F5 Networks BIG-IP : Linux file utility vulnerabilities (K16347)
Medium Nessus Plugin ID 97420
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionCVE-2014-8116 The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities.
CVE-2014-8117 softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K16347.