UnZip NEEDBITS Macro Memory Free May Let Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1019634
|
|
SecurityTracker URL: http://securitytracker.com/id?1019634
|
|
CVE Reference: CVE-2008-0888
(Links to External Site)
|
Date: Mar 18 2008
|
Impact: Denial of service via network, Execution of arbitrary code via network, User access via network
|
Description: A vulnerability was reported in UnZip. A remote user may be able to cause arbitrary code to be executed on the target user's system.
A remote user can create a specially crafted file that, when unzipped by the target user or application, will cause uninitialized
memory or previously freed memory to be freed. This can cause the target application to crash or potentially execute arbitrary
code.
The vulnerability resides in the NEEDBITS macro in the inflate_dynamic() function in 'inflate.c'.
Tavis Ormandy reported
this vulnerability.
|
Impact: A remote user can create a file that, when unzipped by the target user or application, will execute arbitrary code on the target system or cause the application to crash.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.info-zip.org/UnZip.html (Links to External Site)
|
Cause: Access control error, State error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Tue, 18 Mar 2008 15:46:04 -0500
Subject: unzip
|
CVE-2008-0888
The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be
invoked using invalid buffers, which allows remote attackers to cause a denial of
service (crash) and possible execute arbitrary code via unknown vectors that trigger a
free of uninitialized or previously-freed data.
|
|
