CVE-2014-9496
CVSS10.0
发布时间 :2015-01-16 11:59:16
修订时间 :2017-06-30 21:29:09
NMCP    

[原文]The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.


[CNNVD]libsndfile 缓冲区溢出漏洞(CNNVD-201412-536)

        

libsndfile是软件开发者Erik de Castro Lopo所研发的一个通过标准接口读写AIFF、AU和WAV等格式的音频文件的C库。

libsndfile的sd2.c文件中的‘sd2_parse_rsrc_fork’函数存在安全漏洞。攻击者可借助map偏移或rsrc标记利用该漏洞造成越边界读取。

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-119 [内存缓冲区边界内操作的限制不恰当]

- CPE (受影响的平台与产品)

cpe:/a:gentoo:libsndfileGentoo libsndfile
cpe:/o:novell:opensuse:13.1
cpe:/o:novell:opensuse:13.2

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9496
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9496
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-201412-536
(官方数据源) CNNVD

- 其它链接及资源

http://advisories.mageia.org/MGASA-2015-0015.html
(UNKNOWN)  CONFIRM  http://advisories.mageia.org/MGASA-2015-0015.html
http://lists.opensuse.org/opensuse-updates/2015-01/msg00016.html
(UNKNOWN)  SUSE  openSUSE-SU-2015:0041
http://www.mandriva.com/security/advisories?name=MDVSA-2015:024
(UNKNOWN)  MANDRIVA  MDVSA-2015:024
http://www.openwall.com/lists/oss-security/2015/01/04/4
(UNKNOWN)  MLIST  [oss-security] 20150103 Re: Re: CVE Request: libsndfile buffer overread
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
(UNKNOWN)  CONFIRM  http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.securityfocus.com/bid/71796
(UNKNOWN)  BID  71796
http://www.ubuntu.com/usn/USN-2832-1
(UNKNOWN)  UBUNTU  USN-2832-1
https://github.com/erikd/libsndfile/commit/dbe14f00030af5d3577f4cabbf9861db59e9c378
(UNKNOWN)  CONFIRM  https://github.com/erikd/libsndfile/commit/dbe14f00030af5d3577f4cabbf9861db59e9c378
https://github.com/erikd/libsndfile/issues/93
(UNKNOWN)  CONFIRM  https://github.com/erikd/libsndfile/issues/93
https://security.gentoo.org/glsa/201612-03
(UNKNOWN)  GENTOO  GLSA-201612-03

- 漏洞信息

libsndfile 缓冲区溢出漏洞
危急 缓冲区溢出
2014-12-30 00:00:00 2015-01-19 00:00:00
远程  
        

libsndfile是软件开发者Erik de Castro Lopo所研发的一个通过标准接口读写AIFF、AU和WAV等格式的音频文件的C库。

libsndfile的sd2.c文件中的‘sd2_parse_rsrc_fork’函数存在安全漏洞。攻击者可借助map偏移或rsrc标记利用该漏洞造成越边界读取。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,详情请关注厂商主页:
        https://github.com/erikd/libsndfile/

- 漏洞信息 (F129982)

Mandriva Linux Security Advisory 2015-024 (PacketStormID:F129982)
2015-01-16 00:00:00
Mandriva  mandriva.com
advisory,denial of service,overflow,arbitrary,vulnerability
linux,mandriva
CVE-2014-9496
[点击下载]

Mandriva Linux Security Advisory 2015-024 - libsndfile contains multiple buffer-overflow vulnerabilities in src/sd2.c because it fails to properly bounds-check user supplied input, which may allow an attacker to execute arbitrary code or cause a denial of service. libsndfile contains a divide-by-zero error in src/file_io.c which may allow an attacker to cause a denial of service.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:024
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : libsndfile
 Date    : January 15, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated libsndfile packages fix security vulnerabilities:
 
 libsndfile contains multiple buffer-overflow vulnerabilities in
 src/sd2.c because it fails to properly bounds-check user supplied
 input, which may allow an attacker to execute arbitrary code or cause
 a denial of service (CVE-2014-9496).
 
 libsndfile contains a divide-by-zero error in src/file_io.c which
 may allow an attacker to cause a denial of service.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9496
 http://advisories.mageia.org/MGASA-2015-0015.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 363b090ade387feaab18151d55caa071  mbs1/x86_64/lib64sndfile1-1.0.25-3.1.mbs1.x86_64.rpm
 348de9ce8c0fa39a0f2ee0035ade2e42  mbs1/x86_64/lib64sndfile-devel-1.0.25-3.1.mbs1.x86_64.rpm
 7bf33321207a0342ba7e96909887ca5f  mbs1/x86_64/lib64sndfile-static-devel-1.0.25-3.1.mbs1.x86_64.rpm
 1c47175145597f183be3e1cbaa5ddb46  mbs1/x86_64/libsndfile-progs-1.0.25-3.1.mbs1.x86_64.rpm 
 8e3eb94db10a5ddbfc88424849bd8c17  mbs1/SRPMS/libsndfile-1.0.25-3.1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFUt8QXmqjQ0CJFipgRAh+LAJ0aBMlVXjeKGq0ek0e3NWnVAJqX2ACgy1rZ
zVqA1Ewf9jyxNI34Cmou9HI=
=BI5b
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F131176)

Mandriva Linux Security Advisory 2015-149 (PacketStormID:F131176)
2015-03-30 00:00:00
Mandriva  mandriva.com
advisory,denial of service,overflow,arbitrary,vulnerability
linux,mandriva
CVE-2014-9496
[点击下载]

