Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 30 Oct 2015 09:38:47 -0300
From: Gustavo Grieco <gustavo.grieco@...il.com>
To: cve-assign@...re.org
Cc: oss-security@...ts.openwall.com
Subject: Re: Pointer misuse unziping files with busybox

2015-10-29 3:04 GMT-03:00 <cve-assign@...re.org>:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> >
> http://git.busybox.net/busybox/commit/?id=1de25a6e87e0e627aa34298105a3d17c60a1f44e
>
> > Unziping a specially crafted zip file results in a computation of an
> invalid
> > pointer and a crash reading an invalid address.
>
> Could you please comment directly about the likelihood of
> exploitability for code execution?


To be honest, i don't know. The patched code looks quite complex and i
cannot discard any potential arbitrary write there.


> See the
> http://www.openwall.com/lists/oss-security/2015/10/11/5 post. We
> currently feel that a CVE assignment for a non-exploitable unzip crash
> on BusyBox may be unlikely, because BusyBox wouldn't realistically be
> used for deployment of a program that remains running to offer an
> unzipping service to multiple clients.
>

I felt this issue was interesting to post here give the large amount of
embedded devices using busybox so i decided to post it here looking for
some feedback. Maybe some of them are using it to unzip files provided from
users?
In any case, i can update later this thread if i got more precise
information about the exploitability of this issue.


> - --
> CVE assignment team, MITRE CVE Numbering Authority
> M/S M300
> 202 Burlington Road, Bedford, MA 01730 USA
> [ PGP key available through http://cve.mitre.org/cve/request_id.html ]
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQIcBAEBCAAGBQJWMbYWAAoJEL54rhJi8gl5KOIP/0glPnY2FhWwCDTKcVfjzfGX
> C0qdsZ7U75V9+ECFvd3VvsogMs/WFt+UaP+wGCkB2VM9WHXlH5k0tMlqQZxIb/fY
> Nixc54gGFxz3DI6Gm22mQNS2nz1nnjLHvdAfPsKorzb30h/UEOT2msdsBpo/ya8W
> Z9ELQ8nPmxgjeXw2jQ1lzi8Ng36GhZMUShqKq6RIJRcFDTrtLyeIipux7pKXABEg
> GKezwuTlQq0ek/ausiaD2I97GsrjobWm590cdVhrUcuhcSajgCgtyYLWVfCqUAhM
> dvHORPcD0StGedSWqRqVQULMlDdEWyay+icTibAFnuxw/IJan1o3KRNXwG3dPIjW
> AZs5iJdRZpCq3zaEu6gFRjz1TthBkkFWlOmjxMInHJgqZKVLZ/gsE6S2/V/EqFpX
> gEpmm68yjGAYWzAUwArVM9am1sz1Pso8XOrLbExC9kkc2UxDNpK4ANMxcFehGeKc
> /mjodcq7lYoZdtKRasPCGhSJyg4Pd1+fJvSpvcJCQR+TZtucnUeF68VdN+Co8po6
> YM9bV9MtzORnAJF3vZWfkjvWanLhL3UdSuh7iY6sg6m+Ui0FscCFCcHccgwSM62k
> 59/04Qw1Z9xav6hq3Dd9KR6EoCpJwiZkfBqLG9+Qejcj8q+fp1Vgqea3iJJNpPqA
> Hwp1wqHbGbeg1vJhOBFk
> =VGYW
> -----END PGP SIGNATURE-----
>

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