微慑信息网

CVE-2008-0888-漏洞详情

CVE-2008-0888
CVSS 9.3
发布时间 :2008-03-17 17:44:00
修订时间 :2011-06-20 00:00:00
NMCOP    

[原文]The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.


[CNNVD]Info-ZIP UnZip inflate_dynamic()函数内存堆栈破坏漏洞(CNNVD-200803-233)

        unzip是在Unix下对.zip文件格式进行解压的工具。


        unzip的实现上存在漏洞,攻击者可能利用此漏洞通过诱使用户处理恶意文档提升权限。


        unzip的inflate.c文件978行的inflate_dynamic()例程在出现错误时使用NEEDBITS()宏将执行流跳转到cleanup例程,而该例程试图free()两个在解压过程中所分配的缓冲区。某些位置在指针没有指向有效缓冲区的情况下便使用了NEEDBITS()宏,包括缓冲区未初始化或指向已经释放的块中。这两种情况都允许攻击者控制指针或指针所指向的缓冲区,导致执行任意指令。


        


CVSS (基础分值)

CVSS分值: 9.3 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]


CWE (弱点类目)

CWE-119 [内存缓冲区边界内操作的限制不恰当]


CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用


OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9733 The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attacker…
oval:org.mitre.oval:def:8229 DSA-1522 unzip — programming error
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。


官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0888

(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0888

(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200803-233

(官方数据源) CNNVD


其它链接及资源

http://secunia.com/advisories/30535


(VENDOR_ADVISORY)  SECUNIA  30535
https://issues.rpath.com/browse/RPL-2317


(UNKNOWN)  CONFIRM  https://issues.rpath.com/browse/RPL-2317
http://xforce.iss.net/xforce/xfdb/41246


(UNKNOWN)  XF  unzip-inflatedynamic-code-execution(41246)
http://www.vupen.com/english/advisories/2008/1744


(VENDOR_ADVISORY)  VUPEN  ADV-2008-1744
http://www.vupen.com/english/advisories/2008/0913/references


(VENDOR_ADVISORY)  VUPEN  ADV-2008-0913
http://www.vmware.com/security/advisories/VMSA-2008-0009.html


(UNKNOWN)  CONFIRM  http://www.vmware.com/security/advisories/VMSA-2008-0009.html
http://www.ubuntu.com/usn/usn-589-1


(UNKNOWN)  UBUNTU  USN-589-1
http://www.securitytracker.com/id?1019634


(UNKNOWN)  SECTRACK  1019634
http://www.securityfocus.com/bid/28288


(UNKNOWN)  BID  28288
http://www.securityfocus.com/archive/1/archive/1/493080/100/0/threaded


(UNKNOWN)  BUGTRAQ  20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues
http://www.securityfocus.com/archive/1/archive/1/489967/100/0/threaded


(UNKNOWN)  BUGTRAQ  20080321 rPSA-2008-0116-1 unzip
http://www.redhat.com/support/errata/RHSA-2008-0196.html


(VENDOR_ADVISORY)  REDHAT  RHSA-2008:0196
http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:068


(UNKNOWN)  MANDRIVA  MDVSA-2008:068
http://www.ipcop.org/index.php?name=News&file=article&sid=40


(UNKNOWN)  CONFIRM  http://www.ipcop.org/index.php?name=News&file=article&sid=40
http://www.debian.org/security/2008/dsa-1522


(UNKNOWN)  DEBIAN  DSA-1522
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0116


(UNKNOWN)  CONFIRM  http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0116
http://wiki.rpath.com/Advisories:rPSA-2008-0116


(UNKNOWN)  CONFIRM  http://wiki.rpath.com/Advisories:rPSA-2008-0116
http://support.apple.com/kb/HT4077


(UNKNOWN)  CONFIRM  http://support.apple.com/kb/HT4077
http://security.gentoo.org/glsa/glsa-200804-06.xml


