CVE-2014-4909
CVSS6.8
发布时间 :2014-07-29 10:55:07
修订时间 :2014-11-13 22:06:21
NMCPS    

[原文]Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.


[CNNVD]Transmission ‘tr_bitfieldEnsureNthBitAlloced’函数整数溢出漏洞(CNNVD-201407-674)

        

Transmission是Transmission项目组开发的一款使用在Linux及Mac OS X平台下的免费BitTorrent(BT)客户端,它支持数据加密、损坏修复和制作种子等。

Transmission 2.84之前版本的bitfield.c文件中‘tr_bitfieldEnsureNthBitAlloced’函数存在整数溢出漏洞。远程攻击者可通过发送特制的peer消息利用该漏洞造成拒绝服务,执行任意代码。

- CVSS (基础分值)

CVSS分值: 6.8 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-189 [数值错误]

- CPE (受影响的平台与产品)

cpe:/a:transmissionbt:transmission:1.61transmissionbt Transmission 1.61
cpe:/a:transmissionbt:transmission:2.41transmissionbt Transmission 2.41
cpe:/a:transmissionbt:transmission:0.6transmissionbt Transmission 0.6
cpe:/a:transmissionbt:transmission:2.42transmissionbt Transmission 2.42
cpe:/a:transmissionbt:transmission:2.80
cpe:/a:transmissionbt:transmission:2.82
cpe:/a:transmissionbt:transmission:2.81
cpe:/a:transmissionbt:transmission:2.83
cpe:/a:transmissionbt:transmission:1.90transmissionbt Transmission 1.90
cpe:/a:transmissionbt:transmission:1.92transmissionbt Transmission 1.92
cpe:/a:transmissionbt:transmission:1.91transmissionbt Transmission 1.91
cpe:/a:transmissionbt:transmission:1.93transmissionbt Transmission 1.93
cpe:/a:transmissionbt:transmission:2.40transmissionbt Transmission 2.40
cpe:/a:transmissionbt:transmission:1.75transmissionbt Transmission 1.75
cpe:/a:transmissionbt:transmission:1.76transmissionbt Transmission 1.76
cpe:/a:transmissionbt:transmission:1.73transmissionbt Transmission 1.73
cpe:/a:transmissionbt:transmission:1.74transmissionbt Transmission 1.74
cpe:/a:transmissionbt:transmission:1.77transmissionbt Transmission 1.77
cpe:/o:canonical:ubuntu_linux:13.10
cpe:/a:transmissionbt:transmission:2.61transmissionbt Transmission 2.61
cpe:/a:transmissionbt:transmission:1.72transmissionbt Transmission 1.72
cpe:/a:transmissionbt:transmission:2.60transmissionbt Transmission 2.60
cpe:/a:transmissionbt:transmission:2.32transmissionbt Transmission 2.32
cpe:/a:transmissionbt:transmission:2.33transmissionbt Transmission 2.33
cpe:/o:canonical:ubuntu_linux:12.04:-:ltsCanonical Ubuntu Linux 12.04 LTS (Long-Term Support)
cpe:/a:transmissionbt:transmission:2.30transmissionbt Transmission 2.30
cpe:/a:transmissionbt:transmission:2.31transmissionbt Transmission 2.31
cpe:/a:transmissionbt:transmission:1.60transmissionbt Transmission 1.60
cpe:/a:transmissionbt:transmission:0.92transmissionbt Transmission 0.92
cpe:/a:transmissionbt:transmission:0.90transmissionbt Transmission 0.90
cpe:/a:transmissionbt:transmission:0.91transmissionbt Transmission 0.91
cpe:/o:gentoo:linuxGentoo Linux
cpe:/a:transmissionbt:transmission:1.83transmissionbt Transmission 1.83
cpe:/a:transmissionbt:transmission:2.50transmissionbt Transmission 2.50
cpe:/a:transmissionbt:transmission:1.02transmissionbt Transmission 1.02
cpe:/a:transmissionbt:transmission:1.00transmissionbt Transmission 1.00
cpe:/a:transmissionbt:transmission:1.01transmissionbt Transmission 1.01
cpe:/a:transmissionbt:transmission:0.2transmissionbt Transmission 0.2
cpe:/a:transmissionbt:transmission:1.03transmissionbt Transmission 1.03
cpe:/a:transmissionbt:transmission:0.1transmissionbt Transmission 0.1
cpe:/a:transmissionbt:transmission:0.4transmissionbt Transmission 0.4
cpe:/a:transmissionbt:transmission:0.3transmissionbt Transmission 0.3
cpe:/a:transmissionbt:transmission:0.5transmissionbt Transmission 0.5
cpe:/a:transmissionbt:transmission:1.11transmissionbt Transmission 1.11
cpe:/a:transmissionbt:transmission:0.93transmissionbt Transmission 0.93
cpe:/a:transmissionbt:transmission:2.52transmissionbt Transmission 2.52
cpe:/a:transmissionbt:transmission:1.10transmissionbt Transmission 1.10
cpe:/a:transmissionbt:transmission:1.82transmissionbt Transmission 1.82
