Vulnerabilities > CVE-2017-11423 - Out-of-bounds Read vulnerability in Libmspack Project Libmspack 0.5
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 | |
Application | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Overread Buffers An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
Nessus
NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-2_0-0075_LIBMSPACK.NASL description An update of the libmspack package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 121969 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121969 title Photon OS 2.0: Libmspack PHSA-2018-2.0-0075 NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201804-16.NASL description The remote host is affected by the vulnerability described in GLSA-201804-16 (ClamAV: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details. Impact : A remote attacker, through multiple vectors, could execute arbitrary code, cause a Denial of Service condition, or have other unspecified impacts. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 109230 published 2018-04-23 reporter This script is Copyright (C) 2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/109230 title GLSA-201804-16 : ClamAV: Multiple vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2017-982BFABC4E.NASL description Security fix for CVE-2017-6419 and CVE-2017-11423 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-09-25 plugin id 103437 published 2017-09-25 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103437 title Fedora 26 : libmspack (2017-982bfabc4e) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-0863-1.NASL description This update for clamav fixes the following issues: Security issues fixed : - CVE-2012-6706: VMSF_DELTA filter inside the unrar implementation allows an arbitrary memory write (bsc#1045315). - CVE-2017-6419: A heap-based buffer overflow that can lead to a denial of service in libmspack via a crafted CHM file (bsc#1052449). - CVE-2017-11423: A stack-based buffer over-read that can lead to a denial of service in mspack via a crafted CAB file (bsc#1049423). - CVE-2018-1000085: An out-of-bounds heap read vulnerability was found in XAR parser that can lead to a denial of service (bsc#1082858). - CVE-2018-0202: Fixed two vulnerabilities in the PDF parsing code (bsc#1083915). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 108829 published 2018-04-04 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108829 title SUSE SLES11 Security Update : clamav (SUSE-SU-2018:0863-1) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-1_0-0167_LIBMSPACK.NASL description An update of the libmspack package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 121862 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121862 title Photon OS 1.0: Libmspack PHSA-2018-1.0-0167 NASL family Fedora Local Security Checks NASL id FEDORA_2018-D2B08AA37F.NASL description Update to 0.99.4 0.99.4 addresses a few outstanding vulnerability bugs. It includes fixes for : - CVE-2012-6706 - CVE-2017-6419 - CVE-2017-11423 - CVE-2018-1000085 There are also a few bug fixes that were not assigned CVE’s, but were important enough to address while we had the chance. One of these was the notorious file descriptor exhaustion bug that caused outages late last January. In addition to the above, 0.99.4 fixes : - CVE-2018-0202: Two newly reported vulnerabilities in the PDF parsing code. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-03-14 plugin id 108311 published 2018-03-14 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108311 title Fedora 26 : clamav (2018-d2b08aa37f) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-0255-1.NASL description This update for clamav fixes the following issues : - Update to security release 0.99.3 (bsc#1077732) - CVE-2017-12376 (ClamAV Buffer Overflow in handle_pdfname Vulnerability) - CVE-2017-12377 (ClamAV Mew Packet Heap Overflow Vulnerability) - CVE-2017-12379 (ClamAV Buffer Overflow in messageAddArgument Vulnerability) - these vulnerabilities could have allowed an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. - CVE-2017-12374 (ClamAV use-after-free Vulnerabilities) - CVE-2017-12375 (ClamAV Buffer Overflow Vulnerability) - CVE-2017-12378 (ClamAV Buffer Over Read Vulnerability) - CVE-2017-12380 (ClamAV Null Dereference Vulnerability) - these vulnerabilities could have allowed an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. - CVE-2017-6420 (bsc#1052448) - this vulnerability could have allowed remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression. - CVE-2017-6419 (bsc#1052449) - ClamAV could have allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file. - CVE-2017-11423 (bsc#1049423) - ClamAV could have allowed remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file. - CVE-2017-6418 (bsc#1052466) - ClamAV could have allowed remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message. - update upstream keys in the keyring - provide and obsolete clamav-nodb to trigger it last seen 2020-06-01 modified 2020-06-02 plugin id 106456 published 2018-01-29 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106456 title SUSE SLED12 / SLES12 Security Update : clamav (SUSE-SU-2018:0255-1) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-2_0-0075.NASL description An update of 'libmspack', 'strongswan' packages of Photon OS has been released. last seen 2019-02-21 modified 2019-02-07 plugin id 111959 published 2018-08-17 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=111959 title Photon OS 2.0: Libmspack / Strongswan PHSA-2018-2.0-0075 (deprecated) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-102.NASL