HTTP: Libmspack Project cabd_sys_read_block Off By One
This signature detects attempts to exploit a known vulnerability against Libmspack Project. This vulnerability is due to improper handling of block alignment when processing blocks using Quantum compression in the cabd_sys_read_block function. A remote attacker could exploit this vulnerability by enticing a target user to open an malicious crafted CAB file with an application that uses vulnerable library. Successful exploitation of the vulnerability may result in arbitrary code execution under the security context of the user.
Extended Description
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.
Affected Products
Starwindsoftware starwind_virtual_san
References
CVE: CVE-2018-18584
Short Name
HTTP:LIBMSPACK-OFF-BY-ONE
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
By CVE-2018-18584 Libmspack Off One Project cabd_sys_read_block
Release Date
01/22/2019
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Cabextract_project
Suse
Libmspack_project
Redhat
Starwindsoftware
Debian
Canonical
CVSS Score
4.3