections - limit recursion level CVE-2015-TEMP (no official CVE number available yet) - NULL pointer deference (PHP bugs: 68739 68740) - out-of-bounds memory access (file bug: 398) additional patches from CVE-2014-3478 added NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2015/01/msg00019.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/squeeze-lts/php5" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libapache2-mod-php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libapache2-mod-php5filter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-pear"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-cgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-interbase"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-recode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-sybase"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-xsl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0"); script_set_attribute(attribute:"patch_publication_date", value:"2015/01/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/26"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"6.0", prefix:"libapache2-mod-php5", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"libapache2-mod-php5filter", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php-pear", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-cgi", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-cli", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-common", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-curl", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-dbg", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-dev", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-enchant", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-gd", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-gmp", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-imap", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-interbase", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-intl", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-ldap", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-mcrypt", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-mysql", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-odbc", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-pgsql", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-pspell", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-recode", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-snmp", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-sqlite", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-sybase", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-tidy", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-xmlrpc", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-xsl", reference:"5.3.3-7+squeeze24")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-1298.NASL description The GNU file utility was updated to version 5.22. Security issues fixed : - CVE-2014-9621: The ELF parser in file allowed remote attackers to cause a denial of service via a long string. (bsc#913650) - CVE-2014-9620: The ELF parser in file allowed remote attackers to cause a denial of service via a large number of notes. (bsc#913651) - CVE-2014-9653: readelf.c in file did not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file. (bsc#917152) - CVE-2014-8116: The ELF parser (readelf.c) in file allowed remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. (bsc#910253) - CVE-2014-8117: softmagic.c in file did not properly limit recursion, which allowed remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. (bsc#910253) Version update to file version 5.22 - add indirect relative for TIFF/Exif - restructure elf note printing to avoid repeated messages - add note limit, suggested by Alexander Cherepanov - Bail out on partial pread() last seen 2020-06-05 modified 2017-11-27 plugin id 104764 published 2017-11-27 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/104764 title openSUSE Security Update : file (openSUSE-2017-1298) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2017-1298. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(104764); script_version("3.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2014-8116", "CVE-2014-8117", "CVE-2014-9620", "CVE-2014-9621", "CVE-2014-9653"); script_name(english:"openSUSE Security Update : file (openSUSE-2017-1298)"); script_summary(english:"Check for the openSUSE-2017-1298 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "The GNU file utility was updated to version 5.22. Security issues fixed : - CVE-2014-9621: The ELF parser in file allowed remote attackers to cause a denial of service via a long string. (bsc#913650) - CVE-2014-9620: The ELF parser in file allowed remote attackers to cause a denial of service via a large number of notes. (bsc#913651) - CVE-2014-9653: readelf.c in file did not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file. (bsc#917152) - CVE-2014-8116: The ELF parser (readelf.c) in file allowed remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. (bsc#910253) - CVE-2014-8117: softmagic.c in file did not properly limit recursion, which allowed remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. (bsc#910253) Version update to file version 5.22 - add indirect relative for TIFF/Exif - restructure elf note printing to avoid repeated messages - add note limit, suggested by Alexander Cherepanov - Bail out on partial pread()'s (Alexander Cherepanov) - Fix incorrect bounds check in file_printable (Alexander Cherepanov) - PR/405: ignore SIGPIPE from uncompress programs - change printable -> file_printable and use it in more places for safety - in ELF, instead of '(uses dynamic libraries)' when PT_INTERP is present print the interpreter name. Version update to file