N/A - GLSA-201611-20

Executive Summary

Summary
Title	TestDisk: User-assisted execution of arbitrary code

Informations
Name	GLSA-201611-20	First vendor Publication	2016-11-22
Vendor	Gentoo	Last vendor Modification	2016-11-22
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score	N/A	Attack Range	N/A
Cvss Impact Score	N/A	Attack Complexity	N/A
Cvss Expoit Score	N/A	Authentication	N/A
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

A buffer overflow in TestDisk might allow remote attackers to execute arbitrary code.

Background

TestDisk is powerful free data recovery software! It was primarily designed to help recover lost partitions and/or make non-booting disks bootable again when these symptoms are caused by faulty software:
certain types of viruses or human error (such as accidentally deleting a Partition Table). Partition table recovery using TestDisk is really easy.

Description

A buffer overflow can be triggered within TestDisk when a malicious disk image is attempting to be recovered.

Impact

A remote attacker could coerce the victim to run TestDisk against their malicious image. This may be leveraged by an attacker to crash TestDisk and gain control of program execution.

Workaround

There is no known workaround at this time.

Resolution

All TestDisk users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-admin/testdisk-7.0"

References

[ 1 ] TestDisk check_OS2MB Stack Buffer overflow http://www.security-assessment.com/files/documents/advisory/Testdisk%20Check_OS2MB%20Stack%20Buffer%20Overflow%20-%20Release.pdf

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201611-20