CVE-2016-4804 - OpenCVE

The read_boot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:L/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Canonical	Ubuntu Linux
Dosfstools Project	Dosfstools
Opensuse	Leap Opensuse

Configuration 1 [-]

cpe:2.3:a:dosfstools_project:dosfstools:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:opensuse:leap:42.1:::::::*
	cpe:2.3:o:opensuse:opensuse:13.2:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

References

Link	Resource
http://lists.opensuse.org/opensuse-updates/2016-06/msg00001.html
http://lists.opensuse.org/opensuse-updates/2016-09/msg00014.html
http://www.securityfocus.com/bid/90311
http://www.ubuntu.com/usn/USN-2986-1
https://blog.fuzzing-project.org/44-dosfstools-fsck.vfat-Several-invalid-memory-accesses.html	Patch
https://github.com/dosfstools/dosfstools/commit/e8eff147e9da1185f9afd5b25948153a3b97cf52
https://github.com/dosfstools/dosfstools/issues/25	Patch Vendor Advisory
https://github.com/dosfstools/dosfstools/issues/26	Patch Vendor Advisory
https://lists.debian.org/debian-lts-announce/2020/05/msg00028.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2016-06-03T14:00:00

Updated: 2020-05-30T17:06:04

Reserved: 2016-05-14T00:00:00

Link: CVE-2016-4804

JSON object: View

NVD Information

Status : Modified

Published: 2016-06-03T14:59:06.263

Modified: 2020-05-30T18:15:10.733

Link: CVE-2016-4804

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-05-08T00:00:00", "descriptions": [{"lang": "en", "value": "The read_boot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-05-30T17:06:04", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "openSUSE-SU-2016:1461", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00001.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/dosfstools/dosfstools/issues/25"}, {"tags": ["x_refsource_MISC"], "url": "https://blog.fuzzing-project.org/44-dosfstools-fsck.vfat-Several-invalid-memory-accesses.html"}, {"name": "USN-2986-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2986-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/dosfstools/dosfstools/issues/26"}, {"name": "openSUSE-SU-2016:2233", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00014.html"}, {"name": "90311", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/90311"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/dosfstools/dosfstools/commit/e8eff147e9da1185f9afd5b25948153a3b97cf52"}, {"name": "[debian-lts-announce] 20200530 [SECURITY] [DLA 2224-1] dosfstools security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00028.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-4804", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The read_boot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "openSUSE-SU-2016:1461", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00001.html"}, {"name": "https://github.com/dosfstools/dosfstools/issues/25", "refsource": "CONFIRM", "url": "https://github.com/dosfstools/dosfstools/issues/25"}, {"name": "https://blog.fuzzing-project.org/44-dosfstools-fsck.vfat-Several-invalid-memory-accesses.html", "refsource": "MISC", "url": "https://blog.fuzzing-project.org/44-dosfstools-fsck.vfat-Several-invalid-memory-accesses.html"}, {"name": "USN-2986-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2986-1"}, {"name": "https://github.com/dosfstools/dosfstools/issues/26", "refsource": "CONFIRM", "url": "https://github.com/dosfstools/dosfstools/issues/26"}, {"name": "openSUSE-SU-2016:2233", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00014.html"}, {"name": "90311", "refsource": "BID", "url": "http://www.securityfocus.com/bid/90311"}, {"name": "https://github.com/dosfstools/dosfstools/commit/e8eff147e9da1185f9afd5b25948153a3b97cf52", "refsource": "CONFIRM", "url": "https://github.com/dosfstools/dosfstools/commit/e8eff147e9da1185f9afd5b25948153a3b97cf52"}, {"name": "[debian-lts-announce] 20200530 [SECURITY] [DLA 2224-1] dosfstools security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00028.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-4804", "datePublished": "2016-06-03T14:00:00", "dateReserved": "2016-05-14T00:00:00", "dateUpdated": "2020-05-30T17:06:04", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dosfstools_project:dosfstools:*:*:*:*:*:*:*:*", "matchCriteriaId": "6A02C944-1F02-4007-B4C2-E4751D47AE17", "versionEndIncluding": "3.0.28", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The read_boot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function."}, {"lang": "es", "value": "La funci\u00f3n read_boot en boot.c en dosfstools en versiones anteriores a 4.0 permite a atacantes provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un archivo de sistema manipulado, lo que desencadena un desbordamiento de buffer basado en memoria din\u00e1mica en la funci\u00f3n (1) read_fat o una lectura de memoria fuera de los l\u00edmites en la funci\u00f3n (2) get_fat."}], "id": "CVE-2016-4804", "lastModified": "2020-05-30T18:15:10.733", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-06-03T14:59:06.263", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00001.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00014.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/90311"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-2986-1"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://blog.fuzzing-project.org/44-dosfstools-fsck.vfat-Several-invalid-memory-accesses.html"}, {"source": "cve@mitre.org", "url": "https://github.com/dosfstools/dosfstools/commit/e8eff147e9da1185f9afd5b25948153a3b97cf52"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/dosfstools/dosfstools/issues/25"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/dosfstools/dosfstools/issues/26"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00028.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}