version 5.21 - there was an incorrect free in magic_load_buffers() - there was an out of bounds read for some pascal strings - there was a memory leak in magic lists - don't interpret strings printed from files using the current locale, convert them to ascii format first. - there was an out of bounds read in elf note reads Update to file version 5.20 - recognize encrypted CDF documents - add magic_load_buffers from Brooks Davis - add thumbs.db support Additional non-security bug fixes : - Fixed a memory corruption during rpmbuild (bsc#1063269) - Backport of a fix for an increased printable string length as found in file 5.30 (bsc#996511) - file command throws 'Composite Document File V2 Document, corrupt: Can't read SSAT' error against excel 97/2003 file format. (bsc#1009966) This update was imported from the SUSE:SLE-12:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1009966" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1063269" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=910252" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=910253" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=913650" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=913651" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=917152" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=996511" ); script_set_attribute(attribute:"solution", value:"Update the affected file packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:file"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:file-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:file-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:file-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:file-magic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmagic1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmagic1-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmagic1-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmagic1-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-magic"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3"); script_set_attribute(attribute:"patch_publication_date", value:"2017/11/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/11/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.2|SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2 / 42.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.2", reference:"file-5.22-7.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"file-debuginfo-5.22-7.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"file-debugsource-5.22-7.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"file-devel-5.22-7.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"file-magic-5.22-7.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libmagic1-5.22-7.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libmagic1-debuginfo-5.22-7.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"python-magic-5.22-7.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libmagic1-32bit-5.22-7.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libmagic1-debuginfo-32bit-5.22-7.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"file-5.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"file-debuginfo-5.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"file-debugsource-5.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"file-devel-5.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"file-magic-5.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libmagic1-5.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libmagic1-debuginfo-5.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"python-magic-5.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libmagic1-32bit-5.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libmagic1-debuginfo-32bit-5.22-10.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "file / file-debuginfo / file-debugsource / file-devel / file-magic / etc"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2494-1.NASL description Francisco Alonso discovered that file incorrectly handled certain ELF files. An attacker could use this issue to cause file to crash, resulting in a denial of service. (CVE-2014-3710) Thomas Jarosch discovered that file incorrectly handled certain ELF files. An attacker could use this issue to cause file to hang or crash, resulting in a denial of service. (CVE-2014-8116) Thomas Jarosch discovered that file incorrectly limited recursion. An attacker could use this issue to cause file to hang or crash, resulting in a denial of service. (CVE-2014-8117). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 81178 published 2015-02-05 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81178 title Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : file vulnerabilities (USN-2494-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-2494-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(81178); script_version("1.8"); script_cvs_date("Date: 2019/09/19 12:54:31"); script_cve_id("CVE-2014-3710", "CVE-2014-8116", "CVE-2014-8117"); script_bugtraq_id(70807, 71692, 71700); script_xref(name:"USN", value:"2494-1"); script_name(english:"Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : file vulnerabilities (USN-2494-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Francisco Alonso discovered that file incorrectly handled certain ELF files. An attacker could use this issue to cause file to crash, resulting in a denial of service. (CVE-2014-3710) Thomas Jarosch discovered that file incorrectly handled certain ELF files. An attacker could use this issue to cause file to hang or crash, resulting in a denial of service. (CVE-2014-8116) Thomas Jarosch discovered that file incorrectly limited recursion. An attacker could use this issue to cause file to hang or crash, resulting in a denial of service. (CVE-2014-8117). