LibYAML 'yaml_parser_scan_uri_escapes()' Function Remote Heap Based Buffer Overflow Vulnerability

LibYAML is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly sanitize user-supplied input.

Successful exploits allow remote attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts likely result in denial-of-service conditions.

Versions prior to LibYAML 0.1.6 are vulnerable.

Information

Bugtraq ID: 66478
Class: Input Validation Error
CVE: CVE-2014-2525

Remote: Yes
Local: No
Published: Mar 26 2014 12:00AM
Updated: Apr 21 2017 07:06AM
Credit: Ivan Fratric of the Google Security Team
Vulnerable: Ubuntu Ubuntu Linux 13.10
Ubuntu Ubuntu Linux 12.10 i386
Ubuntu Ubuntu Linux 12.10 amd64
Ubuntu Ubuntu Linux 12.04 LTS i386
Ubuntu Ubuntu Linux 12.04 LTS amd64
Slackware Slackware Linux 14.1
Slackware Slackware Linux 14.0
Slackware Slackware Linux 13.37
Slackware Slackware Linux 13.1
Redhat Software Collections 1 for RHEL 6 0
Redhat OpenStack 4.0
Redhat OpenStack 3.0
Redhat Common for RHEL Server 6
Pyyaml Libyaml 0.1.5
Pyyaml Libyaml 0.1.4
Pyyaml Libyaml 0.1.3
Pyyaml Libyaml 0.1.2
Pyyaml Libyaml 0.1.1
Pyyaml Libyaml 0.0.1
Puppetlabs Puppet Enterprise 3.2
Puppetlabs Puppet Enterprise 3.1.3
Puppetlabs Puppet Enterprise 3.1.2
Puppetlabs Puppet Enterprise 3.1
Puppetlabs Puppet Enterprise 3.0.1
Puppetlabs Puppet Enterprise 3.0
Puppetlabs Puppet Enterprise 2.8.3
Puppetlabs Puppet Enterprise 2.8.2
Puppetlabs Puppet Enterprise 2.7.2
Puppetlabs Puppet Enterprise 2.7.1
Puppetlabs Puppet Enterprise 2.7
Puppetlabs Puppet Enterprise 2.6.1
Puppetlabs Puppet Enterprise 2.5.2
Puppetlabs Puppet Enterprise 2.5.1
Puppetlabs Puppet Enterprise 2.0.3
Puppetlabs Puppet Enterprise 2.0.2
Puppetlabs Puppet Enterprise 2.0.1
Puppetlabs Puppet Enterprise 3.1.1
Puppetlabs Puppet Enterprise 3.0
Puppetlabs Puppet Enterprise 2.8.4
Puppetlabs Puppet Enterprise 2.8.0
Puppetlabs Puppet Enterprise 2.6
Puppetlabs Puppet Enterprise 2.0
OPSCODE Chef 11.1.2
OPSCODE Chef 11.0.11
OPSCODE Chef 1.4.8
Mandriva Business Server 1 X86 64
Mandriva Business Server 1
MandrakeSoft Enterprise Server 5 x86_64
MandrakeSoft Enterprise Server 5
Gentoo Linux
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
CentOS CentOS 0
Apple Mac OS X 10.9.1
Apple Mac OS X 10.9.4
Apple Mac OS X 10.9.3
Apple Mac OS X 10.9.2
Apple Mac OS X 10.9
Aaron Patterson Psych 2.0.4

Not Vulnerable: Pyyaml Libyaml 0.1.6
Puppetlabs Puppet Enterprise 3.2.2
Puppetlabs Puppet Enterprise 2.8.6
OPSCODE Chef 11.1.3
OPSCODE Chef 11.0.12
OPSCODE Chef 1.4.9
Apple Mac OS X 10.9.5
Aaron Patterson Psych 2.0.5

Exploit

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References:

• #2014-003 LibYAML input sanitization errors (oCERT)
  
• Chef Server 11.0.12 Release (Chef Software)
  
• Chef Server Heartbleed (CVE-2014-0160) Releases (Chef Software)
  
• Enterprise Chef 1.4.9 Release (Chef Software)
  
• Enterprise Chef 11.1.3 Release (Chef Software)
  
• Fixed heap overflow in yaml_parser_scan_uri_escapes (Kirill Simonov)
  
• Heap Overflow in YAML URI Escape Parsing (CVE-2014-2525) (hone and zzak)
  
• LibYAML Homepage (LibYAML)
  
• libyaml security update (Red Hat)
  
• LibYAML vulnerability could allow arbitrary code execution in a URI in a YAML fi (Puppet Labs)
  
• RHSA-2014:0354:libyaml security update (Red Hat)
  
• ruby193-libyaml security update (Red Hat)
  

Source: www.securityfocus.com