[arch-security] [ASA-201503-9] unzip: arbitrary code execution

Levente Polyak anthraxx at archlinux.org
Sun Mar 15 05:35:02 UTC 2015


Arch Linux Security Advisory ASA-201503-9
=========================================

Severity: High
Date    : 2015-03-15
CVE-ID  : CVE-2014-9636
Package : unzip
Type    : arbitrary code execution
Remote  : Yes
Link    : https://wiki.archlinux.org/index.php/CVE

Summary
=======

The package unzip before version 6.0-10 is vulnerable to heap buffer
overflow leading to denial of service or possibly arbitrary code execution.

Resolution
==========

Upgrade to 6.0-10.

# pacman -Syu "unzip>=6.0-10"

The problems have not been fixed upstream but patches were added.

Workaround
==========

None.

Description
===========

A buffer overflow (out-of-bounds read or write) in test_compr_eb() in
extract.c was found in the way unzip handled an extra field with an
uncompressed size smaller than the compressed field size in a zip
archive that advertises STORED method compression. A specially crafted
Zip archive could cause unzip to crash or, possibly, execute arbitrary code.

Impact
======

An attacker is able to execute arbitrary code or cause a denial of
service through a specially crafted zip file.

References
==========

http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450
https://access.redhat.com/security/cve/CVE-2014-9636
https://bugs.archlinux.org/task/44171

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20150315/5ae952f0/attachment.asc>


More information about the arch-security mailing list