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/2494-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected file package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:file"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/11/05"); script_set_attribute(attribute:"patch_publication_date", value:"2015/02/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/02/05"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(10\.04|12\.04|14\.04|14\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 12.04 / 14.04 / 14.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"10.04", pkgname:"file", pkgver:"5.03-5ubuntu1.5")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"file", pkgver:"5.09-2ubuntu0.6")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"file", pkgver:"1:5.14-2ubuntu3.3")) flag++; if (ubuntu_check(osver:"14.10", pkgname:"file", pkgver:"1:5.19-1ubuntu1.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "file"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3121.NASL description Multiple security issues have been found in file, a tool/library to determine a file type. Processing a malformed file could result in denial of service. Most of the changes are related to parsing ELF files. As part of the fixes, several limits on aspects of the detection were added or tightened, sometimes resulting in messages like last seen 2020-03-17 modified 2015-01-09 plugin id 80420 published 2015-01-09 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/80420 title Debian DSA-3121-1 : file - security update NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-817.NASL description This file update fixes the following two security issues : - bsc#910252: multiple denial of service issues (resource consumption) (CVE-2014-8116) - bsc#910253: denial of service issue (resource consumption) (CVE-2014-8117) last seen 2020-06-05 modified 2014-12-29 plugin id 80277 published 2014-12-29 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/80277 title openSUSE Security Update : file (openSUSE-SU-2014:1720-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2016-0760.NASL description From Red Hat Security Advisory 2016:0760 : An update for file is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format (ELF) binary files, system libraries, RPM packages, and different graphics formats. Security Fix(es) : * Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU. (CVE-2014-3538) * A denial of service flaw was found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash file via a specially crafted CDF file. (CVE-2014-3587) * Multiple flaws were found in the way file parsed Executable and Linkable Format (ELF) files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9620, CVE-2014-9653) Red Hat would like to thank Thomas Jarosch (Intra2net AG) for reporting CVE-2014-8116 and CVE-2014-8117. The CVE-2014-3538 issue was discovered by Jan Kaluza (Red Hat Web Stack Team) and the CVE-2014-3710 issue was discovered by Francisco Alonso (Red Hat Product Security). For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.8 Release Notes and Red Hat Enterprise Linux 6.8 Technical Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 91149 published 2016-05-16 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91149 title Oracle Linux 6 : file (ELSA-2016-0760) NASL family SuSE Local Security Checks NASL id SUSE_SU-2014-1730-1.NASL description This file update fixes the following security issues : - bsc#910252: multiple denial of service issues (resource consumption) (CVE-2014-8116) - bsc#910253: denial of service issue (resource consumption) (CVE-2014-8117) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-05-20 plugin id 83657 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83657 title SUSE SLED12 / SLES12 Security Update : file (SUSE-SU-2014:1730-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-2155.NASL description Updated file packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format (ELF) binary files, system libraries, RPM packages, and different graphics formats. Multiple denial of service flaws were found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use either of these flaws to crash file, or an application using file, via a specially crafted CDF file. (CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3587) Two flaws were found in the way file processed certain Pascal strings. A remote attacker could cause file to crash if it was used to identify the type of the attacker-supplied file. (CVE-2014-3478, CVE-2014-9652) Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU. (CVE-2014-3538) Multiple flaws were found in the way file parsed Executable and Linkable Format (ELF) files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9653) Red Hat would like to thank Thomas Jarosch of Intra2net AG for reporting the CVE-2014-8116 and CVE-2014-8117 issues. The CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3710 issues were discovered by Francisco Alonso of Red Hat Product Security; the CVE-2014-3538 issue was discovered by Jan Kaluza of the Red Hat Web Stack Team The file packages have been updated to ensure correct operation on Power little endian and ARM 64-bit hardware architectures. (BZ#1224667, BZ#1224668, BZ#1157850, BZ#1067688). All file users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 86973 published 2015-11-20 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86973 title RHEL 7 : file (RHSA-2015:2155) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2016-0050.