Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:LIBMSPACK-OFF-BY-ONE |
|---|---|
Severity |
Major |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Libmspack Project cabd_sys_read_block Off By One |
Release Date |
2019/01/22 |
Update Number |
3136 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Libmspack Project cabd_sys_read_block Off By One
This signature detects attempts to exploit a known vulnerability against Libmspack Project. This vulnerability is due to improper handling of block alignment when processing blocks using Quantum compression in the cabd_sys_read_block function. A remote attacker could exploit this vulnerability by enticing a target user to open an malicious crafted CAB file with an application that uses vulnerable library. Successful exploitation of the vulnerability may result in arbitrary code execution under the security context of the user.
Extended Description
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.
Affected Products
- Canonical ubuntu_linux 12.04
- Canonical ubuntu_linux 14.04
- Canonical ubuntu_linux 16.04
- Canonical ubuntu_linux 18.04
- Canonical ubuntu_linux 18.10
- Debian debian_linux 8.0
- Kyzer limbspack 0.3
- Kyzer limbspack 0.4
- Kyzer limbspack 0.5
- Kyzer limbspack 0.6
- Kyzer limbspack 0.7
- Kyzer limbspack 0.7.1
- Redhat enterprise_linux 7.0
- Suse linux_enterprise_server 11
- Suse linux_enterprise_server 12
References
- CVE: CVE-2018-18584