SB2021071906 - Gentoo update for Apache Commons FileUpload

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) UNIX symbolic link following (CVE-ID: CVE-2013-0248)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a symlink following issue. The application uses the /tmp directory for uploaded files. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.

Successful exploitation of this vulnerability may result in privilege escalation.

2) Infinite loop (CVE-ID: CVE-2014-0050)

The vulnerability allows a remote attacker to cause DoS conditions on the target system.

The weakness exists due to boundary error when handling Content-Type HTTP header for multipart requests. By sending a specially crafted Content-Type header, containing 4092 characters in "boundary" field, a remote attacker can cause the application to enter into an infinite loop.

Successful exploitation of the vulnerability results in denial of service on the vulnerable system.

Note: the vulnerability was being actively exploited.

3) Resource exhaustion (CVE-ID: CVE-2016-3092)

The vulnerability allows a remote attacker to cause denial of service conditions on the target system.

The vulnerability exists due to input validation error when processing very long boundary strings within the MultipartStream class in Apache Commons Fileupload. A remote user can cause denial of service conditions by sending specially crafted boundary string and consume excessive CPU resources.

Successful exploitation of this vulnerability may result in denial of service attack.

Remediation

Install update from vendor's website.

References

• https://security.gentoo.org/
• https://security.gentoo.org/glsa/202107-39