CVE-2018-11740 (https://nvd.nist.gov/vuln/detail/CVE-2018-11740): An issue was discovered in libtskbase.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function tsk_UTF16toUTF8 in tsk/base/tsk_unicode.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack. CVE-2018-11739 (https://nvd.nist.gov/vuln/detail/CVE-2018-11739): An issue was discovered in libtskimg.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function raw_read in tsk/img/raw.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack. CVE-2018-11738 (https://nvd.nist.gov/vuln/detail/CVE-2018-11738): An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_make_data_run in tsk/fs/ntfs.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack. CVE-2018-11737 (https://nvd.nist.gov/vuln/detail/CVE-2018-11737): An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_fix_idxrec in tsk/fs/ntfs_dent.cpp which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
Bugs Fixed in 4.7 Release: http://www.sleuthkit.org/autopsy/history.php >Memory leaks and other issues revealed by fuzzing the The Sleuth Kit have been fixed. >Result views (upper right) and content views (lower right) stay in synch when switching result views. >Concurrency bugs in the ingest tasks scheduler have been fixed. >Assorted small bug fixes are included.
(In reply to D'juan McDonald (domhnall) from comment #1) > Bugs Fixed in 4.7 Release: http://www.sleuthkit.org/autopsy/history.php > > That link is for Autopsy, not TSK. I don't see a version 4.7.0 for TSK. Moreover, I see no activity on the GitHub issue links. Can you double check please?
(In reply to Göktürk Yüksek from comment #2) >Can you double check please? Just did and you're right. Was in a hurry and overlooked the TSK version. No changes upstream since then. Thanks
Update: sleuthkit-4.6.3 now available. No fixes mentioned in changelogs wrt listed CVE. Upstream tickets 1264,1265,1266,1267 are still open with no activity since initial report. Changelog/NEWS.txt: Sleuthkit-4.6.3 " https://github.com/sleuthkit/sleuthkit/blob/sleuthkit-4.6.3/NEWS.txt --------------- VERSION 4.6.3 -------------- C/C++ Code: - Hashdb bug fixes for corrupt indexes and 0 hashes - New code for testing power of number in ExtX code Java Code: - New class that allows generic database access - New methods that check for duplicate artifacts - Added caches for frequently used content Database Schema: - Added Examiner table - Tags are now associated with Examiners - Changed parent_path for logical files to be consistent with FS files. " Upstream: CVE-2018-11740(https://github.com/sleuthkit/sleuthkit/issues/1264): > in the function tsk_UTF16toUTF8 in tsk/base/tsk_unicode.c CVE-2018-11739(https://github.com/sleuthkit/sleuthkit/issues/1267): >in the function raw_read in tsk/img/raw.c CVE-2018-11738(https://github.com/sleuthkit/sleuthkit/issues/1265): >in the function ntfs_make_data_run in tsk/fs/ntfs.c CVE-2018-11737(https://github.com/sleuthkit/sleuthkit/issues/1266): >in the function ntfs_fix_idxrec in tsk/fs/ntfs_dent.cpp Gentoo Security Padawan (domhnall/mbailey_j)
I just bumped sleuthkit to 4.6.4 (https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e848842de5bfddc72ef014c13d97b62801b5b6fd). However, there's already a vulnerability bug open for this release (https://github.com/sleuthkit/sleuthkit/pull/1374). Allegedly it's CVE-2018-19497 but MITRE disagrees. We should keep an eye on it.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=117cb1fe33767577c267e12a721e7d47781edd85 commit 117cb1fe33767577c267e12a721e7d47781edd85 Author: Göktürk Yüksek <gokturk@gentoo.org> AuthorDate: 2018-11-29 18:07:42 +0000 Commit: Göktürk Yüksek <gokturk@gentoo.org> CommitDate: 2018-11-29 18:07:42 +0000 app-forensics/sleuthkit: backport fix for CVE-2018-19497 to 4.6.4 Bug: https://bugs.gentoo.org/661160 Bug: https://github.com/sleuthkit/sleuthkit/pull/1374 Signed-off-by: Göktürk Yüksek <gokturk@gentoo.org> Package-Manager: Portage-2.3.51, Repoman-2.3.11 .../sleuthkit-4.6.4-CVE-2018-19497-backport.patch | 83 ++++++++++++++++++++++ ...hkit-4.6.4.ebuild => sleuthkit-4.6.4-r1.ebuild} | 1 + 2 files changed, 84 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3e26009a67724d3af2dbdaae47d1dcf2288c5539 commit 3e26009a67724d3af2dbdaae47d1dcf2288c5539 Author: Göktürk Yüksek <gokturk@gentoo.org> AuthorDate: 2019-01-24 19:44:24 +0000 Commit: Göktürk Yüksek <gokturk@gentoo.org> CommitDate: 2019-01-24 20:17:39 +0000 app-forensics/sleuthkit: bump to 4.6.5 Also addresses CVE-2018-19497. Bug: https://bugs.gentoo.org/661160 Package-Manager: Portage-2.3.52, Repoman-2.3.12 Signed-off-by: Göktürk Yüksek <gokturk@gentoo.org> app-forensics/sleuthkit/Manifest | 1 + app-forensics/sleuthkit/sleuthkit-4.6.5.ebuild | 255 +++++++++++++++++++++++++ 2 files changed, 256 insertions(+)
@maintainer(s), ok to cleanup please?
(In reply to Sam James (sec padawan) from comment #8) > @maintainer(s), ok to cleanup please? Uh. Stable.
@maintainer(s), please cleanup
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=35a65cf8e9d105ff217d35c4ea0ba6f52b6ba74c commit 35a65cf8e9d105ff217d35c4ea0ba6f52b6ba74c Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2020-06-18 02:45:51 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2020-06-18 02:45:51 +0000 app-forensics/sleuthkit: drop vulnerable Bug: https://bugs.gentoo.org/661160 Signed-off-by: Aaron Bauman <bman@gentoo.org> app-forensics/sleuthkit/Manifest | 1 - app-forensics/sleuthkit/sleuthkit-4.5.0.ebuild | 169 ------------------------- 2 files changed, 170 deletions(-)