(UNKNOWN)  GENTOO  GLSA-200804-06
http://secunia.com/advisories/31204


(VENDOR_ADVISORY)  SECUNIA  31204
http://secunia.com/advisories/29681


(VENDOR_ADVISORY)  SECUNIA  29681
http://secunia.com/advisories/29495


(VENDOR_ADVISORY)  SECUNIA  29495
http://secunia.com/advisories/29440


(VENDOR_ADVISORY)  SECUNIA  29440
http://secunia.com/advisories/29432


(VENDOR_ADVISORY)  SECUNIA  29432
http://secunia.com/advisories/29427


(VENDOR_ADVISORY)  SECUNIA  29427
http://secunia.com/advisories/29415


(VENDOR_ADVISORY)  SECUNIA  29415
http://secunia.com/advisories/29406


(VENDOR_ADVISORY)  SECUNIA  29406
http://secunia.com/advisories/29392


(VENDOR_ADVISORY)  SECUNIA  29392
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html


(UNKNOWN)  SUSE  SUSE-SR:2008:007
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html


(UNKNOWN)  APPLE  APPLE-SA-2010-03-29-1


漏洞信息

Info-ZIP UnZip inflate_dynamic()函数内存堆栈破坏漏洞
高危 缓冲区溢出
2008-03-17 00:00:00 2008-12-23 00:00:00
远程  
        unzip是在Unix下对.zip文件格式进行解压的工具。


        unzip的实现上存在漏洞,攻击者可能利用此漏洞通过诱使用户处理恶意文档提升权限。


        unzip的inflate.c文件978行的inflate_dynamic()例程在出现错误时使用NEEDBITS()宏将执行流跳转到cleanup例程,而该例程试图free()两个在解压过程中所分配的缓冲区。某些位置在指针没有指向有效缓冲区的情况下便使用了NEEDBITS()宏,包括缓冲区未初始化或指向已经释放的块中。这两种情况都允许攻击者控制指针或指针所指向的缓冲区,导致执行任意指令。


        


公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:


        https://www.redhat.com/support/errata/RHSA-2008-0196.html


漏洞信息 (F67011)

VMware Security Advisory 2008-0009 (PacketStormID:F67011)

2008-06-05 00:00:00
VMware  vmware.com

advisory

CVE-2007-5671,CVE-2008-0967,CVE-2008-2097,CVE-2008-2100,CVE-2006-1721,CVE-2008-0553,CVE-2007-5378,CVE-2007-4772,CVE-2008-0888,CVE-2008-0062,CVE-2008-0063,CVE-2008-0948

[点击下载]

VMware Security Advisory – Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------
                   VMware Security Advisory

Advisory ID:       VMSA-2008-0009
Synopsis:          Updates to VMware Workstation, VMware Player,
                   VMware ACE, VMware Fusion, VMware Server, VMware
                   VIX API, VMware ESX, VMware ESXi resolve critical
                   security issues
Issue date:        2008-06-04
Updated on:        2008-06-04 (initial release of advisory)
CVE numbers:       CVE-2007-5671 CVE-2008-0967 CVE-2008-2097
                   CVE-2008-2100 CVE-2006-1721 CVE-2008-0553
                   CVE-2007-5378 CVE-2007-4772 CVE-2008-0888
                   CVE-2008-0062 CVE-2008-0063 CVE-2008-0948
- -------------------------------------------------------------------

1. Summary:

   Several critical security vulnerabilities have been addressed
   in patches in ESX and in the newest releases of VMware's hosted
   product line.

2. Relevant releases:

   VMware Workstation 6.0.3 and earlier,
   VMware Workstation 5.5.6 and earlier,
   VMware Player 2.0.3 and earlier,
   VMware Player 1.0.6 and earlier,
   VMware ACE 2.0.3 and earlier,
   VMware ACE 1.0.5 and earlier,
   VMware Server 1.0.5 and earlier,
   VMware Fusion 1.1.1 and earlier

   VMware ESXi 3.5  without patches ESXe350-200805501-I-SG,
                                    ESXe350-200805502-T-SG,
                                    ESXe350-200805503-C-SG