description This update for clamav fixes the following issues : - Update to security release 0.99.3 (bsc#1077732) - CVE-2017-12376 (ClamAV Buffer Overflow in handle_pdfname Vulnerability) - CVE-2017-12377 (ClamAV Mew Packet Heap Overflow Vulnerability) - CVE-2017-12379 (ClamAV Buffer Overflow in messageAddArgument Vulnerability) - these vulnerabilities could have allowed an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. - CVE-2017-12374 (ClamAV use-after-free Vulnerabilities) - CVE-2017-12375 (ClamAV Buffer Overflow Vulnerability) - CVE-2017-12378 (ClamAV Buffer Over Read Vulnerability) - CVE-2017-12380 (ClamAV Null Dereference Vulnerability) - these vulnerabilities could have allowed an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. - CVE-2017-6420 (bsc#1052448) - this vulnerability could have allowed remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression. - CVE-2017-6419 (bsc#1052449) - ClamAV could have allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file. - CVE-2017-11423 (bsc#1049423) - ClamAV could have allowed remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file. - CVE-2017-6418 (bsc#1052466) - ClamAV could have allowed remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message. - update upstream keys in the keyring - provide and obsolete clamav-nodb to trigger it last seen 2020-06-05 modified 2018-01-29 plugin id 106431 published 2018-01-29 reporter This script is Copyright (C) 2018-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/106431 title openSUSE Security Update : clamav (openSUSE-2018-102) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3946.NASL description It was discovered that libsmpack, a library used to handle Microsoft compression formats, did not properly validate its input. A remote attacker could craft malicious CAB or CHM files and use this flaw to cause a denial of service via application crash, or potentially execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 102598 published 2017-08-21 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102598 title Debian DSA-3946-1 : libmspack - security update NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-2_0-0075_STRONGSWAN.NASL description An update of the strongswan package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 121970 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121970 title Photon OS 2.0: Strongswan PHSA-2018-2.0-0075 NASL family Fedora Local Security Checks NASL id FEDORA_2017-1AF202A86B.NASL description Security fix for CVE-2017-6419 and CVE-2017-11423 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-01-15 plugin id 105828 published 2018-01-15 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105828 title Fedora 27 : libmspack (2017-1af202a86b) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2454.NASL description According to the versions of the libmspack package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has last seen 2020-05-08 modified 2019-12-04 plugin id 131608 published 2019-12-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131608 title EulerOS 2.0 SP2 : libmspack (EulerOS-SA-2019-2454) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3394-1.NASL description It was discovered that libmspack incorrectly handled certain malformed CHM files. A remote attacker could use this issue to cause libmspack to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-6419) It was discovered that libmspack incorrectly handled certain malformed CAB files. A remote attacker could use this issue to cause libmspack to crash, resulting in a denial of service. (CVE-2017-6419). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 102582 published 2017-08-18 reporter Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102582 title Ubuntu 16.04 LTS / 17.04 : libmspack vulnerabilities (USN-3394-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2609.NASL description According to the versions of the libmspack package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has last seen 2020-05-08 modified 2019-12-18 plugin id 132144 published 2019-12-18 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132144 title EulerOS 2.0 SP3 : libmspack (EulerOS-SA-2019-2609) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1279.NASL description CVE-2017-6419 CVE-2017-11423 Two vulnerabilities have been fixed that can be used for denial of service or maybe unspecified impact via drafted files (heap-based buffer overflow and stack-based buffer over-read causing application crash) For Debian 7 last seen 2020-03-17 modified 2018-02-13 plugin id 106780 published 2018-02-13 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106780 title Debian DLA-1279-1 : clamav security update NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-1_0-0167.NASL description An update of 'vim', 'ntp', 'openjdk', 'libmspack', 'blktrace', 'systemd', 'perl' packages of Photon OS has been released. last seen 2019-02-21 modified 2019-02-07 plugin id 111946 published 2018-08-17 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=111946 title Photon OS 1.0: Blktrace / Libmspack / Ntp / Openjdk / Perl / Systemd / Vim PHSA-2018-1.0-0167 (deprecated) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-0254-1.NASL description This update for clamav fixes the following issues : - Update to security release 0.99.3 (bsc#1077732) - CVE-2017-12376 (ClamAV Buffer Overflow in handle_pdfname Vulnerability) - CVE-2017-12377 (ClamAV Mew Packet Heap Overflow Vulnerability) - CVE-2017-12379 (ClamAV Buffer Overflow in messageAddArgument Vulnerability) - these vulnerabilities could have allowed