ID CVE-2014-9862
Summary Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted patch file.
References
Vulnerable Configurations
  • Apple Mac OS X 10.11.5
    cpe:2.3:o:apple:mac_os_x:10.11.5
CVSS
Base: 7.2 (as of 26-07-2016 - 10:24)
Impact:
Exploitability:
CWE CWE-190
CAPEC
  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-697.NASL
    description It was discovered that there was an 'arbitrary write' vulnerability in bsdiff, a tool to patches between binary files. For Debian 7 'Wheezy', this issue has been fixed in bsdiff version 4.3-14+deb7u1. We recommend that you upgrade your bsdiff packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-09
    plugin id 94518
    published 2016-11-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94518
    title Debian DLA-697-1 : bsdiff security update
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_7D4F4955600A11E6A6C314DAE9D210B8.NASL
    description The implementation of bspatch does not check for a negative value on numbers of bytes read from the diff and extra streams, allowing an attacker who can control the patch file to write at arbitrary locations in the heap. This issue was first discovered by The Chromium Project and reported independently by Lu Tung-Pin to the FreeBSD project. Impact : An attacker who can control the patch file can cause a crash or run arbitrary code under the credentials of the user who runs bspatch, in many cases, root.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 92928
    published 2016-08-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92928
    title FreeBSD : FreeBSD -- Heap vulnerability in bspatch (7d4f4955-600a-11e6-a6c3-14dae9d210b8)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-946.NASL
    description This update for bsdiff fixes the following issues : - CVE-2014-9862: Improper checking of input allows arbitrary write on heap (boo#990660)
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 92776
    published 2016-08-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92776
    title openSUSE Security Update : bsdiff (openSUSE-2016-946)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_11_6.NASL
    description The remote host is running a version of Mac OS X that is 10.11.x prior to 10.11.6. It is, therefore, affected by multiple vulnerabilities in the following components : - apache_mod_php - Audio - bsdiff - CFNetwork - CoreGraphics - FaceTime - Graphics Drivers - ImageIO - Intel Graphics Driver - IOHIDFamily - IOKit - IOSurface - Kernel - libc++abi - libexpat - LibreSSL - libxml2 - libxslt - Login Window - OpenSSL - QuickTime - Safari Login AutoFill - Sandbox Profiles Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 92496
    published 2016-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92496
    title Mac OS X 10.11.x < 10.11.6 Multiple Vulnerabilities
refmap via4
apple APPLE-SA-2016-07-18-1
bid 91824
confirm
freebsd FreeBSD-SA-16:25
sectrack 1036438
suse openSUSE-SU-2016:1977
Last major update 28-11-2016 - 14:15
Published 21-07-2016 - 22:59
Last modified 31-08-2017 - 21:29
Back to Top