Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4025

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-4025
Last Modified 11 Feb 2014 11:38:43
Published 19 Jul 2012 03:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-4025

Summary

Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted block_log field in the superblock of a .sqsh file, leading to a heap-based buffer overflow.

Vulnerable Systems

Application

  • Phillip Lougher Squashfs 1.3

  • Phillip Lougher Squashfs 2.2

  • Phillip Lougher Squashfs 3.0

  • Phillip Lougher Squashfs 3.4

  • Phillip Lougher Squashfs 4.0

  • Phillip Lougher Squashfs 4.1

  • Phillip Lougher Squashfs 4.2


References

OSVDB - 83899

MISC - http://sourceforge.net/mailarchive/forum.php?thread_name=CAAoG81HL9oP8roPLLhftTSXTzSD%2BZcR66PRkVU%3Df76W3Mjde_w%40mail.gmail.com&forum_name=squashfs-devel

MLIST - [oss-security] 20120719 CVE-2012-4024 and CVE-2012-4025: Squashfs overflows

CONFIRM - https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0001

MANDRIVA - MDVSA-2013:128


Last Updated: 27 May 2016 10:54:55