   VMware ESX 3.5   without patches ESX350-200805515-SG, ESX350-200805508-SG,
                                    ESX350-200805501-BG, ESX350-200805504-SG,
                                    ESX350-200805506-SG, ESX350-200805505-SG,
                                    ESX350-200805507-SG

   VMware ESX 3.0.2 without patches ESX-1004727, ESX-1004821, ESX-1004216,
                                    ESX-1004726, ESX-1004722, ESX-1004724,
                                    ESX-1004719, ESX-1004219

   VMware ESX 3.0.1 without patches ESX-1004186, ESX-1004728, ESX-1004725,
                                    ESX-1004721, ESX-1004723, ESX-1004190,
                                    ESX-1004189

   VMware ESX 2.5.5 without update patch 8
   VMware ESX 2.5.4 without update patch 19

NOTES: Hosted products VMware Workstation 5.x, VMware Player 1.x,
       and VMware ACE 1.x will reach end of general support
       2008-11-09. Customers should plan to upgrade to the latest
       version of their respective products.

       ESX 3.0.1 is in Extended Support and its end of extended
       support (Security and Bug fixes) is 2008-07-31. Users should plan
       to upgrade to at least 3.0.2 update 1 and preferably the newest
       release available before the end of extended support.

       ESX 2.5.4 is in Extended Support and its end of extended support
       (Security and Bug fixes) is 2008-10-08.  Users should plan to upgrade
       to at least 2.5.5 and preferably the newest release available before
       the end of extended support.

3. Problem description:

 a. VMware Tools Local Privilege Escalation on Windows-based guest OS

    The VMware Tools Package provides support required for shared folders
    (HGFS) and other features.

    An input validation error is present in the Windows-based VMware
    HGFS.sys driver.   Exploitation of this flaw might result in
    arbitrary code execution on the guest system by an unprivileged
    guest user.  It doesn't matter on what host the Windows guest OS
    is running, as this is a guest driver vulnerability and not a
    vulnerability on the host.

    The HGFS.sys driver is present in the guest operating system if the
    VMware Tools package is loaded.  Even if the host has HGFS disabled
    and has no shared folders, Windows-based guests may be affected. This
    is regardless if a host supports HGFS.

    This issue could be mitigated by removing the VMware Tools package
    from Windows based guests.  However this is not recommended as it
    would impact usability of the product.

    NOTE: Installing the new hosted release or ESX patches will not
          remediate the issue.  The VMware Tools packages will need
          to be updated on each Windows-based guest followed by a
          reboot of the guest system.

    VMware would like to thank iDefense and Stephen Fewer of Harmony
    Security for reporting this issue to us.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2007-5671 to this issue.

    VMware        Product   Running  Replace with/
    Product       Version   on       Apply Patch
    ============  ========  =======  =================
    Workstation   6.x       Windows  not affected
    Workstation   6.x       Linux    not affected
    Workstation   5.x       Windows  5.5.6 build 80404 or later
    Workstation   5.x       Linux    5.5.6 build 80404 or later

    Player        2.x       Windows  not affected
    Player        2.x       Linux    not affected
    Player        1.x       Windows  1.0.6 build 80404 or later
    Player        1.x       Linux    1.0.6 build 80404 or later

    ACE           2.x       Windows  not affected
    ACE           1.x       Windows  1.0.5 build 79846 or later

    Server        1.x       Windows  1.0.5 build 80187 or later
    Server        1.x       Linux    1.0.5 build 80187 or later

    Fusion        1.x       Mac OS/X not affected

    ESXi          3.5       ESXi     not affected

    ESX           3.5       ESX      not affected
    ESX           3.0.2     ESX      ESX-1004727
    ESX           3.0.1     ESX      ESX-1004186
    ESX           2.5.5     ESX      ESX 2.5.5 upgrade patch 5 or later
    ESX           2.5.4     ESX      ESX 2.5.4 upgrade patch 16 or later


 b. Privilege escalation on ESX or Linux based hosted operating systems

    This update fixes a security issue related to local exploitation of
    an untrusted library path vulnerability in vmware-authd. In order to
    exploit this vulnerability, an attacker must have local access and
    the ability to execute the set-uid vmware-authd binary on an affected
    system. Exploitation of this flaw might result in arbitrary code
    execution on the Linux host system by an unprivileged user.

