[arch-security] [ASA-201503-9] unzip: arbitrary code execution
Levente Polyak
anthraxx at archlinux.org
Sun Mar 15 05:35:02 UTC 2015
Arch Linux Security Advisory ASA-201503-9
=========================================
Severity: High
Date : 2015-03-15
CVE-ID : CVE-2014-9636
Package : unzip
Type : arbitrary code execution
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
Summary
=======
The package unzip before version 6.0-10 is vulnerable to heap buffer
overflow leading to denial of service or possibly arbitrary code execution.
Resolution
==========
Upgrade to 6.0-10.
# pacman -Syu "unzip>=6.0-10"
The problems have not been fixed upstream but patches were added.
Workaround
==========
None.
Description
===========
A buffer overflow (out-of-bounds read or write) in test_compr_eb() in
extract.c was found in the way unzip handled an extra field with an
uncompressed size smaller than the compressed field size in a zip
archive that advertises STORED method compression. A specially crafted
Zip archive could cause unzip to crash or, possibly, execute arbitrary code.
Impact
======
An attacker is able to execute arbitrary code or cause a denial of
service through a specially crafted zip file.
References
==========
http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450
https://access.redhat.com/security/cve/CVE-2014-9636
https://bugs.archlinux.org/task/44171
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20150315/5ae952f0/attachment.asc>
More information about the arch-security
mailing list