Lucene search
AmazonALAS-2014-323HistoryApr 10, 2014 - 11:55 p.m.
Medium: file
2014-04-1023:55:00
alas.aws.amazon.com
28
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
0.004
Percentile
74.8%
Issue Overview:
The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters.
Affected Packages:
file
Issue Correction:
Run yum update file to update your system.
New Packages:
i686:
file-static-5.11-13.16.amzn1.i686
file-libs-5.11-13.16.amzn1.i686
file-debuginfo-5.11-13.16.amzn1.i686
file-5.11-13.16.amzn1.i686
file-devel-5.11-13.16.amzn1.i686
noarch:
python-magic-5.11-13.16.amzn1.noarch
src:
file-5.11-13.16.amzn1.src
x86_64:
file-libs-5.11-13.16.amzn1.x86_64
file-static-5.11-13.16.amzn1.x86_64
file-5.11-13.16.amzn1.x86_64
file-debuginfo-5.11-13.16.amzn1.x86_64
file-devel-5.11-13.16.amzn1.x86_64
Additional References
Red Hat: CVE-2013-7345
Mitre: CVE-2013-7345
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | i686 | file-static | < 5.11-13.16.amzn1 | file-static-5.11-13.16.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | file-libs | < 5.11-13.16.amzn1 | file-libs-5.11-13.16.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | file-debuginfo | < 5.11-13.16.amzn1 | file-debuginfo-5.11-13.16.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | file | < 5.11-13.16.amzn1 | file-5.11-13.16.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | file-devel | < 5.11-13.16.amzn1 | file-devel-5.11-13.16.amzn1.i686.rpm |
| Amazon Linux | 1 | noarch | python-magic | < 5.11-13.16.amzn1 | python-magic-5.11-13.16.amzn1.noarch.rpm |
| Amazon Linux | 1 | x86_64 | file-libs | < 5.11-13.16.amzn1 | file-libs-5.11-13.16.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | file-static | < 5.11-13.16.amzn1 | file-static-5.11-13.16.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | file | < 5.11-13.16.amzn1 | file-5.11-13.16.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | file-debuginfo | < 5.11-13.16.amzn1 | file-debuginfo-5.11-13.16.amzn1.x86_64.rpm |
Related
prion
prion
Design/Logic Flaw
2014-03-24 16:31:00
Design/Logic Flaw
2014-07-03 14:55:00
nessus
nessus
Fedora 20 : php-5.5.11-1.fc20 (2014-4767)
2014-04-16 00:00:00
Mandriva Linux Security Advisory : file (MDVSA-2014:073)
2014-04-10 00:00:00
PHP 5.5.x < 5.5.11 awk Magic Parsing BEGIN DoS
2014-04-08 00:00:00
nvd
nvd
CVE-2013-7345
2014-03-24 16:31:08
CVE-2014-3538
2014-07-03 14:55:07
f5
f5
K15303 : PHP vulnerability CVE-2013-7345
2014-06-05 00:00:00
SOL15303 - PHP vulnerability CVE-2013-7345
2014-06-05 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201408-08
2015-09-29 00:00:00
Amazon Linux: Security Advisory (ALAS-2014-343)
2015-09-08 00:00:00
Amazon Linux: Security Advisory (ALAS-2014-342)
2015-09-08 00:00:00
amazon
amazon
gentoo
gentoo
file: Denial of service
2014-08-26 00:00:00
PHP: Multiple vulnerabilities
2014-08-29 00:00:00
slackware
slackware
[slackware-security] php
2014-04-21 21:13:00
cvelist
cvelist
CVE-2013-7345
2014-03-23 15:00:00
CVE-2014-3538
2014-07-03 14:00:00
mageia
mageia
Updated php packages fix security vulnerability
2014-04-18 00:20:35
Updated file packages fix security vulnerabilities
2014-03-31 23:34:34
Updated file packages fix security vulnerability
2014-08-06 00:08:48
cve
cve
CVE-2013-7345
2014-03-24 16:31:08
CVE-2014-3538
2014-07-03 14:55:07
debiancve
debiancve
CVE-2013-7345
2014-03-24 16:31:08
CVE-2014-3538
2014-07-03 14:55:07
securityvulns
securityvulns
[slackware-security] php (SSA:2014-111-02)
2014-05-04 00:00:00
file utility / libmagic / PHP DoS
2014-05-04 00:00:00
APPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update 2014-004
2014-09-21 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:11:28
Denial Of Service (DoS)
2019-05-02 05:04:16
Denial Of Service (DoS)
2019-05-02 05:04:17
ubuntucve
ubuntucve
CVE-2013-7345
2014-03-24 00:00:00
CVE-2014-3538
2014-07-03 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: php-5.5.11-1.fc20
2014-04-15 15:57:56
[SECURITY] Fedora 20 Update: file-5.14-20.fc20
2014-03-27 04:52:02
[SECURITY] Fedora 20 Update: file-5.19-7.fc20
2014-10-29 11:03:54
freebsd
freebsd
FreeBSD -- Multiple vulnerabilities in file(1) and libmagic(3)
2014-06-24 00:00:00
osv
osv
php5 - security update
2014-11-04 00:00:00
php5 - security update
2014-09-30 00:00:00
php5 - security update
2014-08-21 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-14:16.file
2014-06-24 00:00:00
debian
debian
[SECURITY] [DSA 3008-1] php5 security update
2014-08-21 06:22:21
[SECURITY] [DSA 3008-2] php5 regression update
2014-08-21 12:39:59
[SECURITY] [DSA 3008-1] php5 security update
2014-08-21 06:22:21
ubuntu
ubuntu
file vulnerabilities
2014-07-15 00:00:00
redhat
redhat
(RHSA-2014:1013) Moderate: php security update
2014-08-06 00:00:00
(RHSA-2014:1765) Important: php54-php security update
2014-10-30 00:00:00
oraclelinux
oraclelinux
php security update
2014-08-06 00:00:00
php security update
2014-09-30 00:00:00
php security and bug fix update
2015-06-23 00:00:00
centos
centos
php security update
2014-08-06 14:38:20
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
0.004
Percentile
74.8%
Related for ALAS-2014-323