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2014-3538 (unrestricted regular expression matching) - fix #1284826 - try to read ELF header to detect corrupted one - fix #1263987 - fix bugs found by coverity in the patch - fix CVE-2014-3587 (incomplete fix for CVE-2012-1571) - fix CVE-2014-3710 (out-of-bounds read in elf note headers) - fix CVE-2014-8116 (multiple DoS issues (resource consumption)) - fix CVE-2014-8117 (denial of service issue (resource consumption)) - fix CVE-2014-9620 (limit the number of ELF notes processed) - fix CVE-2014-9653 (malformed elf file causes access to uninitialized memory) - fix #809898 - add support for detection of Python 2.7 byte-compiled files - fix #1263987 - fix coredump execfn detection on ppc64 and s390 - fix #966953 - include msooxml file in magic.mgc generation - fix #966953 - increate the strength of MSOOXML magic patterns - fix #1169509 - add support for Java 1.7 and 1.8 - fix #1243650 - comment out too-sensitive Pascal magic - fix #1080453 - remove .orig files from magic directory - fix #1161058 - add support for EPUB - fix #1162149 - remove parts of patches patching .orig files - fix #1154802 - fix detection of zip files containing file named mime - fix #1246073 - fix detection UTF8 and UTF16 encoded XML files - fix #1263987 - add new execfn to coredump output to show the real name of executable which generated the coredump - fix #809898 - add support for detection of Python 3.2-3.5 byte-compiled files - fix #966953 - backport support for MSOOXML last seen 2020-06-01 modified 2020-06-02 plugin id 91155 published 2016-05-16 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91155 title OracleVM 3.3 / 3.4 : file (OVMSA-2016-0050) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-080.NASL description Multiple vulnerabilities has been discovered and corrected in php : It was discovered that the file utility contains a flaw in the handling of indirect magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files (CVE-2014-1943). A flaw was found in the way the file utility determined the type of Portable Executable (PE) format files, the executable format used on Windows. A malicious PE file could cause the file utility to crash or, potentially, execute arbitrary code (CVE-2014-2270). The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters (CVE-2013-7345). PHP FPM in PHP versions before 5.4.28 and 5.5.12 uses a UNIX domain socket with world-writable permissions by default, which allows any local user to connect to it and execute PHP scripts as the apache user (CVE-2014-0185). A flaw was found in the way file last seen 2020-06-01 modified 2020-06-02 plugin id 82333 published 2015-03-30 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82333 title Mandriva Linux Security Advisory : php (MDVSA-2015:080) NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL16347.NASL description CVE-2014-8116 The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. CVE-2014-8117 softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. last seen 2020-03-19 modified 2017-02-28 plugin id 97420 published 2017-02-28 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97420 title F5 Networks BIG-IP : Linux file utility vulnerabilities (K16347) NASL family Scientific Linux Local Security Checks NASL id SL_20151119_FILE_ON_SL7_X.NASL description Multiple denial of service flaws were found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use either of these flaws to crash file, or an application using file, via a specially crafted CDF file. (CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3587) Two flaws were found in the way file processed certain Pascal strings. A remote attacker could cause file to crash if it was used to identify the type of the attacker-supplied file. (CVE-2014-3478, CVE-2014-9652) Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU. (CVE-2014-3538) Multiple flaws were found in the way file parsed Executable and Linkable Format (ELF) files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9653) The file packages have been updated to ensure correct operation on Power little endian and ARM 64-bit hardware architectures. last seen 2020-03-18 modified 2015-12-22 plugin id 87555 published 2015-12-22 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87555 title Scientific Linux Security Update : file on SL7.x x86_64 (20151119) NASL family Fedora Local Security Checks NASL id FEDORA_2015-2020.NASL description Update to File-5.22. Fixes various CVE bugs. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-02-18 plugin id 81394 published 2015-02-18 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81394 title Fedora 21 : file-5.22-2.fc21 (2015-2020) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201412-48.NASL description The remote host is affected by the vulnerability described in GLSA-201412-48 (file: Denial of Service) An issue with the ELF parser used by the file utility can cause a resource consumption when reading a specially crafted ELF binary. Impact : A context-dependent attacker may be able to cause Denial of Service. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 80269 published 2014-12-29 reporter This script is Copyright (C) 2014-2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80269 title GLSA-201412-48 : file: Denial of Service NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-3048-1.NASL description The GNU file utility was updated to version 5.22. Security issues fixed : - CVE-2014-9621: The ELF parser in file allowed remote attackers to cause a denial of service via a long string. (bsc#913650) - CVE-2014-9620: The ELF parser in file allowed remote attackers to cause a denial of service via a large number of notes. (bsc#913651) - CVE-2014-9653: readelf.c in file did not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file. (bsc#917152) - CVE-2014-8116: The ELF parser (readelf.c) in file allowed remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. (bsc#910253) - CVE-2014-8117: softmagic.c in file did not properly limit recursion, which allowed remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. (bsc#910253) Version