SB2017082817 - Stack-based buffer over-read in a2ps (Alpine package)
Published: August 28, 2017
Security Bulletin ID
SB2017082817
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Stack-based buffer over-read (CVE-ID: CVE-2017-11423)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the cabd_read_string function due to stack-based buffer over-read. A remote attacker can send a specially crafted CAB file, trick the victim into opening it, trigger memory corruption and cause the service to crash.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=da0d0b246154b83e9095a0067cedf086e9ac8c84
- https://git.alpinelinux.org/aports/commit/?id=df91fb7832ff98522e5cdd6bf086cd854b7a7046
- https://git.alpinelinux.org/aports/commit/?id=214cb233279c7ef0221557f24d0d0af79a46d3b7
- https://git.alpinelinux.org/aports/commit/?id=3e3519a996d44c6d478d4e1d47cc6360a93da3c3
- https://git.alpinelinux.org/aports/commit/?id=39811d78329ec562d9254e27716bacc363c40d72
- https://git.alpinelinux.org/aports/commit/?id=730cdcef6901750f4029d4c3b8639ce02ee3ead1
- https://git.alpinelinux.org/aports/commit/?id=827fd04bfad64492bbb0e500fd279c4581a71339
- https://git.alpinelinux.org/aports/commit/?id=8bb5cf040a288b92806d60059faa2280eacc51f0
- https://git.alpinelinux.org/aports/commit/?id=a7829dcaaa29a8fac465195f1f1b0d6250ec9560
- https://git.alpinelinux.org/aports/commit/?id=301eedb0a0341293381c93c75ffe85619910bf9a