Vulnerabilities > CVE-2018-18585 - NULL Pointer Dereference vulnerability in multiple products

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
LOW

Summary

chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name).

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-A5953AF115.NASL
    descriptionLatest stable releases of libmspack and cabextract, includes security fixes for CVE-2018-14680, CVE-2018-14681, CVE-2018-14682, CVE-2018-18584, CVE-2018-18585 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120675
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120675
    titleFedora 29 : cabextract / libmspack (2018-a5953af115)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2018-a5953af115.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(120675);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2018-14680", "CVE-2018-14681", "CVE-2018-14682", "CVE-2018-18584", "CVE-2018-18585");
      script_xref(name:"FEDORA", value:"2018-a5953af115");
    
      script_name(english:"Fedora 29 : cabextract / libmspack (2018-a5953af115)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Latest stable releases of libmspack and cabextract, includes security
    fixes for CVE-2018-14680, CVE-2018-14681, CVE-2018-14682,
    CVE-2018-18584, CVE-2018-18585
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-a5953af115"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected cabextract and / or libmspack packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cabextract");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libmspack");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/11/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^29([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC29", reference:"cabextract-1.9-1.fc29")) flag++;
    if (rpm_check(release:"FC29", reference:"libmspack-0.9.1-0.1.alpha.fc29")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cabextract / libmspack");
    }
    
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0237_LIBMSPACK.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has libmspack packages installed that are affected by multiple vulnerabilities: - In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write. (CVE-2018-18584) - chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has
    last seen2020-06-01
    modified2020-06-02
    plugin id132502
    published2019-12-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132502
    titleNewStart CGSL CORE 5.05 / MAIN 5.05 : libmspack Multiple Vulnerabilities (NS-SA-2019-0237)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from ZTE advisory NS-SA-2019-0237. The text
    # itself is copyright (C) ZTE, Inc.
    
    include('compat.inc');
    
    if (description)
    {
      script_id(132502);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/02");
    
      script_cve_id("CVE-2018-18584", "CVE-2018-18585");
    
      script_name(english:"NewStart CGSL CORE 5.05 / MAIN 5.05 : libmspack Multiple Vulnerabilities (NS-SA-2019-0237)");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote machine is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has libmspack packages installed that are affected
    by multiple vulnerabilities:
    
      - In mspack/cab.h in libmspack before 0.8alpha and
        cabextract before 1.8, the CAB block input buffer is one
        byte too small for the maximal Quantum block, leading to
        an out-of-bounds write. (CVE-2018-18584)
    
      - chmd_read_headers in mspack/chmd.c in libmspack before
        0.8alpha accepts a filename that has '\0' as its first
        or second character (such as the /\0 name).
        (CVE-2018-18585)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2019-0237");
      script_set_attribute(attribute:"solution", value:
    "Upgrade the vulnerable CGSL libmspack packages. Note that updated packages may not be available yet. Please contact ZTE
    for more information.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-18585");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/12/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/31");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"NewStart CGSL Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/ZTE-CGSL/release");
    if (isnull(release) || release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, "NewStart Carrier Grade Server Linux");
    
    if (release !~ "CGSL CORE 5.05" &&
        release !~ "CGSL MAIN 5.05")
      audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');
    
    if (!get_kb_item("Host/ZTE-CGSL/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "NewStart Carrier Grade Server Linux", cpu);
    
    flag = 0;
    
    pkgs = {
      "CGSL CORE 5.05": [
        "libmspack-0.5-0.7.alpha.el7",
        "libmspack-debuginfo-0.5-0.7.alpha.el7",
        "libmspack-devel-0.5-0.7.alpha.el7"
      ],
      "CGSL MAIN 5.05": [
        "libmspack-0.5-0.7.alpha.el7",
        "libmspack-debuginfo-0.5-0.7.alpha.el7",
        "libmspack-devel-0.5-0.7.alpha.el7"
      ]
    };
    pkg_list = pkgs[release];
    
