| Summary: | hivex new security issue CVE-2021-3504 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | andrewsfarm, herman.viaene, ouaurelien, sysadmin-bugs |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7TOO MGA7-64-OK MGA8-64-OK | ||
| Source RPM: | hivex-1.3.19-11.mga8.src.rpm | CVE: | CVE-2021-3504 |
| Status comment: | |||
|
Description
David Walser
2021-05-15 00:17:16 CEST
I see the CVE in the Cauldron changelog. Thierry, please file a bug when you know about a CVE. Whiteboard:
(none) =>
MGA7TOO Debian has issued an advisory for this on May 10: https://www.debian.org/security/2021/dsa-4913 Fedora has issued an advisory for this on May 19: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/A5BNKNVYFL36P2GBEB5O36LHFRYU575H/ openSUSE has issued an advisory for this on May 29: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CSGIA2DN2ELWOW2J5TFWNTMLKQDBQAH5/ RedHat has issued an advisory for this on June 8: https://access.redhat.com/errata/RHSA-2021:2318 Advisory: ======================== Updated hivex packages fix security vulnerability: A flaw was found in the hivex library. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memory beyond its normal bounds or cause the program to crash. The highest threat from this vulnerability is to system availability (CVE-2021-3504). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3504 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/A5BNKNVYFL36P2GBEB5O36LHFRYU575H/ ======================== Updated packages in core/updates_testing: ======================== hivex-1.3.20-1.mga7 libhivex0-1.3.20-1.mga7 libhivex-devel-1.3.20-1.mga7 ocaml-hivex-1.3.20-1.mga7 ocaml-hivex-devel-1.3.20-1.mga7 perl-hivex-1.3.20-1.mga7 python2-hivex-1.3.20-1.mga7 python3-hivex-1.3.20-1.mga7 ruby-hivex-1.3.20-1.mga7 hivex-1.3.20-1.mga8 ruby-hivex-1.3.20-1.mga8 perl-hivex-1.3.20-1.mga8 ocaml-hivex-devel-1.3.20-1.mga8 libhivex0-1.3.20-1.mga8 libhivex-devel-1.3.20-1.mga8 ocaml-hivex-1.3.20-1.mga8 python3-hivex-1.3.20-1.mga8 from SRPMS: hivex-1.3.20-1.mga7.src.rpm hivex-1.3.20-1.mga8.src.rpm Assignee:
thierry.vignaud =>
qa-bugs MGA7-64 on Lenovo B50
No installation issues
From the info on MCC:
hivex - Read and write Windows Registry binary hive files
Hive files are the undocumented binary blobs that Windows uses to store the Windows Registry on disk. Hivex is a library that can read and write to these files.
As this laptop has a working Win10 installation, copied SOFTWARE from /media/win_c/Windows/System32/config/
at CLI:
$ hivexsh SOFTWARE
Welcome to hivexsh, the hivex interactive shell for examining
Windows Registry binary hive files.
Type: 'help' for help summary
'quit' to quit the shell
SOFTWARE\> help
Navigate through the hive's keys using the 'cd' command, as if it
contained a filesystem, and use 'ls' to list the subkeys of the
current key. Full documentation is in the hivexsh(1) manual page.
SOFTWARE\> ls
AMD
ATI
and more .....
SOFTWARE\> cd Kasperskylab
SOFTWARE\KasperskyLab> ls
ExternalPlugins
SOFTWARE\KasperskyLab> cd ExternalPlugins
SOFTWARE\KasperskyLab\ExternalPlugins> ls
kiskavpure
So it seems to work OK.Whiteboard:
MGA7TOO =>
MGA7TOO MGA7-64-OK I wanted to test this one for Mageia 8, but all my Windows installs are in VirtualBox, and I can't seem to figure out how to make a copy of the registry for the test. The newest is the no-longer-supported Windows 7, anyway. Herman, even if your Lenovo doesn't have a Mageia 8 install, would it be possible for you to put your copy of the Windows registry on, say, a flash drive, and test it on a machine with a Mageia 8 install? Then we can send this puppy on its way. CC:
(none) =>
andrewsfarm The user registry hive file is called USER.DAT and is in Profiles/<username>/ MGA8-64 Plasma on Lenovo B50 No installation issues Copied same file from same Win10 as is Comment 7 At CLI: $ hivexsh SOFTWARE Welkom bij hivexsh, de hivex interactieve shell voor het bekijken van Windows Registry binaire hive bestanden. Type: 'help' voor een hulp samenvatting 'quit' om de shell te verlaten SOFTWARE\> ls AMD ATI ATI Technologies and more .... SOFTWARE\> cd Intel SOFTWARE\Intel> ls Bluetooth Display GFX ICC IGFX InfInst IRST KMD MediaSDK OpenCL PSIS WiFiDrivers Wireless WirelessAssistant WirelessCommon WirelessDriver SOFTWARE\Intel> cd Display SOFTWARE\Intel\Display> ls igfxcui SOFTWARE\Intel\Display> So as goo to go. Whiteboard:
MGA7TOO MGA7-64-OK =>
MGA7TOO MGA7-64-OK MGA8-64-OK Thank you, Herman. Sending this on. Advisory in Comment 6. CC:
(none) =>
sysadmin-bugs
Aurelien Oudelet
2021-07-08 22:33:33 CEST
CVE:
(none) =>
CVE-2021-3504 An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0320.html Status:
NEW =>
RESOLVED |