Vulnerability CVE-2014-4909 - CERT Civis.Net

Vulnerability Name:

CVE-2014-4909 (CCN-94453)

Assigned:

2014-07-11

Published:

2014-07-11

Updated:

2014-11-14

Summary:

Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2014-4909

Source: MISC
Type: Exploit
http://inertiawar.com/submission.go

Source: FEDORA
Type: UNKNOWN
FEDORA-2014-8331

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2014:0980

Source: CCN
Type: oss-security Mailing List, Fri, 11 Jul 2014 03:33:57 -0400 (EDT)
Re: CVE request: transmission peer communication vulnerability

Source: SECUNIA
Type: UNKNOWN
59897

Source: SECUNIA
Type: UNKNOWN
60108

Source: SECUNIA
Type: UNKNOWN
60527

Source: DEBIAN
Type: UNKNOWN
DSA-2988

Source: MLIST
Type: UNKNOWN
[oss-security] 20140710 CVE request: transmission peer communication vulnerability

Source: MLIST
Type: UNKNOWN
[oss-security] 20140711 Re: CVE request: transmission peer communication vulnerability

Source: OSVDB
Type: UNKNOWN
108997

Source: CCN
Type: OSVDB ID: 108997
Transmission tr_bitfieldEnsureNthBitAlloced Crafted Response Handling Buffer Overflow

Source: BID
Type: UNKNOWN
68487

Source: CCN
Type: BID-68487
Transmission Out of Bounds Memory Corruption Vulnerability

Source: CCN
Type: Transmission Web Site
Transmission

Source: UBUNTU
Type: UNKNOWN
USN-2279-1

Source: CONFIRM
Type: UNKNOWN
https://bugs.gentoo.org/show_bug.cgi?id=516822

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=1118290

Source: XF
Type: UNKNOWN
transmission-cve20144909-bo(94453)

Source: CONFIRM
Type: Vendor Advisory
https://trac.transmissionbt.com/wiki/Changes#version-2.84

Source: MISC
Type: UNKNOWN
https://twitter.com/benhawkes/statuses/484378151959539712

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2014-4909

Vulnerable Configuration:

Configuration 1:

cpe:/o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*

OR cpe:/o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

OR cpe:/o:fedoraproject:fedora:20:*:*:*:*:*:*:*

OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

Configuration 2:

cpe:/a:transmissionbt:transmission:0.1:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:0.2:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:0.3:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:0.4:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:0.5:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:0.6:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:0.6.1:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:0.70:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:0.71:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:0.72:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:0.80:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:0.81:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:0.82:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:0.90:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:0.91:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:0.92:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:0.93:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:0.94:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:0.95:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:0.96:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:1.00:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:1.01:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:1.02:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:1.2:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:1.03:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:1.04:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:1.05:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:1.06:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:1.10:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:1.11:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:1.20:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:1.21:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:1.22:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:1.30:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:1.31:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:1.32:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:1.33:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:1.34:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:1.40:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:1.41:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:1.42:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:1.50:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:1.51:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:1.52:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:1.53:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:1.54:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:1.60:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:1.61:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:1.70:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:1.71:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:1.72:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:1.73:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:1.74:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:1.75:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:1.76:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:1.77:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:1.80:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:1.81:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:1.82:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:1.83:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:1.90:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:1.91:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:1.92:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:1.93:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:2.00:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:2.01:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:2.02:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:2.03:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:2.04:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:2.10:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:2.11:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:2.12:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:2.13:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:2.20:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:2.21:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:2.22:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:2.30:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:2.31:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:2.32:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:2.33:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:2.40:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:2.41:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:2.42:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:2.50:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:2.51:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:2.52:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:2.60:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:2.61:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:2.70:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:2.71:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:2.72:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:2.73:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:2.74:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:2.75:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:2.76:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:2.77:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:2.80:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:2.81:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:2.82:*:*:*:*:*:*:*

OR cpe:/a:transmissionbt:transmission:*:*:*:*:*:*:*:* (Version <= 2.83)

Configuration CCN 1:

cpe:/a:transmissionbt:transmission:2.83:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20144909	V	CVE-2014-4909	2022-06-30
oval:org.opensuse.security:def:113544	P	transmission-2.92-3.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:106937	P	transmission-2.92-3.1 on GA media (Moderate)	2021-10-01
oval:org.mitre.oval:def:25654	P	DSA-2988-1 -- transmission - security update	2014-10-06
oval:org.mitre.oval:def:24973	P	USN-2279-1 -- transmission vulnerability	2014-09-01
oval:com.ubuntu.precise:def:20144909000	V	CVE-2014-4909 on Ubuntu 12.04 LTS (precise) - medium.	2014-07-29
oval:com.ubuntu.trusty:def:20144909000	V	CVE-2014-4909 on Ubuntu 14.04 LTS (trusty) - medium.	2014-07-29