FreeBSD : zziplib - multiple vulnerabilities (7764b219-8148-11e8-aa4d-000e0cd7b374)

Medium Nessus Plugin ID 110969

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

NIST reports (by search in the range 2017/01/01 - 2018/07/06) :

17 security fixes in this release :

- Heap-based buffer overflow in the __zzip_get32 function in fetch.c.

- Heap-based buffer overflow in the __zzip_get64 function in fetch.c.

- Heap-based buffer overflow in the zzip_mem_entry_extra_block function in memdisk.c.

- The zzip_mem_entry_new function in memdisk.c allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ZIP file.

- The prescan_entry function in fseeko.c allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via crafted ZIP file.

- The zzip_mem_entry_new function in memdisk.c cause a NULL pointer dereference and crash via a crafted ZIP file.

- seeko.c cause a denial of service (assertion failure and crash) via a crafted ZIP file.

- A segmentation fault caused by invalid memory access in the zzip_disk_fread function because the size variable is not validated against the amount of file->stored data.

- A memory alignment error and bus error in the
__zzip_fetch_disk_trailer function of zzip/zip.c.

- A bus error caused by loading of a misaligned address in the zzip_disk_findfirst function.

- An uncontrolled memory allocation and a crash in the
__zzip_parse_root_directory function.

- An invalid memory address dereference was discovered in zzip_disk_fread in mmapped.c.

- A memory leak triggered in the function zzip_mem_disk_new in memdisk.c.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?c432817f

http://www.nessus.org/u?45260fa7

Plugin Details

Severity: Medium

ID: 110969

File Name: freebsd_pkg_7764b219814811e8aa4d000e0cd7b374.nasl

Version: 1.1

Type: local

Published: 2018/07/10

Modified: 2018/07/10

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSSv3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:zziplib, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2018/07/06

Vulnerability Publication Date: 2017/03/01

Reference Information

CVE: CVE-2017-5974, CVE-2017-5975, CVE-2017-5976, CVE-2017-5977, CVE-2017-5978, CVE-2017-5979, CVE-2017-5980, CVE-2017-5981, CVE-2018-6381, CVE-2018-6484, CVE-2018-6540, CVE-2018-6541, CVE-2018-6542, CVE-2018-6869, CVE-2018-7725, CVE-2018-7726, CVE-2018-7727