    foreach (pkg in pkg_list)
      if (rpm_check(release:"ZTE " + release, reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libmspack");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-2049.NASL
    descriptionAn update for libmspack is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libmspack packages contain a library providing compression and extraction of the Cabinet (CAB) file format used by Microsoft. Security Fix(es) : * libmspack: Out-of-bounds write in mspack/cab.h (CVE-2018-18584) * libmspack: chmd_read_headers() fails to reject filenames containing NULL bytes (CVE-2018-18585) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id127659
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127659
    titleRHEL 7 : libmspack (RHSA-2019:2049)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-CB337FB199.NASL
    descriptionLatest stable releases of libmspack and cabextract, includes security fixes for CVE-2018-14680, CVE-2018-14681, CVE-2018-14682, CVE-2018-18584, CVE-2018-18585 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120791
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120791
    titleFedora 28 : cabextract / libmspack (2018-cb337fb199)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1329.NASL
    descriptionThis update for libmspack fixes the following issues : Security issues fixed : - CVE-2018-18584: The CAB block input buffer was one byte too small for the maximal Quantum block, leading to an out-of-bounds write. (bsc#1113038) - CVE-2018-18585: chmd_read_headers accepted a filename that has
    last seen2020-06-05
    modified2018-10-31
    plugin id118561
    published2018-10-31
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118561
    titleopenSUSE Security Update : libmspack (openSUSE-2018-1329)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0748-1.NASL
    descriptionThis update for libmspack fixes the following issues : Security issues fixed : CVE-2018-18584: The CAB block input buffer was one byte too small for the maximal Quantum block, leading to an out-of-bounds write. (bsc#1113038) CVE-2018-18585: chmd_read_headers accepted a filename that has
    last seen2020-06-01
    modified2020-06-02
    plugin id123412
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123412
    titleSUSE SLED15 / SLES15 Security Update : libmspack (SUSE-SU-2019:0748-1)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201903-20.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201903-20 (cabextract, libmspack: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in cabextract and libmspack. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE&rsquo;s for details. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id123426
    published2019-03-28
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123426
    titleGLSA-201903-20 : cabextract, libmspack: Multiple vulnerabilities
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1555.NASL
    descriptionCVE-2018-18584 Fixing the size of the CAB block input buffer, which is too small for the maximal Quantum block, prevents an out-of-bounds write. CVE-2018-18585 Blank filenames (having length zero or their 1st or 2nd byte is null) should be rejected. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id118468
    published2018-10-29
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118468
    titleDebian DLA-1555-1 : libmspack security update
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2454.NASL
    descriptionAccording to the versions of the libmspack package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has
    last seen2020-05-08
    modified2019-12-04
    plugin id131608
    published2019-12-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131608
    titleEulerOS 2.0 SP2 : libmspack (EulerOS-SA-2019-2454)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3814-1.NASL
    descriptionIt was discovered libmspack incorrectly handled certain malformed CAB files. A remote attacker could use this issue to cause libmspack to crash, resulting in a denial of service. (CVE-2018-18584, CVE-2018-18585). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id118904
    published2018-11-13
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118904
    titleUbuntu 16.04 LTS / 18.04 LTS / 18.10 : libmspack vulnerabilities (USN-3814-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1149.NASL
    descriptionThis update for libmspack fixes the following issues : Security issues fixed : - CVE-2018-18584: The CAB block input buffer was one byte too small for the maximal Quantum block, leading to an out-of-bounds write. (bsc#1113038) - CVE-2018-18585: chmd_read_headers accepted a filename that has
    last seen2020-06-01
    modified2020-06-02
    plugin id123778
    published2019-04-05
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123778
    titleopenSUSE Security Update : libmspack (openSUSE-2019-1149)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-2049.NASL
    descriptionAn update for libmspack is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libmspack packages contain a library providing compression and extraction of the Cabinet (CAB) file format used by Microsoft. Security Fix(es) : * libmspack: Out-of-bounds write in mspack/cab.h (CVE-2018-18584) * libmspack: chmd_read_headers() fails to reject filenames containing NULL bytes (CVE-2018-18585) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id128340
    published2019-08-30
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128340
