Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 22 Jun 2017 14:56:38 +0200
From: Alexander Bergmann <abergmann@...e.com>
To: oss-security@...ts.openwall.com
Cc: thomasdullien@...gle.com
Subject: Re: CVE Request: unrar: VMSF_DELTA filter allows
 arbitrary memory write

On Wed, Jun 21, 2017 at 02:20:01PM +0200, Alexander Bergmann wrote:
> Hi,
> 
> It was reported that unrar fixed a VMSF_DELTA memory corruption issue in
> there latest version unrarsrc-5.5.5.tar.gz. This problem was reported to
> Sophos AV in 2012 but never reach upstream rar.
> 
> https://bugs.chromium.org/p/project-zero/issues/detail?id=1286&desc=6#maincol
> 
> Reproducer:
> 
> Base64-encoded RAR file to trigger the VMSF_DELTA issue:
> 
> UmFyIRoHAPlOcwAADgAAAAAAAAAAMAh0AAAmAI4AAAAAAAAAAhBBUiEAAAAAHQAGAAAAACBzdGRv
> dXQgIVUMzRDNmBGByDAda+AXaSv4KvQr1K/oejL05mXmXmww5tEk8gA9k8nmieyeyeswuOR6cx69
> a2Hd6zQwu3aoMDDwMEswADAAMD4P938w+dydoRFwAmwAAAAAvv////+/////+9W3QFgAAQAGAAAA
> Ooimhd12AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> 
> As far as I can tell no CVE was assigned to this issue so far.

Mitre.org assigned CVE-2012-6706 to this issue.


Regards,
Alex~


-- 
Alexander Bergmann <abergmann@...e.com>, Security Engineer, GPG:9FFA4886
SUSE Linux GmbH, GF: Felix Imend├Ârffer, Jane Smithard, Graham Norton
HRB 21284 (AG N├╝rnberg)

Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