exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

CVE-2014-3710

Status Candidate

Overview

The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.

Related Files

Gentoo Linux Security Advisory 201701-42
Posted Jan 17, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201701-42 - Multiple vulnerabilities have been found in file, the worst of which could allow remote attackers to execute arbitrary code. Versions less than 5.23 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2014-3710, CVE-2014-9652, CVE-2014-9653, CVE-2015-8865
SHA-256 | 78167656850b75cb7bbbedfb7cfa5ce584845f87a00c57310c1ffbb0846e730c
Red Hat Security Advisory 2016-0760-01
Posted May 11, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0760-01 - The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format binary files, system libraries, RPM packages, and different graphics formats. Security Fix: Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2014-3538, CVE-2014-3587, CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9620, CVE-2014-9653
SHA-256 | 74c1ca1ed93125f94be406547b097bf1860154407ec1d26cb056d56739aed076
Red Hat Security Advisory 2015-2155-07
Posted Nov 20, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2155-07 - The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format binary files, system libraries, RPM packages, and different graphics formats. Multiple denial of service flaws were found in the way file parsed certain Composite Document Format files. A remote attacker could use either of these flaws to crash file, or an application using file, via a specially crafted CDF file.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3538, CVE-2014-3587, CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9652, CVE-2014-9653
SHA-256 | 04a6ee9092dd32d61ea6bb3d141cce1697e5330904bf01426b4f34fcc545167f
Mandriva Linux Security Advisory 2015-080
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-080 - Multiple vulnerabilities have been discovered and corrected in php.

tags | advisory, php, vulnerability
systems | linux, mandriva
advisories | CVE-2013-7345, CVE-2014-0185, CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-1943, CVE-2014-2270, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3515, CVE-2014-3538, CVE-2014-3587, CVE-2014-3597, CVE-2014-3669, CVE-2014-3670, CVE-2014-3710, CVE-2014-4049, CVE-2014-4670, CVE-2014-4698, CVE-2014-4721, CVE-2014-8116, CVE-2014-8117, CVE-2014-8142, CVE-2014-9425, CVE-2014-9427, CVE-2014-9620
SHA-256 | c10e025ba97f4a2c50f16a7bf42fdd55255bca05fae063bbdc4d60c7452dc956
Gentoo Linux Security Advisory 201503-03
Posted Mar 9, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201503-3 - Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to remote execution of arbitrary code. Versions less than 5.5.21 are affected.

tags | advisory, remote, arbitrary, php, vulnerability
systems | linux, gentoo
advisories | CVE-2014-3710, CVE-2014-8142, CVE-2014-9425, CVE-2014-9427, CVE-2015-0231, CVE-2015-0232
SHA-256 | f4b1f5999f8e64b5ebece53ea940ad066475808daa6304fe2c13343ae3f4b837
Ubuntu Security Notice USN-2494-1
Posted Feb 4, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2494-1 - Francisco Alonso discovered that file incorrectly handled certain ELF files. An attacker could use this issue to cause file to crash, resulting in a denial of service. Thomas Jarosch discovered that file incorrectly handled certain ELF files. An attacker could use this issue to cause file to hang or crash, resulting in a denial of service. Thomas Jarosch discovered that file incorrectly limited recursion. An attacker could use this issue to cause file to hang or crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2014-3710, CVE-2014-8116, CVE-2014-8117
SHA-256 | a0172d45fde45339ba18deb09206dc0648821b862540859d68b1e3108eff0aae
Slackware Security Advisory - php Updates
Posted Dec 23, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.

tags | advisory, php
systems | linux, slackware
advisories | CVE-2014-3710, CVE-2014-8142
SHA-256 | 8141ed8c330d69aebd2daa31024bd6d064827a7233ef1c642925789f1820044b
FreeBSD Security Advisory - file / libmagic Denial Of Service
Posted Dec 10, 2014
Site security.freebsd.org

FreeBSD Security Advisory - There are a number of denial of service issues in the ELF parser used by file(1). An attacker who can cause file(1) or any other applications using the libmagic(3) library to be run on a maliciously constructed input can cause the application to crash or consume excessive CPU resources, resulting in a denial-of-service.