    titleCentOS 7 : libmspack (CESA-2019:2049)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2609.NASL
    descriptionAccording to the versions of the libmspack package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has
    last seen2020-05-08
    modified2019-12-18
    plugin id132144
    published2019-12-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132144
    titleEulerOS 2.0 SP3 : libmspack (EulerOS-SA-2019-2609)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190806_LIBMSPACK_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - libmspack: Out-of-bounds write in mspack/cab.h (CVE-2018-18584) - libmspack: chmd_read_headers() fails to reject filenames containing NULL bytes (CVE-2018-18585)
    last seen2020-03-18
    modified2019-08-27
    plugin id128232
    published2019-08-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128232
    titleScientific Linux Security Update : libmspack on SL7.x x86_64 (20190806)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0217_LIBMSPACK.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has libmspack packages installed that are affected by multiple vulnerabilities: - An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash). (CVE-2018-14679) - In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write. (CVE-2018-18584) - chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has
    last seen2020-06-01
    modified2020-06-02
    plugin id131413
    published2019-12-02
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131413
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : libmspack Multiple Vulnerabilities (NS-SA-2019-0217)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2285.NASL
    descriptionAccording to the version of the libmspack package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has
    last seen2020-05-03
    modified2019-11-27
    plugin id131351
    published2019-11-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131351
    titleEulerOS 2.0 SP8 : libmspack (EulerOS-SA-2019-2285)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3814-2.NASL
    descriptionUSN-3814-1 fixed several vulnerabilities in libmspack. In Ubuntu 14.04 libmspack is included into ClamAV. This update provides the corresponding update for Ubuntu 14.04 LTS. Original advisory details : It was discovered libmspack incorrectly handled certain malformed CAB files. A remote attacker could use this issue to cause libmspack to crash, resulting in a denial of service. (CVE-2018-18584, CVE-2018-18585). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id118905
    published2018-11-13
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118905
    titleUbuntu 14.04 LTS : clamav vulnerabilities (USN-3814-2)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2534.NASL
    descriptionAccording to the versions of the libmspack package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has
    last seen2020-05-08
    modified2019-12-09
    plugin id131808
    published2019-12-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131808
    titleEulerOS 2.0 SP5 : libmspack (EulerOS-SA-2019-2534)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-13992-1.NASL
    descriptionThis update for libmspack fixes the following issues : Security issues fixed : CVE-2018-18584: The CAB block input buffer was one byte too small for the maximal Quantum block, leading to an out-of-bounds write. (bsc#1113038) CVE-2018-18585: chmd_read_headers accepted a filename that has
    last seen2020-06-01
    modified2020-06-02
    plugin id123455
    published2019-03-28
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123455
    titleSUSE SLES11 Security Update : libmspack (SUSE-SU-2019:13992-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-C73D257297.NASL
    descriptionLatest stable releases of libmspack and cabextract, includes security fixes for CVE-2018-14680, CVE-2018-14681, CVE-2018-14682, CVE-2018-18584, CVE-2018-18585 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-11-19
    plugin id119019
    published2018-11-19
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119019
    titleFedora 27 : cabextract / libmspack (2018-c73d257297)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1310.NASL
    descriptionIn mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.(CVE-2018-18584) chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has
    last seen2020-06-01
    modified2020-06-02
    plugin id129792
    published2019-10-11
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129792
    titleAmazon Linux 2 : libmspack (ALAS-2019-1310)

Redhat

advisories
bugzilla
id1644215
titleCVE-2018-18585 libmspack: chmd_read_headers() fails to reject filenames containing NULL bytes
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 7 is installed
      ovaloval:com.redhat.rhba:tst:20150364027
    • OR
      • AND
        • commentlibmspack is earlier than 0:0.5-0.7.alpha.el7
          ovaloval:com.redhat.rhsa:tst:20192049001
        • commentlibmspack is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20183327002
      • AND
        • commentlibmspack-devel is earlier than 0:0.5-0.7.alpha.el7
          ovaloval:com.redhat.rhsa:tst:20192049003
        • commentlibmspack-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20183327004
rhsa
idRHSA-2019:2049
released2019-08-06
severityModerate
titleRHSA-2019:2049: libmspack security update (Moderate)
rpms
  • libmspack-0:0.5-0.7.alpha.el7
  • libmspack-debuginfo-0:0.5-0.7.alpha.el7
  • libmspack-devel-0:0.5-0.7.alpha.el7