Vulnerabilities > CVE-2018-10195 - Integer Overflow or Wraparound vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
PARTIAL Summary
lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | Lrzsz_Project
| 13 |
| Application | 1 | |
| OS | 3 | |
| OS | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Forced Integer Overflow This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1066-1.NASL description This update for rzsz fixes the following issues : - Update to 0.12.21~rc to fix bsc#1086416 and bsc#1090051 - CVE-2018-10195: segmentation fault in zsdata function could lead to denial of service (bsc#1090051) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109341 published 2018-04-25 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109341 title SUSE SLED12 / SLES12 Security Update : rzsz (SUSE-SU-2018:1066-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2018:1066-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(109341); script_version("1.3"); script_cvs_date("Date: 2019/09/10 13:51:47"); script_cve_id("CVE-2018-10195"); script_name(english:"SUSE SLED12 / SLES12 Security Update : rzsz (SUSE-SU-2018:1066-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for rzsz fixes the following issues : - Update to 0.12.21~rc to fix bsc#1086416 and bsc#1090051 - CVE-2018-10195: segmentation fault in zsdata function could lead to denial of service (bsc#1090051) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1076576" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1086416" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1090051" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-10195/" ); # https://www.suse.com/support/update/announcement/2018/suse-su-20181066-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b5a40477" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Server 12-SP3:zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-728=1 SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-728=1" ); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:rzsz"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:rzsz-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:rzsz-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"patch_publication_date", value:"2018/04/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/25"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP3", os_ver + " SP" + sp); if (os_ver == "SLED12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP3", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"3", reference:"rzsz-0.12.21~rc-1001.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"rzsz-debuginfo-0.12.21~rc-1001.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"rzsz-debugsource-0.12.21~rc-1001.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"rzsz-0.12.21~rc-1001.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"rzsz-debuginfo-0.12.21~rc-1001.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"rzsz-debugsource-0.12.21~rc-1001.3.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rzsz"); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1070-1.NASL description This update for rzsz fixes the following issues : - L3: sz of rzsz segfaults in zsdata() (bsc#1086416) - VUL-0: CVE-2018-10195: rzsz: sz can leak data to receiving side (bsc#1090051) - rzsz-0.12.20-976.7: illegal use of freed variable (bsc#529899) - /usr/bin/lsb segfaults [rzsz] (bsc#1076576) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109342 published 2018-04-25 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109342 title SUSE SLES11 Security Update : rzsz (SUSE-SU-2018:1070-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2018:1070-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(109342); script_version("1.3"); script_cvs_date("Date: 2019/09/10 13:51:47"); script_cve_id("CVE-2018-10195"); script_name(english:"SUSE SLES11 Security Update : rzsz (SUSE-SU-2018:1070-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for rzsz fixes the following issues : - L3: sz of rzsz segfaults in zsdata() (bsc#1086416) - VUL-0: CVE-2018-10195: rzsz: sz can leak data to receiving side (bsc#1090051) - rzsz-0.12.20-976.7: illegal use of freed variable (bsc#529899) - /usr/bin/lsb segfaults [rzsz] (bsc#1076576) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1076576" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1086416" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1090051" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=529899" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-10195/" ); # https://www.suse.com/support/update/announcement/2018/suse-su-20181070-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9f0a0a6b" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Server 11-SP4:zypper in -t patch slessp4-rzsz-13570=1 SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch dbgsp4-rzsz-13570=1" ); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:rzsz"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:rzsz-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:rzsz-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2018/04/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/25"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES11" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP4", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES11", sp:"4", reference:"rzsz-0.12.21~rc-936.3.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"rzsz-debuginfo-0.12.21~rc-936.3.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"rzsz-debugsource-0.12.21~rc-936.3.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rzsz"); }
References
- https://lists.suse.com/pipermail/sle-security-updates/2018-April/003955.html?_ga=2.81625751.1026327980.1622040648-1950393542.1547130931
- https://lists.suse.com/pipermail/sle-security-updates/2018-April/003956.html?_ga=2.81625751.1026327980.1622040648-1950393542.1547130931
- http://www.ohse.de/uwe/software/lrzsz.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1572058
- https://lists.debian.org/debian-lts-announce/2022/01/msg00027.html