Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 11 Oct 2015 14:06:25 -0400 (EDT)
From: cve-assign@...re.org
To: gustavo.grieco@...il.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: Heap overflow and DoS in unzip 6.0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Two issues were found in unzip 6.0:

Please see our comments about multi-session use cases in the
http://www.openwall.com/lists/oss-security/2014/11/04/7 post.
Demonstrating that a crash occurs, or that the flow of execution never
halts, after entering command-line arguments is not necessarily
sufficient for obtaining a CVE ID.

We found this:

  http://info-zip.org/FAQ.html#threads
  Can I use the Windows DLLs in a multithreaded application?

  The UnZip DLL is believed to be thread-safe.

which suggests that programs exist that are unzipping files for
multiple clients within the same run of the program. (Thread safety is
not a critical factor; what is important is that an attacker can cause
a denial of service to another person who presented their own ZIP
archive independently.)

> * A heap overflow triggered by unzipping a file with password (e.g unzip -p
> -P x sigsegv.zip)

> AddressSanitizer: heap-buffer-overflow on address 0xb5202104 at pc 0x80500c0 bp 0xbfffedb8 sp 0xbfffedac
> READ of size 1

Use CVE-2015-7696 for this buffer over-read issue.


> * A denegation of service with a file that never finishes unzipping (e.g.
> unzip sigxcpu.zip).

Use CVE-2015-7697.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWGqPmAAoJEL54rhJi8gl5F8cQAK4S8UrCsSEmBZ4US/VOIjey
2bsqclpJQE6jR1OKWm6cmxoUcqTsW7ihsFhTrjGtNklrTtW6S67NJydu4ZeHfr9H
ddMbI8/SfQbYNFXY8ARZ5TOiTW137nM90CBtqOcSMhVuwFB+5OSq8+p8XrqmXXKV
tgNiuXs4Btw70N8frhfgR2GguLgQbLiOJrNlp6sfgak/biesE/VPeZlRE1rCq0mo
i2HsQBG6s0nt6VChXh5DeM+THbwHVw/cJpNYvzwH4DQezzli33AjPdX4fZw8Q12g
weLfWaXZmMRT4orWyKzOc1FqoSJmaZczuaE3siBmqRTt41Ky8/T39KoQAeTgkV/s
Lim1YOtZoji7AQ0FodLJUFSPF3OeoEbhgEPp6SdYf1BO28golZ4oxlaTR1QjsfkH
ZpC1foqzYw6q/6aFv8x5O4XkUrkrNR1gLKzWm+LU7/kdSXVUXo+5i1oVKS4fy/g6
xfKXw+mwaDBjHhxVFSiJ1bW3LGU3+2XXrsWc1MfOc3D84QBYtXYq7+fdXvD2Ryp0
c5YTXrBo4GNswske/jS7jJQvOvWQYsDfnUsBP+tA3La8fJ7lF0XHZRxmPjQT0ZF/
vAl0sz99QRN3F5NSIH+ZfdJSBqoNf8ncOGLWOfeYhjyXMM5ACu4rB24u59sgOLPq
YrCeryQMr84yk0h09TzT
=fh+S
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