Bzip2 Bug Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1020867
|
|
SecurityTracker URL: http://securitytracker.com/id?1020867
|
|
CVE Reference: CVE-2008-1372
(Links to External Site)
|
Date: Sep 15 2008
|
Impact: Denial of service via network, Execution of arbitrary code via network, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): prior to 1.0.5
|
Description: A vulnerability was reported in Bzip2. A remote user can cause denial of service conditions.
A remote user can create a specially crafted archive that, when processed by the target application using bzip, will trigger a memory
access error and cause the application to crash.
The vulnerability was reported by the University of Oulu and CERT-FI in March
2008.
The original advisory is available at:
http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
|
Impact: A remote user can cause the target application to crash.
|
Solution: The vendor has issued a fixed version (1.0.5).
The vendor's advisory is available at:
http://www.bzip.org/CHANGES
|
Vendor URL: www.bzip.org/ (Links to External Site)
|
Cause: Access control error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Sun, 14 Sep 2008 21:46:21 -0400
Subject: bzip2
|
http://www.bzip.org/CHANGES
> 1.0.5 (10 Dec 07)
> ~~~~~~~~~~~~~~~~~
> Security fix only. Fixes CERT-FI 20469 as it applies to bzip2.
CVE-2008-1372
|
|