cpe:/a:transmissionbt:transmission:2.51transmissionbt Transmission 2.51
cpe:/a:transmissionbt:transmission:1.81transmissionbt Transmission 1.81
cpe:/a:transmissionbt:transmission:1.80transmissionbt Transmission 1.80
cpe:/a:transmissionbt:transmission:1.04transmissionbt Transmission 1.04
cpe:/a:transmissionbt:transmission:0.95transmissionbt Transmission 0.95
cpe:/a:transmissionbt:transmission:1.05transmissionbt Transmission 1.05
cpe:/a:transmissionbt:transmission:0.94transmissionbt Transmission 0.94
cpe:/a:transmissionbt:transmission:1.06transmissionbt Transmission 1.06
cpe:/a:transmissionbt:transmission:0.96transmissionbt Transmission 0.96
cpe:/a:transmissionbt:transmission:2.70
cpe:/a:transmissionbt:transmission:2.71
cpe:/a:transmissionbt:transmission:2.72
cpe:/a:transmissionbt:transmission:2.00transmissionbt Transmission 2.00
cpe:/a:transmissionbt:transmission:2.03transmissionbt Transmission 2.03
cpe:/a:transmissionbt:transmission:2.02transmissionbt Transmission 2.02
cpe:/a:transmissionbt:transmission:2.01transmissionbt Transmission 2.01
cpe:/a:transmissionbt:transmission:0.82transmissionbt Transmission 0.82
cpe:/a:transmissionbt:transmission:1.21transmissionbt Transmission 1.21
cpe:/a:transmissionbt:transmission:1.20transmissionbt Transmission 1.20
cpe:/a:transmissionbt:transmission:0.70transmissionbt Transmission 0.70
cpe:/a:transmissionbt:transmission:1.22transmissionbt Transmission 1.22
cpe:/a:transmissionbt:transmission:0.72transmissionbt Transmission 0.72
cpe:/o:fedoraproject:fedora:20
cpe:/a:transmissionbt:transmission:0.71transmissionbt Transmission 0.71
cpe:/o:canonical:ubuntu_linux:14.04::lts
cpe:/a:transmissionbt:transmission:2.73
cpe:/a:transmissionbt:transmission:2.77
cpe:/a:transmissionbt:transmission:1.30transmissionbt Transmission 1.30
cpe:/a:transmissionbt:transmission:2.76
cpe:/a:transmissionbt:transmission:2.75
cpe:/a:transmissionbt:transmission:1.32transmissionbt Transmission 1.32
cpe:/a:transmissionbt:transmission:2.74
cpe:/a:transmissionbt:transmission:1.31transmissionbt Transmission 1.31
cpe:/a:transmissionbt:transmission:1.34transmissionbt Transmission 1.34
cpe:/a:transmissionbt:transmission:1.33transmissionbt Transmission 1.33
cpe:/a:transmissionbt:transmission:0.6.1transmissionbt Transmission 0.6.1
cpe:/a:transmissionbt:transmission:2.22transmissionbt Transmission 2.22
cpe:/a:transmissionbt:transmission:2.21transmissionbt Transmission 2.21
cpe:/a:transmissionbt:transmission:2.20transmissionbt Transmission 2.20
cpe:/a:transmissionbt:transmission:1.70transmissionbt Transmission 1.70
cpe:/a:transmissionbt:transmission:1.71transmissionbt Transmission 1.71
cpe:/a:transmissionbt:transmission:1.42transmissionbt Transmission 1.42
cpe:/a:transmissionbt:transmission:1.41transmissionbt Transmission 1.41
cpe:/a:transmissionbt:transmission:1.40transmissionbt Transmission 1.40
cpe:/a:transmissionbt:transmission:1.2transmissionbt Transmission 1.2
cpe:/a:transmissionbt:transmission:2.13transmissionbt Transmission 2.13
cpe:/a:transmissionbt:transmission:2.12transmissionbt Transmission 2.12
cpe:/a:transmissionbt:transmission:2.11transmissionbt Transmission 2.11
cpe:/a:transmissionbt:transmission:2.10transmissionbt Transmission 2.10
cpe:/a:transmissionbt:transmission:1.50transmissionbt Transmission 1.50
cpe:/a:transmissionbt:transmission:0.81transmissionbt Transmission 0.81
cpe:/a:transmissionbt:transmission:0.80transmissionbt Transmission 0.80
cpe:/a:transmissionbt:transmission:2.04transmissionbt Transmission 2.04
cpe:/a:transmissionbt:transmission:1.52transmissionbt Transmission 1.52
cpe:/a:transmissionbt:transmission:1.51transmissionbt Transmission 1.51
cpe:/a:transmissionbt:transmission:1.54transmissionbt Transmission 1.54
cpe:/a:transmissionbt:transmission:1.53transmissionbt Transmission 1.53

