Vulnerabilities > CVE-2017-6307 - Out-of-bounds Write vulnerability in multiple products

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
tnef-project
debian
CWE-787
nessus
NVD
Published: 2017-02-24
Updated: 2019-03-13

Summary

An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapi_attr.c:mapi_attr_read(). These might lead to invalid read and write operations, controlled by an attacker.

Vulnerable Configurations

Part Description Count
Application
Tnef_Project
3
OS
Debian
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-7DE130A80D.NASL
    descriptionRelease 1.4.14 includes security bug fixes introduced in 1.4.13 and a further bug fix. The tnef-dolphin file manager integration is updated to suit the kf5/qt5 base. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-05-09
    plugin id100030
    published2017-05-09
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100030
    titleFedora 24 : tnef (2017-7de130a80d)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-CC029BE02D.NASL
    descriptionRelease 1.4.14 includes security bug fixes introduced in 1.4.13 and a further bug fix. The tnef-dolphin file manager integration is updated to suit the kf5/qt5 base. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-05-09
    plugin id100032
    published2017-05-09
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100032
    titleFedora 25 : tnef (2017-cc029be02d)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-839.NASL
    descriptionWhile fixing the above mentioned CVEs, upstream introduced a regression. The new patches added for this upload take care of that. For Debian 7
    last seen2020-03-17
    modified2017-02-28
    plugin id97418
    published2017-02-28
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97418
    titleDebian DLA-839-2 : tnef regression update
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-2B28A055F2.NASL
    descriptionUpdate to 1.4.15. Fixes CVE-2017-8911 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-10-26
    plugin id104149
    published2017-10-26
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104149
    titleFedora 25 : tnef (2017-2b28a055f2)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-AB43D1D240.NASL
    descriptionRelease 1.4.14 includes security bug fixes introduced in 1.4.13 and a further bug fix. The tnef-dolphin file manager integration is updated to suit the kf5/qt5 base. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-07-17
    plugin id101701
    published2017-07-17
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101701
    titleFedora 26 : tnef (2017-ab43d1d240)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201708-02.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201708-02 (TNEF: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in TNEF. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to process a specially crafted MIME attachment of type “application/ms-tnef” using TNEF, possibly resulting in a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id102532
    published2017-08-17
    reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/102532
    titleGLSA-201708-02 : TNEF: Multiple vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-C2882AE75B.NASL
    descriptionUpdate to 1.4.15. Fixes CVE-2017-8911 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-10-26
    plugin id104159
    published2017-10-26
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104159
    titleFedora 26 : tnef (2017-c2882ae75b)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3798.NASL
    descriptionEric Sesterhenn, from X41 D-Sec GmbH, discovered several vulnerabilities in tnef, a tool used to unpack MIME attachments of type
    last seen2020-06-01
    modified2020-06-02
    plugin id97474
    published2017-03-02
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97474
    titleDebian DSA-3798-1 : tnef - security update
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-8489B17872.NASL
    descriptionUpdate to 1.4.15. Fixes CVE-2017-8911 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-01-15
    plugin id105919
    published2018-01-15
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105919
    titleFedora 27 : tnef (2017-8489b17872)

References