update to file version 5.22 - add indirect relative for TIFF/Exif - restructure elf note printing to avoid repeated messages - add note limit, suggested by Alexander Cherepanov - Bail out on partial pread() last seen 2020-06-01 modified 2020-06-02 plugin id 104777 published 2017-11-27 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104777 title SUSE SLED12 / SLES12 Security Update : file (SUSE-SU-2017:3048-1) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2015-497.NASL description The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes. (CVE-2014-9620) The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. (CVE-2014-8116) It was reported that a malformed elf file can cause file urility to access invalid memory. (CVE-2014-9653) The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string. (CVE-2014-9621) softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. (CVE-2014-8117) last seen 2020-06-01 modified 2020-06-02 plugin id 82046 published 2015-03-25 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82046 title Amazon Linux AMI : file (ALAS-2015-497) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2535-1.NASL description Thomas Jarosch discovered that PHP incorrectly limited recursion in the fileinfo extension. A remote attacker could possibly use this issue to cause PHP to consume resources or crash, resulting in a denial of service. (CVE-2014-8117) S. Paraschoudis discovered that PHP incorrectly handled memory in the enchant binding. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-9705) Taoguang Chen discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-0273) It was discovered that PHP incorrectly handled memory in the phar extension. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-2301). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 81950 published 2015-03-19 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81950 title Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : php5 vulnerabilities (USN-2535-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2015-2155.NASL description Updated file packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format (ELF) binary files, system libraries, RPM packages, and different graphics formats. Multiple denial of service flaws were found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use either of these flaws to crash file, or an application using file, via a specially crafted CDF file. (CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3587) Two flaws were found in the way file processed certain Pascal strings. A remote attacker could cause file to crash if it was used to identify the type of the attacker-supplied file. (CVE-2014-3478, CVE-2014-9652) Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU. (CVE-2014-3538) Multiple flaws were found in the way file parsed Executable and Linkable Format (ELF) files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9653) Red Hat would like to thank Thomas Jarosch of Intra2net AG for reporting the CVE-2014-8116 and CVE-2014-8117 issues. The CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3710 issues were discovered by Francisco Alonso of Red Hat Product Security; the CVE-2014-3538 issue was discovered by Jan Kaluza of the Red Hat Web Stack Team The file packages have been updated to ensure correct operation on Power little endian and ARM 64-bit hardware architectures. (BZ#1224667, BZ#1224668, BZ#1157850, BZ#1067688). All file users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 87137 published 2015-12-02 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87137 title CentOS 7 : file (CESA-2015:2155) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-2155.NASL description From Red Hat Security Advisory 2015:2155 : Updated file packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format (ELF) binary files, system libraries, RPM packages, and different graphics formats. Multiple denial of service flaws were found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use either of these flaws to crash file, or an application using file, via a specially crafted CDF file. (CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3587) Two flaws were found in the way file processed certain Pascal strings. A remote attacker could cause file to crash if it was used to identify the type of the attacker-supplied file. (CVE-2014-3478, CVE-2014-9652) Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU. (CVE-2014-3538) Multiple flaws were found in the way file parsed Executable and Linkable Format (ELF) files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9653) Red Hat would like to thank Thomas Jarosch of Intra2net AG for reporting the CVE-2014-8116 and CVE-2014-8117 issues. The CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3710 issues were discovered by Francisco Alonso of Red Hat Product Security; the CVE-2014-3538 issue was discovered by Jan Kaluza of the Red Hat Web Stack Team The file packages have been updated to ensure correct operation on Power little endian and ARM 64-bit hardware architectures. (BZ#1224667, BZ#1224668, BZ#1157850, BZ#1067688). All file users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 87027 published 2015-11-24 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87027 title Oracle Linux 7 : file (ELSA-2015-2155) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-131.NASL description Multiple security issues have been found in file, a tool/library to determine a file type. Processing a malformed file could result in denial of service. Most of the changes are related to parsing ELF files. As part of the fixes, several limits on aspects of the detection were added or tightened, sometimes resulting in messages like last seen 2020-03-17 modified 2015-03-26 plugin id 82114 published 2015-03-26 