tags | advisory, denial of service
systems | freebsd
advisories | CVE-2014-3710, CVE-2014-8116, CVE-2014-8117
SHA-256 | b3c86563443440c0a63c72d371e0e3740488a52fe75cb515eb7c477b4f129c5f
Mandriva Linux Security Advisory 2014-236
Posted Nov 28, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-236 - An out-of-bounds read flaw was found in file's donote() function in the way the file utility determined the note headers of a elf file. This could possibly lead to file executable crash.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-3710
SHA-256 | 3608d773793a8a2661f099e810c1c55e6f15845bbccf334b6e42c4f47a616266
Debian Security Advisory 3074-1
Posted Nov 19, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3074-1 - Francisco Alonso of Red Hat Product Security found an issue in the file utility, whose code is embedded in PHP, a general-purpose scripting language. When checking ELF files, note headers are incorrectly checked, thus potentially allowing attackers to cause a denial of service (out-of-bounds read and application crash) by supplying a specially crafted ELF file.

tags | advisory, denial of service, php
systems | linux, redhat, debian
advisories | CVE-2014-3710
SHA-256 | c3c7f83fc8677e848b0cf6cde29652f956a6c07f2e420aedcf4eb8bc70533181
Debian Security Advisory 3072-1
Posted Nov 12, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3072-1 - Francisco Alonso of Red Hat Product Security found an issue in the file thus potentially allowing attackers to cause a denial of service (out-of-bounds read and application crash) by supplying a specially crafted ELF file.

tags | advisory, denial of service
systems | linux, redhat, debian
advisories | CVE-2014-3710
SHA-256 | c2c275801fcf8dc1f648f13c1c5c3a76942f60ea2fc6e8e71fd5b6f1ecf79ecd
Red Hat Security Advisory 2014-1767-01
Posted Oct 30, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1767-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash.

tags | advisory, web, overflow, arbitrary, php
systems | linux, redhat
advisories | CVE-2014-3668, CVE-2014-3669, CVE-2014-3670, CVE-2014-3710
SHA-256 | 78b1201f69c5e999cdf1289682b98e77d68dc3cbb298213c7a3dd20d1b464f94
Red Hat Security Advisory 2014-1768-01
Posted Oct 30, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1768-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash.

tags | advisory, web, overflow, arbitrary, php
systems | linux, redhat
advisories | CVE-2014-3668, CVE-2014-3669, CVE-2014-3670, CVE-2014-3710
SHA-256 | 71a5ac727d78f68fe7e70cd4f0164845733dc36f0d7b98bf3edfbee37f295efb
Red Hat Security Advisory 2014-1766-01
Posted Oct 30, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1766-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code. Multiple buffer overflow flaws were found in the way PHP parsed DNS responses. A malicious DNS server or a man-in-the-middle attacker could use these flaws to crash or, possibly, execute arbitrary code with the privileges of a PHP application that uses the dns_get_record() function.

tags | advisory, web, overflow, arbitrary, php
systems | linux, redhat
advisories | CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-2497, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3515, CVE-2014-3538, CVE-2014-3587, CVE-2014-3597, CVE-2014-3668, CVE-2014-3669, CVE-2014-3670, CVE-2014-3710, CVE-2014-4049, CVE-2014-4670, CVE-2014-4698, CVE-2014-4721, CVE-2014-5120
SHA-256 | c3530e2eb3a2547c8de58c72a285a5c384c312184ea908e8519aa2069c9d6a3a
Red Hat Security Advisory 2014-1765-01
Posted Oct 30, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1765-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code. Multiple buffer overflow flaws were found in the way PHP parsed DNS responses. A malicious DNS server or a man-in-the-middle attacker could use these flaws to crash or, possibly, execute arbitrary code with the privileges of a PHP application that uses the dns_get_record() function.

tags | advisory, web, overflow, arbitrary, php
systems | linux, redhat
advisories | CVE-2013-6712, CVE-2013-7345, CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-1943, CVE-2014-2270, CVE-2014-2497, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3515, CVE-2014-3538, CVE-2014-3587, CVE-2014-3597, CVE-2014-3668, CVE-2014-3669, CVE-2014-3670, CVE-2014-3710, CVE-2014-4049, CVE-2014-4670, CVE-2014-4698, CVE-2014-4721, CVE-2014-5120
SHA-256 | 362757b3bfd3a6b631b51131cc90b35f3677fc1a047df1d9dd2a1a227704367b
Ubuntu Security Notice USN-2391-1
Posted Oct 30, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2391-1 - Symeon Paraschoudis discovered that PHP incorrectly handled the mkgmtime function. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. Symeon Paraschoudis discovered that PHP incorrectly handled unserializing objects. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. Otto Ebeling discovered that PHP incorrectly handled the exif_thumbnail function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2014-3668, CVE-2014-3669, CVE-2014-3670, CVE-2014-3710
SHA-256 | d573f5bd6e6dca5b43238cf2e360788cb9a1ff269aef4f15414eceaf135e4d06
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close