Attachment #157283 for bug #198955

View | Details | Raw Unified | Return to bug 198955 | Differences between
Collapse All | Expand All





-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
  <vuln vid="cfb12f02-06e1-11e5-8fda-002590263bf5">
    <topic>cabextract -- directory traversal with UTF-8 symbols in filenames</topic>
    <affects>
      <package>
	<name>cabextract</name>
	<range><lt>1.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Cabextract ChangeLog reports:</p>
	<blockquote cite="http://www.cabextract.org.uk/#changes">
	  <p>It was possible for cabinet files to extract to absolute file
	    locations, and it was possible on Cygwin to get around cabextract's
	    absolute and relative path protections by using backslashes.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://www.cabextract.org.uk/#changes</url>
      <mlist>http://www.openwall.com/lists/oss-security/2015/02/18/3</mlist>
      <cvename>CVE-2015-2060</cvename>
    </references>
    <dates>
      <discovery>2015-02-18</discovery>
      <entry>2015-05-30</entry>
    </dates>
  </vuln>

  <vuln vid="cc7548ef-06e1-11e5-8fda-002590263bf5">
    <topic>libmspack -- frame_end overflow which could cause infinite loop</topic>
    <affects>
      <package>
	<name>libmspack</name>
	<range><lt>0.5</lt></range>
      </package>
      <package>
	<name>cabextract</name>
	<range><lt>1.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>There is a denial of service vulnerability in libmspack.  The
	  libmspack code is built into cabextract, so it is also
	  vulnerable.</p>
	<p>MITRE reports:</p>
	<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9556">
	  <p>Integer overflow in the qtmd_decompress function in libmspack 0.4
	    allows remote attackers to cause a denial of service (hang) via a
	    crafted CAB file, which triggers an infinite loop.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-9556</cvename>
      <url>https://bugs.debian.org/773041</url>
      <mlist>http://www.openwall.com/lists/oss-security/2015/01/07/2</mlist>
    </references>
    <dates>
      <discovery>2014-12-11</discovery>
      <entry>2015-05-30</entry>
    </dates>
  </vuln>

  <vuln vid="9471ec47-05a2-11e5-8fda-002590263bf5">
    <topic>proxychains-ng -- current path as the first directory for the library search path</topic>
    <affects>

Return to bug 198955

Lines 57-62 Link Here

(-)security/vuxml/vuln.xml (+65 lines)
57		57
58	-->	58	-->
59	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">	59	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
		60	<vuln vid="cfb12f02-06e1-11e5-8fda-002590263bf5">
		61	<topic>cabextract -- directory traversal with UTF-8 symbols in filenames</topic>
		62	<affects>
		63	<package>
		64	<name>cabextract</name>
		65	<range><lt>1.6</lt></range>
		66	</package>
		67	</affects>
		68	<description>
		69	<body xmlns="http://www.w3.org/1999/xhtml">
		70	<p>Cabextract ChangeLog reports:</p>
		71	<blockquote cite="http://www.cabextract.org.uk/#changes">
		72	<p>It was possible for cabinet files to extract to absolute file
		73	locations, and it was possible on Cygwin to get around cabextract's
		74	absolute and relative path protections by using backslashes.</p>
		75	</blockquote>
		76	</body>
		77	</description>
		78	<references>
		79	<url>http://www.cabextract.org.uk/#changes</url>
		80	<mlist>http://www.openwall.com/lists/oss-security/2015/02/18/3</mlist>
		81	<cvename>CVE-2015-2060</cvename>
		82	</references>
		83	<dates>
		84	<discovery>2015-02-18</discovery>
		85	<entry>2015-05-30</entry>
		86	</dates>
		87	</vuln>
		88
		89	<vuln vid="cc7548ef-06e1-11e5-8fda-002590263bf5">
		90	<topic>libmspack -- frame_end overflow which could cause infinite loop</topic>
		91	<affects>
		92	<package>
		93	<name>libmspack</name>
		94	<range><lt>0.5</lt></range>
		95	</package>
		96	<package>
		97	<name>cabextract</name>
		98	<range><lt>1.5</lt></range>
		99	</package>
		100	</affects>
		101	<description>
		102	<body xmlns="http://www.w3.org/1999/xhtml">
		103	<p>There is a denial of service vulnerability in libmspack. The
		104	libmspack code is built into cabextract, so it is also
		105	vulnerable.</p>
		106	<p>MITRE reports:</p>
		107	<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9556">
		108	<p>Integer overflow in the qtmd_decompress function in libmspack 0.4
		109	allows remote attackers to cause a denial of service (hang) via a
		110	crafted CAB file, which triggers an infinite loop.</p>
		111	</blockquote>
		112	</body>
		113	</description>
		114	<references>
		115	<cvename>CVE-2014-9556</cvename>
		116	<url>https://bugs.debian.org/773041</url>
		117	<mlist>http://www.openwall.com/lists/oss-security/2015/01/07/2</mlist>
		118	</references>
		119	<dates>
		120	<discovery>2014-12-11</discovery>
		121	<entry>2015-05-30</entry>
		122	</dates>
		123	</vuln>
124
60	<vuln vid="9471ec47-05a2-11e5-8fda-002590263bf5">	125	<vuln vid="9471ec47-05a2-11e5-8fda-002590263bf5">
61	<topic>proxychains-ng -- current path as the first directory for the library search path</topic>	126	<topic>proxychains-ng -- current path as the first directory for the library search path</topic>
62	<affects>	127	<affects>