[BLFS Trac] #2506: Unzip 5.52 vulnerability.

BLFS Trac trac at linuxfromscratch.org
Sun Apr 6 21:11:23 PDT 2008


#2506: Unzip 5.52 vulnerability.
-------------------------------------+--------------------------------------
 Reporter:  ag at linuxfromscratch.org  |       Owner:  blfs-book at linuxfromscratch.org
     Type:  task                     |      Status:  new                           
 Priority:  normal                   |   Milestone:  6.3                           
Component:  BOOK                     |     Version:  SVN                           
 Severity:  normal                   |    Keywords:                                
-------------------------------------+--------------------------------------
 Tavis Ormandy of the Google Security Team (aka taviso from gentoo)
 discovered that the NEEDBITS
 macro in the inflate_dynamic() function in the file inflate.c can be
 invoked using invalid buffers, which can lead to a double free.

 Impact
 ======

 Remote attackers could entice a user or automated system to open a
 specially crafted ZIP file that might lead to the execution of
 arbitrary code or a Denial of Service.

 See:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0888

 http://www.debian.org/security/2008/dsa-1522

 http://bugs.gentoo.org/show_bug.cgi?id=213761

 As a side note, I can't really verify the following statement in the book,
 as the link [1] to this patch is no longer available.

 "Note that if you applied the patch described above for locale issues, the
 required security patch will have some offsets."

 Please also note that the patch from gentoo and debian differs, as the
 gentoo one, crops the last two statements as unnecessary (see gentoo bug
 #213761 link above).

 1. https://bugzilla.altlinux.ru/attachment.cgi?id=532

-- 
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/2506>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch



More information about the blfs-book mailing list