LibYAML 'scanner.c' Remote Heap Based Buffer Overflow Vulnerability

LibYAML is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly sanitize user-supplied input.

Successful exploits allow remote attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts likely result in denial-of-service conditions.

Information

Bugtraq ID: 65258
Class: Input Validation Error
CVE: CVE-2013-6393

Remote: Yes
Local: No
Published: Jan 29 2014 12:00AM
Updated: Apr 21 2017 07:06AM
Credit: Florian Weimer, Red Hat Security Response Team.
Vulnerable: Ubuntu Ubuntu Linux 13.10
Ubuntu Ubuntu Linux 12.10 i386
Ubuntu Ubuntu Linux 12.10 amd64
Ubuntu Ubuntu Linux 12.10
Ubuntu Ubuntu Linux 12.04 LTS i386
Ubuntu Ubuntu Linux 12.04 LTS amd64
Ubuntu Ubuntu Linux 12.04 LTS
Redhat Software Collections 1 for RHEL 6 0
Redhat OpenStack 4.0
Redhat OpenStack 3.0
Redhat Common for RHEL Server 6
Puppetlabs Puppet Enterprise 3.1.2
Puppetlabs Puppet Enterprise 3.1
Puppetlabs Puppet Enterprise 3.0.1
Puppetlabs Puppet Enterprise 3.0
Puppetlabs Puppet Enterprise 2.8.3
Puppetlabs Puppet Enterprise 2.8.2
Puppetlabs Puppet Enterprise 2.7.2
Puppetlabs Puppet Enterprise 2.7.1
Puppetlabs Puppet Enterprise 2.7
Puppetlabs Puppet Enterprise 2.5.2
Puppetlabs Puppet Enterprise 2.5.1
Puppetlabs Puppet Enterprise 2.0.3
Puppetlabs Puppet Enterprise 2.0.2
Puppetlabs Puppet Enterprise 1.2.7
Puppetlabs Puppet Enterprise 3.1.1
Puppetlabs Puppet Enterprise 3.0
Puppetlabs Puppet Enterprise 2.8.4
Puppetlabs Puppet Enterprise 2.8.0
Puppetlabs Puppet Enterprise 2.6
Puppetlabs Puppet Enterprise 1.2
Puppetlabs Puppet Enterprise 1.1
Puppetlabs Puppet Enterprise 1.0
Puppetlabs Puppet Enterprise 2.0
Mandriva Business Server 1 X86 64
Mandriva Business Server 1
MandrakeSoft Enterprise Server 5 x86_64
MandrakeSoft Enterprise Server 5
Kirill Simonov LibYAML 0
Gentoo Linux
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
CentOS CentOS 0
Apple Mac OS X Server 3.0
Apple Mac OS X Server 2.0
Apple Mac OS X 10.9.2

Not Vulnerable: S.u.S.E. openSUSE 11.4
Puppetlabs Puppet Enterprise 3.1.3
openSUSE openSUSE 13.1
openSUSE openSUSE 12.3
Apple Mac OS X Server 4.0

Exploit

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References:

• About the security content of OS X Server v4.0 (Apple)
  
• APPLE-SA-2014-04-22-1 Security Update 2014-002 (Apple Product Security)
  
• CVE-2013-6393 (Threat of denial of service and potential for arbitrary code exec (Puppet Labs)
  
• LibYAML Homepage (LibYAML)
  
• libyaml security update (Red Hat)
  
• libyaml: heap-based buffer overflow when parsing YAML tags (Red Hat Bugzilla)
  
• openSUSE-SU-2014:0272-1: moderate: update for libyaml (openSUSE)
  
• openSUSE-SU-2014:0273-1: moderate: update for libyaml (openSUSE)
  
• RHSA-2014:0354:libyaml security update (Red Hat)
  
• ruby193-libyaml security update (Red Hat)
  
• Ubuntu Security Notice USN-2098-1 (Ubuntu)
  

Source: www.securityfocus.com