FreeBSD : zziplib - multiple vulnerabilities (7764b219-8148-11e8-aa4d-000e0cd7b374)

medium Nessus Plugin ID 110969

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

NIST reports (by search in the range 2017/01/01 - 2018/07/06) :

17 security fixes in this release :

- Heap-based buffer overflow in the __zzip_get32 function in fetch.c.

- Heap-based buffer overflow in the __zzip_get64 function in fetch.c.

- Heap-based buffer overflow in the zzip_mem_entry_extra_block function in memdisk.c.

- The zzip_mem_entry_new function in memdisk.c allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ZIP file.

- The prescan_entry function in fseeko.c allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via crafted ZIP file.

- The zzip_mem_entry_new function in memdisk.c cause a NULL pointer dereference and crash via a crafted ZIP file.

- seeko.c cause a denial of service (assertion failure and crash) via a crafted ZIP file.

- A segmentation fault caused by invalid memory access in the zzip_disk_fread function because the size variable is not validated against the amount of file->stored data.

- A memory alignment error and bus error in the
__zzip_fetch_disk_trailer function of zzip/zip.c.

- A bus error caused by loading of a misaligned address in the zzip_disk_findfirst function.

- An uncontrolled memory allocation and a crash in the
__zzip_parse_root_directory function.

- An invalid memory address dereference was discovered in zzip_disk_fread in mmapped.c.

- A memory leak triggered in the function zzip_mem_disk_new in memdisk.c.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?26fb49e6

http://www.nessus.org/u?eae19ef5

Plugin Details

Severity: Medium

ID: 110969

File Name: freebsd_pkg_7764b219814811e8aa4d000e0cd7b374.nasl

Version: 1.5

Type: local

Published: 7/10/2018

Updated: 9/5/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.4

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2018-7727

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:zziplib, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/6/2018

Vulnerability Publication Date: 3/1/2017

Reference Information

CVE: CVE-2017-5974, CVE-2017-5975, CVE-2017-5976, CVE-2017-5977, CVE-2017-5978, CVE-2017-5979, CVE-2017-5980, CVE-2017-5981, CVE-2018-6381, CVE-2018-6484, CVE-2018-6540, CVE-2018-6541, CVE-2018-6542, CVE-2018-6869, CVE-2018-7725, CVE-2018-7726, CVE-2018-7727