an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. - CVE-2017-12374 (ClamAV use-after-free Vulnerabilities) - CVE-2017-12375 (ClamAV Buffer Overflow Vulnerability) - CVE-2017-12378 (ClamAV Buffer Over Read Vulnerability) - CVE-2017-12380 (ClamAV Null Dereference Vulnerability) - these vulnerabilities could have allowed an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. - CVE-2017-6420 (bsc#1052448) - this vulnerability could have allowed remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression. - CVE-2017-6419 (bsc#1052449) - ClamAV could have allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file. - CVE-2017-11423 (bsc#1049423) - ClamAV could have allowed remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file. - CVE-2017-6418 (bsc#1052466) - ClamAV could have allowed remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 106455 published 2018-01-29 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106455 title SUSE SLES11 Security Update : clamav (SUSE-SU-2018:0254-1) NASL family Fedora Local Security Checks NASL id FEDORA_2018-602B5345FA.NASL description Update to 0.99.4 0.99.4 addresses a few outstanding vulnerability bugs. It includes fixes for : - CVE-2012-6706 - CVE-2017-6419 - CVE-2017-11423 - CVE-2018-1000085 There are also a few bug fixes that were not assigned CVE’s, but were important enough to address while we had the chance. One of these was the notorious file descriptor exhaustion bug that caused outages late last January. In addition to the above, 0.99.4 fixes : - CVE-2018-0202: Two newly reported vulnerabilities in the PDF parsing code. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-03-07 plugin id 107169 published 2018-03-07 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107169 title Fedora 27 : clamav (2018-602b5345fa) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-314.NASL description This update for clamav fixes the following issues : Security issues fixed : - CVE-2012-6706: VMSF_DELTA filter inside the unrar implementation allows an arbitrary memory write (bsc#1045315). - CVE-2017-6419: A heap-based buffer overflow that can lead to a denial of service in libmspack via a crafted CHM file (bsc#1052449). - CVE-2017-11423: A stack-based buffer over-read that can lead to a denial of service in mspack via a crafted CAB file (bsc#1049423). - CVE-2018-1000085: An out-of-bounds heap read vulnerability was found in XAR parser that can lead to a denial of service (bsc#1082858). - CVE-2018-0202: Fixed two vulnerabilities in the PDF parsing code (bsc#1083915). This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-05 modified 2018-03-27 plugin id 108637 published 2018-03-27 reporter This script is Copyright (C) 2018-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/108637 title openSUSE Security Update : clamav (openSUSE-2018-314) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2534.NASL description According to the versions of the libmspack package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has last seen 2020-05-08 modified 2019-12-09 plugin id 131808 published 2019-12-09 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131808 title EulerOS 2.0 SP5 : libmspack (EulerOS-SA-2019-2534) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2018-976.NASL description Heap-based buffer overflow in mspack/lzxd.c mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file. (CVE-2017-6419) Out-of-bounds access in the PDF parser (CVE-2018-0202) A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative value of the last seen 2020-06-01 modified 2020-06-02 plugin id 108601 published 2018-03-27 reporter This script is Copyright (C) 2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/108601 title Amazon Linux AMI : clamav (ALAS-2018-976) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-0809-1.NASL description This update for clamav fixes the following issues: Security issues fixed : - CVE-2012-6706: VMSF_DELTA filter inside the unrar implementation allows an arbitrary memory write (bsc#1045315). - CVE-2017-6419: A heap-based buffer overflow that can lead to a denial of service in libmspack via a crafted CHM file (bsc#1052449). - CVE-2017-11423: A stack-based buffer over-read that can lead to a denial of service in mspack via a crafted CAB file (bsc#1049423). - CVE-2018-1000085: An out-of-bounds heap read vulnerability was found in XAR parser that can lead to a denial of service (bsc#1082858). - CVE-2018-0202: Fixed two vulnerabilities in the PDF parsing code (bsc#1083915). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 108652 published 2018-03-27 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108652 title SUSE SLED12 / SLES12 Security Update : clamav (SUSE-SU-2018:0809-1) NASL family Fedora Local Security Checks NASL id FEDORA_2017-B97F9D82DC.NASL description Security fix for CVE-2017-6419 and CVE-2017-11423 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-10-18 plugin id 103904 published 2017-10-18 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103904 title Fedora 25 : libmspack (2017-b97f9d82dc)
References
- http://www.debian.org/security/2017/dsa-3946
- http://www.debian.org/security/2017/dsa-3946
- https://bugzilla.clamav.net/show_bug.cgi?id=11873
- https://bugzilla.clamav.net/show_bug.cgi?id=11873
- https://github.com/hackerlib/hackerlib-vul/tree/master/clamav-vul
- https://github.com/hackerlib/hackerlib-vul/tree/master/clamav-vul
- https://lists.debian.org/debian-lts-announce/2018/02/msg00014.html
- https://lists.debian.org/debian-lts-announce/2018/02/msg00014.html
- https://security.gentoo.org/glsa/201804-16
- https://security.gentoo.org/glsa/201804-16