Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-7345

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2013-7345
Last Modified 18 Nov 2014 09:59:11
Published 24 Mar 2014 12:31:08
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2013-7345

Summary

The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters.

Vulnerable Systems

Application

  • Christos Zoulas File 5.00

  • Christos Zoulas File 5.01

  • Christos Zoulas File 5.02

  • Christos Zoulas File 5.03

  • Christos Zoulas File 5.04

  • Christos Zoulas File 5.05

  • Christos Zoulas File 5.06

  • Christos Zoulas File 5.07

  • Christos Zoulas File 5.08

  • Christos Zoulas File 5.09

  • Christos Zoulas File 5.10

  • Christos Zoulas File 5.11

  • Christos Zoulas File 5.12

  • Christos Zoulas File 5.13

  • Christos Zoulas File 5.14


References

CONFIRM - https://github.com/file/file/commit/ef2329cf71acb59204dd981e2c6cce6c81fe467c

CONFIRM - http://bugs.gw.com/view.php?id=164

CONFIRM - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703993

DEBIAN - DSA-2873

CONFIRM - http://support.apple.com/kb/HT6443

REDHAT - RHSA-2014:1765

Related Patches

Apple 2014-09-17 Mac OS X 10.9.5 Update

Apple 2014-09-17 Mac OS X 10.9.5 Combo Update


Last Updated: 27 May 2016 11:07:01