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:25654DSA-2988-1 -- transmission - security update
oval:org.mitre.oval:def:24973USN-2279-1 -- transmission vulnerability
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4909
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4909
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-201407-674
(官方数据源) CNNVD

- 其它链接及资源

https://twitter.com/benhawkes/statuses/484378151959539712
(UNKNOWN)  MISC  https://twitter.com/benhawkes/statuses/484378151959539712
https://trac.transmissionbt.com/wiki/Changes#version-2.84
(VENDOR_ADVISORY)  CONFIRM  https://trac.transmissionbt.com/wiki/Changes#version-2.84
https://bugzilla.redhat.com/show_bug.cgi?id=1118290
(UNKNOWN)  CONFIRM  https://bugzilla.redhat.com/show_bug.cgi?id=1118290
https://bugs.gentoo.org/show_bug.cgi?id=516822
(UNKNOWN)  CONFIRM  https://bugs.gentoo.org/show_bug.cgi?id=516822
http://www.ubuntu.com/usn/USN-2279-1
(UNKNOWN)  UBUNTU  USN-2279-1
http://www.securityfocus.com/bid/68487
(UNKNOWN)  BID  68487
http://www.osvdb.org/108997
(UNKNOWN)  OSVDB  108997
http://www.openwall.com/lists/oss-security/2014/07/11/5
(UNKNOWN)  MLIST  [oss-security] 20140711 Re: CVE request: transmission peer communication vulnerability
http://www.openwall.com/lists/oss-security/2014/07/10/4
(UNKNOWN)  MLIST  [oss-security] 20140710 CVE request: transmission peer communication vulnerability
http://www.debian.org/security/2014/dsa-2988
(UNKNOWN)  DEBIAN  DSA-2988
http://secunia.com/advisories/60527
(UNKNOWN)  SECUNIA  60527
http://secunia.com/advisories/60108
(UNKNOWN)  SECUNIA  60108
http://secunia.com/advisories/59897
(UNKNOWN)  SECUNIA  59897
http://lists.opensuse.org/opensuse-updates/2014-08/msg00011.html
(UNKNOWN)  SUSE  openSUSE-SU-2014:0980
http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135539.html
(UNKNOWN)  FEDORA  FEDORA-2014-8331
http://inertiawar.com/submission.go
(UNKNOWN)  MISC  http://inertiawar.com/submission.go

- 漏洞信息

Transmission ‘tr_bitfieldEnsureNthBitAlloced’函数整数溢出漏洞
中危 数字错误
2014-07-29 00:00:00 2014-07-30 00:00:00
远程  
        

Transmission是Transmission项目组开发的一款使用在Linux及Mac OS X平台下的免费BitTorrent(BT)客户端,它支持数据加密、损坏修复和制作种子等。

Transmission 2.84之前版本的bitfield.c文件中‘tr_bitfieldEnsureNthBitAlloced’函数存在整数溢出漏洞。远程攻击者可通过发送特制的peer消息利用该漏洞造成拒绝服务,执行任意代码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        https://trac.transmissionbt.com/wiki/Changes#version-2.84

- 漏洞信息 (F127485)

Ubuntu Security Notice USN-2279-1 (PacketStormID:F127485)
2014-07-16 00:00:00
Ubuntu  security.ubuntu.com
advisory,remote,denial of service,arbitrary
linux,ubuntu
CVE-2014-4909
[点击下载]

Ubuntu Security Notice 2279-1 - Ben Hawkes discovered that Transmission incorrectly handled certain peer messages. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.