Mandriva Linux Security Advisory 2015-149 - libsndfile contains multiple buffer-overflow vulnerabilities in src/sd2.c because it fails to properly bounds-check user supplied input, which may allow an attacker to execute arbitrary code or cause a denial of service. libsndfile contains a divide-by-zero error in src/file_io.c which may allow an attacker to cause a denial of service.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:149
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : libsndfile
 Date    : March 29, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated libsndfile packages fix security vulnerabilities:
 
 libsndfile contains multiple buffer-overflow vulnerabilities in
 src/sd2.c because it fails to properly bounds-check user supplied
 input, which may allow an attacker to execute arbitrary code or cause
 a denial of service (CVE-2014-9496).
 
 libsndfile contains a divide-by-zero error in src/file_io.c which
 may allow an attacker to cause a denial of service.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9496
 http://advisories.mageia.org/MGASA-2015-0015.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 2/X86_64:
 824ecea60e42ed8573f7c05998cfdbe3  mbs2/x86_64/lib64sndfile1-1.0.25-4.1.mbs2.x86_64.rpm
 93be592a607ebb21504a2c2474cde441  mbs2/x86_64/lib64sndfile-devel-1.0.25-4.1.mbs2.x86_64.rpm
 324e5461e8a940849a166fba67062091  mbs2/x86_64/lib64sndfile-static-devel-1.0.25-4.1.mbs2.x86_64.rpm
 3d887123ca55ec7885884268a8219e34  mbs2/x86_64/libsndfile-progs-1.0.25-4.1.mbs2.x86_64.rpm 
 738172dcbc6cc5523bacb96322c2fc78  mbs2/SRPMS/libsndfile-1.0.25-4.1.mbs2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFVGAN7mqjQ0CJFipgRAnfSAJ9rgu4+ghh3WUXevHolMP36WdH4gQCgh36e
scbKUG8gGq8/PReDsLLGsik=
=e195
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F134674)

Ubuntu Security Notice USN-2832-1 (PacketStormID:F134674)
2015-12-07 00:00:00
Ubuntu  security.ubuntu.com
advisory,remote,denial of service
linux,ubuntu
CVE-2014-9496,CVE-2014-9756,CVE-2015-7805
[点击下载]

Ubuntu Security Notice 2832-1 - It was discovered that libsndfile incorrectly handled memory when parsing malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Joshua Rogers discovered that libsndfile incorrectly handled division when parsing malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service. Various other issues were also addressed.

============================================================================
Ubuntu Security Notice USN-2832-1
December 07, 2015

libsndfile vulnerabilities
============================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 15.10
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS

Summary:

libsndfile could be made to crash or run programs as your login if it
opened a specially crafted file.

Software Description:
- libsndfile: Library for reading/writing audio files

Details:

It was discovered that libsndfile incorrectly handled memory when parsing
malformed files. A remote attacker could use this issue to cause
libsndfile to crash, resulting in a denial of service. This issue only
applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-9496)

Joshua Rogers discovered that libsndfile incorrectly handled division when
parsing malformed files. A remote attacker could use this issue to cause
libsndfile to crash, resulting in a denial of service. (CVE-2014-9756)

Marco Romano discovered that libsndfile incorrectly handled certain
malformed AIFF files. A remote attacker could use this issue to cause
libsndfile to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2015-7805)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.10:
  libsndfile1                     1.0.25-9.1ubuntu0.15.10.1

Ubuntu 15.04:
  libsndfile1                     1.0.25-9.1ubuntu0.15.04.1

Ubuntu 14.04 LTS:
  libsndfile1                     1.0.25-7ubuntu2.1

Ubuntu 12.04 LTS:
  libsndfile1                     1.0.25-4ubuntu0.1

After a standard system update you need to restart your session to make
all the necessary changes.

References:
  http://www.ubuntu.com/usn/usn-2832-1
  CVE-2014-9496, CVE-2014-9756, CVE-2015-7805

Package Information:
  https://launchpad.net/ubuntu/+source/libsndfile/1.0.25-9.1ubuntu0.15.10.1
  https://launchpad.net/ubuntu/+source/libsndfile/1.0.25-9.1ubuntu0.15.04.1
  https://launchpad.net/ubuntu/+source/libsndfile/1.0.25-7ubuntu2.1
  https://launchpad.net/ubuntu/+source/libsndfile/1.0.25-4ubuntu0.1
    

- 漏洞信息 (F139996)

Gentoo Linux Security Advisory 201612-03 (PacketStormID:F139996)
2016-12-03 00:00:00
Gentoo  security.gentoo.org
advisory,remote,arbitrary,vulnerability
linux,gentoo
CVE-2014-9496,CVE-2015-7805
[点击下载]

Gentoo Linux Security Advisory 201612-3 - Multiple vulnerabilities have been found in libsndfile, the worst of which might allow remote attackers to execute arbitrary code. Versions less than 1.0.26 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201612-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: libsndfile: Multiple vulnerabilities
     Date: December 03, 2016
     Bugs: #533750, #566682
       ID: 201612-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in libsndfile, the worst of
which might allow remote attackers to execute arbitrary code.

Background
==========

libsndfile is a C library for reading and writing files containing
sampled sound.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  media-libs/libsndfile        < 1.0.26                  >= 1.0.26 

Description
===========

Multiple vulnerabilities have been discovered in libsndfile. Please
review the CVE identifiers referenced below for details.

Impact
======

A remote attacker could entice a user to open a specially crafted file,
possibly resulting in the execution of arbitrary code with the
privileges of the process, or cause a Denial of Service condition.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All libsndfile users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=media-libs/libsndfile-1.0.26"

References
==========

[ 1 ] CVE-2014-9496
      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9496
[ 2 ] CVE-2015-7805
      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7805

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/201612-03

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

    
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站