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82114 title Debian DLA-131-1 : file security update NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-010.NASL description Updated file packages fix security vulnerabilities : Thomas Jarosch of Intra2net AG reported that using the file command on a specially crafted ELF binary could lead to a denial of service due to uncontrolled resource consumption (CVE-2014-8116). Thomas Jarosch of Intra2net AG reported that using the file command on a specially crafted ELF binary could lead to a denial of service due to uncontrolled recursion (CVE-2014-8117). The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes (CVE-2014-9620). The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string (CVE-2014-9621). The updated file packages has been upgraded to the latest 5.22 version which is not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 80429 published 2015-01-09 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80429 title Mandriva Linux Security Advisory : file (MDVSA-2015:010) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1424.NASL description According to the versions of the file packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A denial of service flaw was found in the File Information (fileinfo) extension rules for detecting AWK files. A remote attacker could use this flaw to cause a PHP application using fileinfo to consume an excessive amount of CPU.(CVE-2013-7345) - A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.(CVE-2014-3479) - An ouf-of-bounds read flaw was found in the way the file utility processed certain Pascal strings. A remote attacker could cause an application using the file utility (for example, PHP using the fileinfo module) to crash if it was used to identify the type of the attacker-supplied file.(CVE-2014-9652) - A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.(CVE-2014-0207) - A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.(CVE-2014-3480) - It was found that the fix for CVE-2012-1571 was incomplete the File Information (fileinfo) extension did not correctly parse certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.(CVE-2014-3587) - A buffer overflow flaw was found in the way the File Information (fileinfo) extension processed certain Pascal strings. A remote attacker able to make a PHP application using fileinfo convert a specially crafted Pascal string provided by an image file could cause that application to crash.(CVE-2014-3478) - Multiple flaws were found in the File Information (fileinfo) extension regular expression rules for detecting various files. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to consume an excessive amount of CPU.(CVE-2014-3538) - A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.(CVE-2014-3487) - A denial of service flaw was found in the way the File Information (fileinfo) extension handled search rules. A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU.(CVE-2014-2270) - A flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to cause a PHP application using fileinfo to consume an excessive amount of system resources.(CVE-2014-8117) - A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.(CVE-2014-0237) - A flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or disclose certain portions of server memory.(CVE-2014-9653) - A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.(CVE-2014-0238) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124927 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124927 title EulerOS Virtualization 3.0.1.0 : file (EulerOS-SA-2019-1424) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2016-0760.NASL description An update for file is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format (ELF) binary files, system libraries, RPM packages, and different graphics formats. Security Fix(es) : * Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU. (CVE-2014-3538) * A denial of service flaw was found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash file via a specially crafted CDF file. (CVE-2014-3587) * Multiple flaws were found in the way file parsed Executable and Linkable Format (ELF) files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9620, CVE-2014-9653) Red Hat would like to thank Thomas Jarosch (Intra2net AG) for reporting CVE-2014-8116 and CVE-2014-8117. The CVE-2014-3538 issue was discovered by Jan Kaluza (Red Hat Web Stack Team) and the CVE-2014-3710 issue was discovered by Francisco Alonso (Red Hat Product Security). For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.8 Release Notes and Red Hat Enterprise Linux 6.8 Technical Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 91167 published 2016-05-17 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91167 title CentOS 6 : file (CESA-2016:0760) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2016-0760.NASL description An update for file is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format (ELF) binary files, system libraries, RPM packages, and different graphics formats. Security Fix(es) : * Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU. (CVE-2014-3538) * A denial of service flaw was found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash file via a specially crafted CDF file. (CVE-2014-3587) * Multiple flaws were found in the way file parsed Executable and Linkable Format (ELF) files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9620, CVE-2014-9653) Red Hat would like to thank Thomas Jarosch (Intra2net AG) for reporting CVE-2014-8116 and CVE-2014-8117. The CVE-2014-3538 issue was discovered by Jan Kaluza (Red Hat Web Stack Team) and the CVE-2014-3710 issue was discovered by Francisco Alonso (Red Hat Product Security). For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.8 Release Notes and Red Hat