lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20141222140949.GC32428@core.inversepath.com>
Date: Mon, 22 Dec 2014 15:09:49 +0100
From: Andrea Barisani <lcars@...rt.org>
To: oss-security@...ts.openwall.com, ocert-announce@...ts.ocert.org,
  bugtraq@...urityfocus.com
Subject: [oCERT-2014-011] UnZip input sanitization errors


#2014-011 UnZip input sanitization errors

Description:

The UnZip tool is an open source extraction utility for archives compressed in
the zip format.

The unzip command line tool is affected by heap-based buffer overflows within
the CRC32 verification, the test_compr_eb() and the getZip64Data() functions.
The input errors may result in in arbitrary code execution.

A specially crafted zip file, passed to unzip -t, can be used to trigger the
vulnerability.

Affected version:

UnZip <= 6.0

Fixed version:

UnZip, N/A

Credit: vulnerability report received from the Google Security Team.

CVE: CVE-2014-8139 (CRC32 heap overflow), CVE-2014-8140 (test_compr_eb),
     CVE-2014-8141 (getZip64Data)

Timeline:

2014-12-03: vulnerability report received
2014-12-03: contacted maintainer
2014-12-03: first patch provided by maintainer
2014-12-04: report provides additional reproducers
2014-12-03: second patch provided by maintainer
2014-12-04: reporter confirms patch
2014-12-10: contacted affected vendors
2014-12-12: assigned CVEs
2014-12-22: advisory release

References:
http://www.info-zip.org/UnZip.html

Permalink:
http://www.ocert.org/advisories/ocert-2014-011.html

-- 
Andrea Barisani |                Founder & Project Coordinator
          oCERT | OSS Computer Security Incident Response Team

<lcars@...rt.org>                         http://www.ocert.org
 0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E
        "Pluralitas non est ponenda sine necessitate"

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