Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4024

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-4024
Last Modified 11 Feb 2014 11:38:43
Published 19 Jul 2012 03:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-4024

Summary

Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file (aka a crafted file for the -ef option). NOTE: probably in most cases, the list file is a trusted file constructed by the program's user; however, there are some realistic situations in which a list file would be obtained from an untrusted remote source.

Vulnerable Systems

Application

  • Phillip Lougher Squashfs 1.3

  • Phillip Lougher Squashfs 2.2

  • Phillip Lougher Squashfs 3.0

  • Phillip Lougher Squashfs 3.4

  • Phillip Lougher Squashfs 4.0

  • Phillip Lougher Squashfs 4.1

  • Phillip Lougher Squashfs 4.2


References

OSVDB - 83898

MISC - http://sourceforge.net/mailarchive/forum.php?thread_name=CAAoG81HL9oP8roPLLhftTSXTzSD%2BZcR66PRkVU%3Df76W3Mjde_w%40mail.gmail.com&forum_name=squashfs-devel

MLIST - [oss-security] 20120719 CVE-2012-4024 and CVE-2012-4025: Squashfs overflows

CONFIRM - https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0001

MANDRIVA - MDVSA-2013:128


Last Updated: 27 May 2016 10:54:55