Enterprise Linux 6.8 Technical Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 91074 published 2016-05-12 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91074 title RHEL 6 : file (RHSA-2016:0760) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_9575259A92D511E4BCE6D050992ECDE8.NASL description RedHat reports : Thomas Jarosch of Intra2net AG reported a number of denial of service issues (resource consumption) in the ELF parser used by file(1). These issues were fixed in the 5.21 release of file(1), but by mistake are missing from the changelog. last seen 2020-06-01 modified 2020-06-02 plugin id 80351 published 2015-01-05 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/80351 title FreeBSD : file -- multiple vulnerabilities (9575259a-92d5-11e4-bce6-d050992ecde8) NASL family Scientific Linux Local Security Checks NASL id SL_20160510_FILE_ON_SL6_X.NASL description Security Fix(es) : - Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU. (CVE-2014-3538) - A denial of service flaw was found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash file via a specially crafted CDF file. (CVE-2014-3587) - Multiple flaws were found in the way file parsed Executable and Linkable Format (ELF) files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9620, CVE-2014-9653) last seen 2020-03-18 modified 2016-06-09 plugin id 91537 published 2016-06-09 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91537 title Scientific Linux Security Update : file on SL6.x i386/x86_64 (20160510) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-0053-1.NASL description The Docker images provided with SUSE CaaS Platform 2.0 have been updated to include the following updates: binutils : - Update to version 2.29 - 18750 bsc#1030296 CVE-2014-9939 - 20891 bsc#1030585 CVE-2017-7225 - 20892 bsc#1030588 CVE-2017-7224 - 20898 bsc#1030589 CVE-2017-7223 - 20905 bsc#1030584 CVE-2017-7226 - 20908 bsc#1031644 CVE-2017-7299 - 20909 bsc#1031656 CVE-2017-7300 - 20921 bsc#1031595 CVE-2017-7302 - 20922 bsc#1031593 CVE-2017-7303 - 20924 bsc#1031638 CVE-2017-7301 - 20931 bsc#1031590 CVE-2017-7304 - 21135 bsc#1030298 CVE-2017-7209 - 21137 bsc#1029909 CVE-2017-6965 - 21139 bsc#1029908 CVE-2017-6966 - 21156 bsc#1029907 CVE-2017-6969 - 21157 bsc#1030297 CVE-2017-7210 - 21409 bsc#1037052 CVE-2017-8392 - 21412 bsc#1037057 CVE-2017-8393 - 21414 bsc#1037061 CVE-2017-8394 - 21432 bsc#1037066 CVE-2017-8396 - 21440 bsc#1037273 CVE-2017-8421 - 21580 bsc#1044891 CVE-2017-9746 - 21581 bsc#1044897 CVE-2017-9747 - 21582 bsc#1044901 CVE-2017-9748 - 21587 bsc#1044909 CVE-2017-9750 - 21594 bsc#1044925 CVE-2017-9755 - 21595 bsc#1044927 CVE-2017-9756 - 21787 bsc#1052518 CVE-2017-12448 - 21813 bsc#1052503, CVE-2017-12456, bsc#1052507, CVE-2017-12454, bsc#1052509, CVE-2017-12453, bsc#1052511, CVE-2017-12452, bsc#1052514, CVE-2017-12450, bsc#1052503, CVE-2017-12456, bsc#1052507, CVE-2017-12454, bsc#1052509, CVE-2017-12453, bsc#1052511, CVE-2017-12452, bsc#1052514, CVE-2017-12450 - 21933 bsc#1053347 CVE-2017-12799 - 21990 bsc#1058480 CVE-2017-14333 - 22018 bsc#1056312 CVE-2017-13757 - 22047 bsc#1057144 CVE-2017-14129 - 22058 bsc#1057149 CVE-2017-14130 - 22059 bsc#1057139 CVE-2017-14128 - 22113 bsc#1059050 CVE-2017-14529 - 22148 bsc#1060599 CVE-2017-14745 - 22163 bsc#1061241 CVE-2017-14974 - 22170 bsc#1060621 CVE-2017-14729 - Make compressed debug section handling explicit, disable for old products and enable for gas on all architectures otherwise. [bsc#1029995] - Remove empty rpath component removal optimization from to workaround CMake rpath handling. [bsc#1025282] - Fix alignment frags for aarch64 (bsc#1003846) coreutils : - Fix df(1) to no longer interact with excluded file system types, so for example specifying -x nfs no longer hangs with problematic nfs mounts. (bsc#1026567) - Ensure df -l no longer interacts with dummy file system types, so for example no longer hangs with problematic NFS mounted via system.automount(5). (bsc#1043059) - Significantly speed up df(1) for huge mount lists. (bsc#965780) file : - update to version 5.22. - CVE-2014-9621: The ELF parser in file allowed remote attackers to cause a denial of service via a long string. (bsc#913650) - CVE-2014-9620: The ELF parser in file allowed remote attackers to cause a denial of service via a large number of notes. (bsc#913651) - CVE-2014-9653: readelf.c in file did not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file. (bsc#917152) - CVE-2014-8116: The ELF parser (readelf.c) in file allowed remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. (bsc#910253) - CVE-2014-8117: softmagic.c in file did not properly limit recursion, which allowed remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. (bsc#910253) - Fixed a memory corruption during rpmbuild (bsc#1063269) - Backport of a fix for an increased printable string length as found in file 5.30 (bsc#996511) - file command throws last seen 2020-06-01 modified 2020-06-02 plugin id 106092 published 2018-01-17 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106092 title SUSE SLES12 Security Update : CaaS Platform 2.0 images (SUSE-SU-2018:0053-1)
Redhat
| advisories |
| ||||
| rpms |
|
References
- http://advisories.mageia.org/MGASA-2015-0040.html
- http://rhn.redhat.com/errata/RHSA-2016-0760.html
- http://seclists.org/oss-sec/2014/q4/1056
- http://secunia.com/advisories/61944
- http://secunia.com/advisories/62081
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.securityfocus.com/bid/71692
- http://www.securitytracker.com/id/1031344
- http://www.ubuntu.com/usn/USN-2494-1
- http://www.ubuntu.com/usn/USN-2535-1
- https://github.com/file/file/blob/00cef282a902a4a6709bbbbb933ee397768caa38/ChangeLog
- https://github.com/file/file/commit/6f737ddfadb596d7d4a993f7ed2141ffd664a81c
- https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc