Lucene search

K
amazonAmazonALAS-2014-453
HistoryNov 22, 2014 - 2:34 p.m.

Medium: file

2014-11-2214:34:00
alas.aws.amazon.com
21

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.9

Confidence

High

EPSS

0.063

Percentile

93.6%

Issue Overview:

An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file.

Affected Packages:

file

Issue Correction:
Run yum update file to update your system.

New Packages:

i686:  
    file-debuginfo-5.19-7.24.amzn1.i686  
    file-5.19-7.24.amzn1.i686  
    file-static-5.19-7.24.amzn1.i686  
    file-libs-5.19-7.24.amzn1.i686  
    file-devel-5.19-7.24.amzn1.i686  
  
noarch:  
    python-magic-5.19-7.24.amzn1.noarch  
  
src:  
    file-5.19-7.24.amzn1.src  
  
x86_64:  
    file-debuginfo-5.19-7.24.amzn1.x86_64  
    file-devel-5.19-7.24.amzn1.x86_64  
    file-static-5.19-7.24.amzn1.x86_64  
    file-libs-5.19-7.24.amzn1.x86_64  
    file-5.19-7.24.amzn1.x86_64  

Additional References

Red Hat: CVE-2014-3710

Mitre: CVE-2014-3710

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.9

Confidence

High

EPSS

0.063

Percentile

93.6%