Bug 864589 - (CVE-2014-1943) VUL-0: CVE-2014-1943: file: infinite recursion
(CVE-2014-1943)
VUL-0: CVE-2014-1943: file: infinite recursion
Status: RESOLVED FIXED
: 864343 (view as bug list)
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Dr. Werner Fink
Security Team bot
https://smash.suse.de/issue/96335/
maint:running:56299:moderate
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-02-19 10:58 UTC by Victor Pereira
Modified: 2016-04-27 20:01 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2014-02-19 10:58:53 UTC
CVE-2014-1943

A flaw was found in the way the file utility determined the type of a file. A malicious input file could cause the file utility to use 100% CPU, or trigger infinite recursion, causing the file utility to crash or, potentially, execute arbitrary code.



References:
https://bugzilla.redhat.com/show_bug.cgi?id=1065836
https://github.com/glensc/file/commit/3c081560c23f20b2985c285338b52c7aae9fdb0f
https://github.com/glensc/file/commit/cc9e74dfeca5265ad725acc926ef0b8d2a18ee70
Comment 3 Dr. Werner Fink 2014-02-19 11:15:26 UTC
What was the reason to ignore my own report?

*** This bug has been marked as a duplicate of bug 864343 ***
Comment 13 Swamp Workflow Management 2014-02-19 23:00:30 UTC
bugbot adjusting priority
Comment 16 Dr. Werner Fink 2014-03-04 13:23:18 UTC
SR #224613 for openSUSE 13.1

- Add the upstream patches 
  0001-count-indirect-recursion-as-recursion.patch
  0001-prevent-infinite-recursion.patch
  to solve bnc#864589 - CVE-2014-1943: file: infinite recursion
Comment 17 Dr. Werner Fink 2014-03-04 13:45:00 UTC
Hmm ... the file package of openSUSE 12.3 as well as for SLES11 seems not to be afftected as there is no recursion.  That is that

 https://github.com/glensc/file/commit/cc9e74dfeca5265ad725acc926ef0b8d2a18ee70

can not be applied.  Only the simple overflow check of

 https://github.com/glensc/file/commit/3c081560c23f20b2985c285338b52c7aae9fdb0f

can be ported back.
Comment 18 Dr. Werner Fink 2014-03-04 13:58:37 UTC
SR #224615 for openSUSE 12.3

- Port the upstream patch
  0001-count-indirect-recursion-as-recursion.patch
  back to avoid overflow, related to bnc#864589 as file-5.11 does
  not do a recursive match detection
Comment 19 Bernhard Wiedemann 2014-03-04 14:00:25 UTC
This is an autogenerated message for OBS integration:
This bug (864589) was mentioned in
https://build.opensuse.org/request/show/224613 13.1 / file
https://build.opensuse.org/request/show/224615 12.3 / file
Comment 20 Dr. Werner Fink 2014-03-04 14:02:21 UTC
The file-4.21 found in SLES10-SP4 is not affected as file_softmagic() is not called in mget() in file-4.21/src/softmagic.c, that is there is no FILE_INDIRECT
case.
Comment 21 Dr. Werner Fink 2014-03-04 14:05:38 UTC
The file-4.24 found in SLES11-SP3 is not affected as file_softmagic() is not
called in mget() in file-4.24/src/softmagic.c, that is there is no FILE_INDIRECT case.
Comment 24 Dr. Werner Fink 2014-03-04 15:42:19 UTC
For openSUSE 12.3 and 13.1 I've submitted
Comment 25 Bernhard Wiedemann 2014-03-04 16:00:21 UTC
This is an autogenerated message for OBS integration:
This bug (864589) was mentioned in
https://build.opensuse.org/request/show/224629 13.1 / file
https://build.opensuse.org/request/show/224630 12.3 / file
Comment 26 Bernhard Wiedemann 2014-03-04 17:00:20 UTC
This is an autogenerated message for OBS integration:
This bug (864589) was mentioned in
https://build.opensuse.org/request/show/224639 13.1 / file
https://build.opensuse.org/request/show/224644 12.3 / file
Comment 27 Swamp Workflow Management 2014-03-13 16:04:34 UTC
openSUSE-SU-2014:0364-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 864589,866750
CVE References: CVE-2014-1943,CVE-2014-2270
Sources used:
openSUSE 13.1 (src):    file-5.15-4.10.1, python-magic-5.15-4.10.1
openSUSE 12.3 (src):    file-5.11-12.6.1, python-magic-5.11-12.6.1
Comment 28 Swamp Workflow Management 2014-03-13 18:04:24 UTC
openSUSE-SU-2014:0367-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 864589,866750
CVE References: CVE-2014-1943,CVE-2014-2270
Sources used:
openSUSE 11.4 (src):    file-5.04-16.1, python-magic-5.04-16.1