Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 02 Aug 2010 17:09:04 +0200
From: Jan Lieskovsky <jlieskov@...hat.com>
To: "Steven M. Christey" <coley@...us.mitre.org>
CC: oss-security <oss-security@...ts.openwall.com>
Subject: CVE Request [two ids] -- cabextract -- 1, Infinite loop in MS-ZIP
 and Quantum decoders (minor) 2, Integer wrap-around (crash) by processing
 certain *.cab files in test archive mode

Hi Steve, vendors,

   two security issues have been reported against cabextract:

1, Infinite loop in MS-ZIP and Quantum decoders (minor issue):

A deficiency has been reported in the way cabextract extracted
certain Cabinet (*.cab) files, using the MZ-ZIP and Quantum decompressors.
If a local user was tricked into opening a specially-crafted *.cab
file, it could lead to infinite loop.

References:
   [1] http://bugs.gentoo.org/show_bug.cgi?id=329891

Upstream patches:
   [2] http://libmspack.svn.sourceforge.net/viewvc/libmspack?view=revision&revision=90
   [3] http://libmspack.svn.sourceforge.net/viewvc/libmspack?view=revision&revision=95
   [4] http://libmspack.svn.sourceforge.net/viewvc/libmspack/libmspack/trunk/mspack/

2, Integer wrap-around (crash) by processing certain *.cab files in test archive mode

An integer wrap-around flaw has been reported in the way cabextract processed
certain Cabinet (*.cab) archive files. If a local user was tricked into opening
a specially-crafted *.cab archive in test archive mode, it could lead to cabextract
executable crash.

References:
   [1] http://bugs.gentoo.org/show_bug.cgi?id=329891

Upstream patches:
   [2] http://libmspack.svn.sourceforge.net/viewvc/libmspack/libmspack/trunk/mspack/qtmd.c?r1=114&r2=113
   [3] http://libmspack.svn.sourceforge.net/viewvc/libmspack?view=revision&revision=118

Could you allocate CVE ids for these?

Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.