Vulnerabilities > CVE-2017-5331 - Integer Overflow or Wraparound vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 8 | |
| OS | 1 | |
| OS | 2 | |
| OS | 3 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Forced Integer Overflow This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2017-7C221D6F49.NASL description This new point release fixes a security vulnerability in wrestool. For further details see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850017 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-01-18 plugin id 96573 published 2017-01-18 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/96573 title Fedora 24 : icoutils (2017-7c221d6f49) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2017-7c221d6f49. # include("compat.inc"); if (description) { script_id(96573); script_version("3.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2017-5208", "CVE-2017-5331", "CVE-2017-5332", "CVE-2017-5333"); script_xref(name:"FEDORA", value:"2017-7c221d6f49"); script_name(english:"Fedora 24 : icoutils (2017-7c221d6f49)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This new point release fixes a security vulnerability in wrestool. For further details see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850017 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-7c221d6f49" ); script_set_attribute( attribute:"solution", value:"Update the affected icoutils package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:icoutils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:24"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/08/22"); script_set_attribute(attribute:"patch_publication_date", value:"2017/01/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/18"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^24([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 24", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC24", reference:"icoutils-0.31.1-1.fc24")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "icoutils"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3178-1.NASL description It was discovered that icoutils incorrectly handled memory when processing certain files. If a user or automated system were tricked into opening a specially crafted file, an attacker could cause icoutils to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 96763 published 2017-01-25 reporter Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/96763 title Ubuntu 12.04 LTS : icoutils vulnerabilities (USN-3178-1) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-789.NASL description Brief introduction CVE-2017-5208 Choongwoo Han reported[0] an exploitable crash in wrestool from icoutils. The command line tools is e.g. used in KDE last seen 2020-03-17 modified 2017-01-18 plugin id 96570 published 2017-01-18 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/96570 title Debian DLA-789-1 : icoutils security update NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-104.NASL description This update for icoutils to version 0.31.1 fixes the following issues : - CVE-2017-5208: An integer overflow allows maliciously crafted files to cause DoS or code execution (boo#1018756). - CVE-2017-5331: Incorrect out of bounds checks in check_offset allow for DoS or code execution (boo#1018756). - CVE-2017-5332: Missing out of bounds checks in extract_group_icon_cursor_resource allow for DoS or code execution (boo#1018756). - CVE-2017-5333: Incorrect out of bounds checks in check_offset allow for DoS or code execution (boo#1018756). last seen 2020-06-05 modified 2017-01-17 plugin id 96547 published 2017-01-17 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/96547 title openSUSE Security Update : icoutils (openSUSE-2017-104) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3765.NASL description Several programming errors in the wrestool tool of icoutils, a suite of tools to create and extract MS Windows icons and cursors, allow denial of service or the execution of arbitrary code if a malformed binary is parsed. last seen 2020-06-01 modified 2020-06-02 plugin id 96498 published 2017-01-16 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/96498 title Debian DSA-3765-1 : icoutils - security update NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-103.NASL description This update for icoutils to version 0.31.1 fixes the following issues : - CVE-2017-5208: An integer overflow allows maliciously crafted files to cause DoS or code execution (boo#1018756). - CVE-2017-5331: Incorrect out of bounds checks in check_offset allow for DoS or code execution (boo#1018756). - CVE-2017-5332: Missing out of bounds checks in extract_group_icon_cursor_resource allow for DoS or code execution (boo#1018756). - CVE-2017-5333: Incorrect out of bounds checks in check_offset allow for DoS or code execution (boo#1018756). last seen 2020-06-05 modified 2017-01-17 plugin id 96546 published 2017-01-17 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/96546 title openSUSE Security Update : icoutils (openSUSE-2017-103) NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-105.NASL description This update for icoutils to version 0.31.1 fixes the following issues : - CVE-2017-5208: An integer overflow allows maliciously crafted files to cause DoS or code execution (boo#1018756). - CVE-2017-5331: Incorrect out of bounds checks in check_offset allow for DoS or code execution (boo#1018756). - CVE-2017-5332: Missing out of bounds checks in extract_group_icon_cursor_resource allow for DoS or code execution (boo#1018756). - CVE-2017-5333: Incorrect out of bounds checks in check_offset allow for DoS or code execution (boo#1018756). last seen 2020-06-05 modified 2017-01-18 plugin id 96578 published 2017-01-18 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/96578 title openSUSE Security Update : icoutils (openSUSE-2017-105) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_57FACD35DDF611E6915D001B3856973B.NASL description Choongwoo Han reports : An exploitable crash exists in the wrestool utility on 64-bit systems where the result of subtracting two pointers exceeds the size of int. last seen 2020-06-01 modified 2020-06-02 plugin id 96619 published 2017-01-19 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/96619 title FreeBSD : icoutils -- check_offset overflow on 64-bit systems (57facd35-ddf6-11e6-915d-001b3856973b) NASL family Fedora Local Security Checks NASL id FEDORA_2017-3D7734A8B2.NASL description This new point release fixes a security vulnerability in wrestool. For further details see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850017 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-01-18 plugin id 96572 published 2017-01-18 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/96572 title Fedora 25 : icoutils (2017-3d7734a8b2)
References
- http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00024.html
- http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00026.html
- http://www.debian.org/security/2017/dsa-3765
- http://www.openwall.com/lists/oss-security/2017/01/11/3
- http://www.securityfocus.com/bid/95378
- http://www.ubuntu.com/usn/USN-3178-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1412248