Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 30 Oct 2015 09:38:47 -0300
From: Gustavo Grieco <>
Subject: Re: Pointer misuse unziping files with busybox

2015-10-29 3:04 GMT-03:00 <>:

> Hash: SHA256
> >
> > Unziping a specially crafted zip file results in a computation of an
> invalid
> > pointer and a crash reading an invalid address.
> Could you please comment directly about the likelihood of
> exploitability for code execution?

To be honest, i don't know. The patched code looks quite complex and i
cannot discard any potential arbitrary write there.

> See the
> post. We
> currently feel that a CVE assignment for a non-exploitable unzip crash
> on BusyBox may be unlikely, because BusyBox wouldn't realistically be
> used for deployment of a program that remains running to offer an
> unzipping service to multiple clients.

I felt this issue was interesting to post here give the large amount of
embedded devices using busybox so i decided to post it here looking for
some feedback. Maybe some of them are using it to unzip files provided from
In any case, i can update later this thread if i got more precise
information about the exploitability of this issue.

> - --
> CVE assignment team, MITRE CVE Numbering Authority
> M/S M300
> 202 Burlington Road, Bedford, MA 01730 USA
> [ PGP key available through ]
> Version: GnuPG v1
> C0qdsZ7U75V9+ECFvd3VvsogMs/WFt+UaP+wGCkB2VM9WHXlH5k0tMlqQZxIb/fY
> Nixc54gGFxz3DI6Gm22mQNS2nz1nnjLHvdAfPsKorzb30h/UEOT2msdsBpo/ya8W
> Z9ELQ8nPmxgjeXw2jQ1lzi8Ng36GhZMUShqKq6RIJRcFDTrtLyeIipux7pKXABEg
> GKezwuTlQq0ek/ausiaD2I97GsrjobWm590cdVhrUcuhcSajgCgtyYLWVfCqUAhM
> dvHORPcD0StGedSWqRqVQULMlDdEWyay+icTibAFnuxw/IJan1o3KRNXwG3dPIjW
> AZs5iJdRZpCq3zaEu6gFRjz1TthBkkFWlOmjxMInHJgqZKVLZ/gsE6S2/V/EqFpX
> gEpmm68yjGAYWzAUwArVM9am1sz1Pso8XOrLbExC9kkc2UxDNpK4ANMxcFehGeKc
> /mjodcq7lYoZdtKRasPCGhSJyg4Pd1+fJvSpvcJCQR+TZtucnUeF68VdN+Co8po6
> YM9bV9MtzORnAJF3vZWfkjvWanLhL3UdSuh7iY6sg6m+Ui0FscCFCcHccgwSM62k
> 59/04Qw1Z9xav6hq3Dd9KR6EoCpJwiZkfBqLG9+Qejcj8q+fp1Vgqea3iJJNpPqA
> Hwp1wqHbGbeg1vJhOBFk

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