CVE-2014-8116

MEDIUM

Description

The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities.

References

http://advisories.mageia.org/MGASA-2015-0040.html

http://rhn.redhat.com/errata/RHSA-2016-0760.html

http://seclists.org/oss-sec/2014/q4/1056

http://secunia.com/advisories/61944

http://secunia.com/advisories/62081

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

http://www.securityfocus.com/bid/71700

http://www.securitytracker.com/id/1031344

http://www.ubuntu.com/usn/USN-2494-1

https://github.com/file/file/blob/00cef282a902a4a6709bbbbb933ee397768caa38/ChangeLog

https://github.com/file/file/commit/b4c01141e5367f247b84dcaf6aefbb4e741842b8

https://github.com/file/file/commit/d7cdad007c507e6c79f51f058dd77fab70ceb9f6

https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc

Details

Source: MITRE

Published: 2014-12-17

Updated: 2018-01-05

Type: CWE-399

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

ID	Name	Product	Family	Severity
106092	SUSE SLES12 Security Update : CaaS Platform 2.0 images (SUSE-SU-2018:0053-1)	Nessus	SuSE Local Security Checks	high
104777	SUSE SLED12 / SLES12 Security Update : file (SUSE-SU-2017:3048-1)	Nessus	SuSE Local Security Checks	high
104764	openSUSE Security Update : file (openSUSE-2017-1298)	Nessus	SuSE Local Security Checks	high
97420	F5 Networks BIG-IP : Linux file utility vulnerabilities (K16347)	Nessus	F5 Networks Local Security Checks	medium
91537	Scientific Linux Security Update : file on SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
91167	CentOS 6 : file (CESA-2016:0760)	Nessus	CentOS Local Security Checks	high
91155	OracleVM 3.3 / 3.4 : file (OVMSA-2016-0050)	Nessus	OracleVM Local Security Checks	high
91149	Oracle Linux 6 : file (ELSA-2016-0760)	Nessus	Oracle Linux Local Security Checks	high
91074	RHEL 6 : file (RHSA-2016:0760)	Nessus	Red Hat Local Security Checks	high
87555	Scientific Linux Security Update : file on SL7.x x86_64	Nessus	Scientific Linux Local Security Checks	high
87137	CentOS 7 : file (CESA-2015:2155)	Nessus	CentOS Local Security Checks	high
87027	Oracle Linux 7 : file (ELSA-2015-2155)	Nessus	Oracle Linux Local Security Checks	high
86973	RHEL 7 : file (RHSA-2015:2155)	Nessus	Red Hat Local Security Checks	high
83657	SUSE SLED12 / SLES12 Security Update : file (SUSE-SU-2014:1730-1)	Nessus	SuSE Local Security Checks	medium
82333	Mandriva Linux Security Advisory : php (MDVSA-2015:080)	Nessus	Mandriva Local Security Checks	high
82114	Debian DLA-131-1 : file security update	Nessus	Debian Local Security Checks	medium
82046	Amazon Linux AMI : file (ALAS-2015-497)	Nessus	Amazon Linux Local Security Checks	high
81394	Fedora 21 : file-5.22-2.fc21 (2015-2020)	Nessus	Fedora Local Security Checks	high
81178	Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : file vulnerabilities (USN-2494-1)	Nessus	Ubuntu Local Security Checks	medium
80429	Mandriva Linux Security Advisory : file (MDVSA-2015:010)	Nessus	Mandriva Local Security Checks	medium
80420	Debian DSA-3121-1 : file - security update	Nessus	Debian Local Security Checks	medium
80351	FreeBSD : file -- multiple vulnerabilities (9575259a-92d5-11e4-bce6-d050992ecde8)	Nessus	FreeBSD Local Security Checks	medium
80277	openSUSE Security Update : file (openSUSE-SU-2014:1720-1)	Nessus	SuSE Local Security Checks	medium