============================================================================
Ubuntu Security Notice USN-2279-1
July 16, 2014

transmission vulnerability
============================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS
- Ubuntu 13.10
- Ubuntu 12.04 LTS

Summary:

Transmission could be made to crash or run programs if it received
specially crafted network traffic.

Software Description:
- transmission: lightweight BitTorrent client

Details:

Ben Hawkes discovered that Transmission incorrectly handled certain peer
messages. A remote attacker could use this issue to cause a denial of
service, or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
  transmission-common             2.82-1.1ubuntu3.1

Ubuntu 13.10:
  transmission-common             2.82-0ubuntu1.1

Ubuntu 12.04 LTS:
  transmission-common             2.51-0ubuntu1.4

After a standard system update you need to restart Transmission to make all
the necessary changes.

References:
  http://www.ubuntu.com/usn/usn-2279-1
  CVE-2014-4909

Package Information:
  https://launchpad.net/ubuntu/+source/transmission/2.82-1.1ubuntu3.1
  https://launchpad.net/ubuntu/+source/transmission/2.82-0ubuntu1.1
  https://launchpad.net/ubuntu/+source/transmission/2.51-0ubuntu1.4
    

- 漏洞信息 (F127625)

Debian Security Advisory 2988-1 (PacketStormID:F127625)
2014-07-25 00:00:00
Debian  debian.org
advisory,denial of service,arbitrary
linux,debian
CVE-2014-4909
[点击下载]

Debian Linux Security Advisory 2988-1 - Ben Hawkes discovered that incorrect handling of peer messages in the Transmission bittorrent client could result in denial of service or the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2988-1                   security@debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
July 24, 2014                          http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : transmission
CVE ID         : CVE-2014-4909

Ben Hawkes discovered that incorrect handling of peer messages in the
Transmission bittorrent client could result in denial of service or the
execution of arbitrary code.

For the stable distribution (wheezy), this problem has been fixed in
version 2.52-3+nmu2.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your transmission packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIbBAEBAgAGBQJT0WGOAAoJEBDCk7bDfE420PwP+Lz8RQw7iiicARmEcm9M9Gpe
zFEqgLuj/JGbWQ3sE9sX2Bmm2BMKROP9fYtwLYWCeIDsFAVDQYvLljmlHW9dmnxQ
Z599BKTyfykU5Uo0rp2rVPAh5nV3/VPFdfX459uBnSVhZGOhizOCgXBuo8KCc6Od
i0ALsQvfpDyhAtPzxBiOIJ4blmZ418MELuJpGUkVNu7+MuSS58RP+BjZ5v4/2TW2
+QBLefRZrZRFBpMVEhWleLMeEoKs+okqB+586D1eqHWAwqNFhdaZgqoJwumVqQWr
XGBdenzHACgwIixHlVvjOIeoC1QXsHmB2SLGibC6et2WGeg+WECwJXuFvsiNRMPl
NEw3ug4wgGHcgkD5DnI8GgCPFGZfBLjqWRtcjB2oYN5Jqy696xIMMXYs4ZE+0Qmo
PRiXn+4jo4fpP4f1DNMOexqtm2Ge4Hx8KZlwIfhV3v7rDmRW6dH1tCSpiHYKuiKV
s+ksN37bRoRMjfllIZ4mefjxUGmHW4KrRyq4Y+2G7LfflkfjK9TwNtH/oQeSTZ8L
S0tywOTKanNybMEuY+guKmMdqGTCSeueq0OHe5W5ZL2/vRJ2gSlx48pZTC1Br+gn
YZgRNou3YnAHuYPzKyZpiNeVBZx7SlKRrVBoq5k+TvLMyhyIc8bwImAgWzhi2dWI
DLZoWkembMEoQd8nvlI=
=kNh+
-----END PGP SIGNATURE-----
    

- 漏洞信息

Transmission Out of Bounds Memory Corruption Vulnerability
Unknown 68487
Yes No
2014-07-10 12:00:00 2014-08-19 01:12:00
Ben Hawkes

- 受影响的程序版本

Ubuntu Ubuntu Linux 12.04 LTS i386
Ubuntu Ubuntu Linux 12.04 LTS amd64
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64

- 漏洞讨论

Transmission is prone to a memory-corruption vulnerability.

Attackers can exploit this issue to cause denial-of-service conditions.

Transmission 2.83 is vulnerable; other versions may also be affected.

- 漏洞利用

The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.

- 解决方案

Updates are available. Please see the references or vendor advisory for more information.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站