Vulnerabilities > CVE-2017-11734 - Out-of-bounds Read vulnerability in Libming Ming 0.4.8
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
A heap-based buffer over-read was found in the function decompileCALLFUNCTION in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Overread Buffers An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201904-24.NASL description The remote host is affected by the vulnerability described in GLSA-201904-24 (Ming: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Ming. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for details. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 124288 published 2019-04-25 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124288 title GLSA-201904-24 : Ming: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201904-24. # # The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(124288); script_version("1.2"); script_cvs_date("Date: 2020/01/22"); script_cve_id("CVE-2017-11728", "CVE-2017-11729", "CVE-2017-11730", "CVE-2017-11731", "CVE-2017-11732", "CVE-2017-11733", "CVE-2017-11734", "CVE-2017-9988", "CVE-2017-9989", "CVE-2018-5251", "CVE-2018-5294", "CVE-2018-6315", "CVE-2018-6358", "CVE-2018-6359"); script_xref(name:"GLSA", value:"201904-24"); script_name(english:"GLSA-201904-24 : Ming: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201904-24 (Ming: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Ming. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for details. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201904-24" ); script_set_attribute( attribute:"solution", value: "All Ming users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=media-libs/ming-0.20181112'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:ming"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/06/28"); script_set_attribute(attribute:"patch_publication_date", value:"2019/04/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/25"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"media-libs/ming", unaffected:make_list("ge 0.20181112"), vulnerable:make_list("lt 0.20181112"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Ming"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2018-38A0E1E6F5.NASL description Security fixes for: CVE-2017-8782, CVE-2017-9988, CVE-2017-9989, CVE-2017-11704, CVE-2017-11728, CVE-2017-11729, CVE-2017-11730, CVE-2017-11731, CVE-2017-11732, CVE-2017-11733, CVE-2017-11734, CVE-2017-16883, CVE-2017-16898, CVE-2018-5251, CVE-2018-5294, CVE-2018-6315, CVE-2018-6359 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-03-21 plugin id 108496 published 2018-03-21 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108496 title Fedora 27 : ming (2018-38a0e1e6f5) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2018-38a0e1e6f5. # include("compat.inc"); if (description) { script_id(108496); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2017-11704", "CVE-2017-11728", "CVE-2017-11729", "CVE-2017-11730", "CVE-2017-11731", "CVE-2017-11732", "CVE-2017-11733", "CVE-2017-11734", "CVE-2017-16883", "CVE-2017-16898", "CVE-2017-8782", "CVE-2017-9988", "CVE-2017-9989", "CVE-2018-5251", "CVE-2018-5294", "CVE-2018-6315", "CVE-2018-6359"); script_xref(name:"FEDORA", value:"2018-38a0e1e6f5"); script_name(english:"Fedora 27 : ming (2018-38a0e1e6f5)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Security fixes for: CVE-2017-8782, CVE-2017-9988, CVE-2017-9989, CVE-2017-11704, CVE-2017-11728, CVE-2017-11729, CVE-2017-11730, CVE-2017-11731, CVE-2017-11732, CVE-2017-11733, CVE-2017-11734, CVE-2017-16883, CVE-2017-16898, CVE-2018-5251, CVE-2018-5294, CVE-2018-6315, CVE-2018-6359 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-38a0e1e6f5" ); script_set_attribute(attribute:"solution", value:"Update the affected ming package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ming"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:27"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/31"); script_set_attribute(attribute:"patch_publication_date", value:"2018/03/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/21"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^27([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 27", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC27", reference:"ming-0.4.8-5.fc27")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ming"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2018-8BE89D9AD6.NASL description Security fixes for: CVE-2017-8782, CVE-2017-9988, CVE-2017-9989, CVE-2017-11704, CVE-2017-11728, CVE-2017-11729, CVE-2017-11730, CVE-2017-11731, CVE-2017-11732, CVE-2017-11733, CVE-2017-11734, CVE-2017-16883, CVE-2017-16898, CVE-2018-5251, CVE-2018-5294, CVE-2018-6315, CVE-2018-6359 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-03-21 plugin id 108503 published 2018-03-21 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108503 title Fedora 26 : ming (2018-8be89d9ad6) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1133.NASL description Multiple vulnerabilities have been discovered in Ming : CVE-2017-11704 Heap-based buffer over-read in the function decompileIF in util/decompile.c in Ming <= 0.4.8, which allows attackers to cause a denial of service via a crafted file. CVE-2017-11728 Heap-based buffer over-read in the function OpCode (called from decompileSETMEMBER) in util/decompile.c in Ming <= 0.4.8, which allows attackers to cause a denial of service via a crafted file. CVE-2017-11729 Heap-based buffer over-read in the function OpCode (called from decompileINCR_DECR line 1440) in util/decompile.c in Ming <= 0.4.8, which allows attackers to cause a denial of service via a crafted file. CVE-2017-11730 Heap-based buffer over-read in the function OpCode (called from decompileINCR_DECR line 1474) in util/decompile.c in Ming <= 0.4.8, which allows attackers to cause a denial of service via a crafted file. CVE-2017-11731 Invalid memory read in the function OpCode (called from isLogicalOp and decompileIF) in util/decompile.c in Ming <= 0.4.8, which allows attackers to cause a denial of service via a crafted file. CVE-2017-11734 Heap-based buffer over-read in the function decompileCALLFUNCTION in util/decompile.c in Ming <= 0.4.8, which allows attackers to cause a denial of service via a crafted file. For Debian 7 last seen 2020-03-17 modified 2017-10-23 plugin id 104055 published 2017-10-23 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/104055 title Debian DLA-1133-1 : ming security update NASL family Fedora Local Security Checks NASL id FEDORA_2018-5F31E1002A.NASL description Security fixes for: CVE-2017-8782, CVE-2017-9988, CVE-2017-9989, CVE-2017-11704, CVE-2017-11728, CVE-2017-11729, CVE-2017-11730, CVE-2017-11731, CVE-2017-11732, CVE-2017-11733, CVE-2017-11734, CVE-2017-16883, CVE-2017-16898, CVE-2018-5251, CVE-2018-5294, CVE-2018-6315, CVE-2018-6359 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120460 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120460 title Fedora 28 : ming (2018-5f31e1002a)
References
- http://somevulnsofadlab.blogspot.jp/2017/07/libmingheap-buffer-overflow-in_24.html
- http://somevulnsofadlab.blogspot.jp/2017/07/libmingheap-buffer-overflow-in_24.html
- https://github.com/libming/libming/issues/83
- https://github.com/libming/libming/issues/83
- https://security.gentoo.org/glsa/201904-24
- https://security.gentoo.org/glsa/201904-24