    VMware would like to thank iDefense for reporting this issue to us.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2008-0967 to this issue.

    VMware        Product   Running  Replace with/
    Product       Version   on       Apply Patch
    ============  ========  =======  =================
    Workstation   6.x       Windows  not affected
    Workstation   6.x       Linux    6.0.4 build 93057
    Workstation   5.x       Windows  not affected
    Workstation   5.x       Linux    5.5.7 build 91707

    Player        2.x       Windows  not affected
    Player        2.x       Linux    2.0.4 build 93057
    Player        1.x       Windows  not affected
    Player        1.x       Linux    1.0.7 build 91707

    ACE           2.x       Windows  not affected
    ACE           1.x       Windows  not affected

    Server        1.x       Windows  not affected
    Server        1.x       Linux    1.0.6 build 91891

    Fusion        1.x       Mac OS/X not affected

    ESXi          3.5       ESXi     ESXe350-200805501-I-SG

    ESX           3.5       ESX      ESX350-200805515-SG
    ESX           3.0.2     ESX      ESX-1004821
    ESX           3.0.1     ESX      ESX-1004728
    ESX           2.5.5     ESX      ESX 2.5.5 update patch 8
    ESX           2.5.4     ESX      ESX 2.5.4 update patch 19

 c. Openwsman Invalid Content-Length Vulnerability

    Openwsman is a system management platform that implements the Web
    Services Management protocol (WS-Management). It is installed and
    running by default. It is used in the VMware Management Service
    Console and in ESXi.

    The openwsman management service on ESX 3.5 and ESXi 3.5 is vulnerable
    to a privilege escalation vulnerability, which may allow users with
    non-privileged ESX or Virtual Center accounts to gain root privileges.

    To exploit this vulnerability, an attacker would need a local ESX
    account or a VirtualCenter account with the Host.Cim.CimInteraction
    permission.

    Systems with no local ESX accounts and no VirtualCenter accounts with
    the Host.Cim.CimInteraction permission are not vulnerable.

    This vulnerability cannot be exploited by users without valid login
    credentials.

    Discovery: Alexander Sotirov, VMware Security Research

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2008-2097 to this issue.

    VMware        Product   Running  Replace with/
    Product       Version   on       Apply Patch
    ============  ========  =======  =================
    hosted        any       any      not affected

    ESXi          3.5       ESXi     ESXe350-200805501-I-SG

    ESX           3.5       ESX      ESX350-200805508-SG
    ESX           3.0.2     ESX      not affected
    ESX           3.0.1     ESX      not affected
    ESX           2.5.5     ESX      not affected
    ESX           2.5.4     ESX      not affected

    NOTE: VMware hosted products are not affected by this issue.

 d. VMware VIX Application Programming Interface (API) Memory Overflow
Vulnerabilities

    The VIX API (also known as "Vix") is an API that lets users write scripts
    and programs to manipulate virtual machines.

    Multiple buffer overflow vulnerabilities are present in the VIX API.
    Exploitation of these vulnerabilities might result in code execution on
    the host system or on the service console in ESX Server from the guest
    operating system.

    The VIX API can be enabled and disabled using the "vix.inGuest.enable"
    setting in the VMware configuration file. This default value for this
    setting is "disabled".  This configuration setting is present in the
    following products:
      VMware Workstation 6.0.2 and higher
      VMware ACE 6.0.2 and higher
      VMware Server 1.06 and higher
      VMware Fusion 1.1.2 and higher
      ESX Server 3.0 and higher
      ESX Server 3.5 and higher
    In previous versions of VMware products where the VIX API was introduced,
    the VIX API couldn't be disabled.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2008-2100 to this issue.

    VMware        Product   Running  Replace with/
    Product       Version   on       Apply Patch
    ============  ========  =======  =================
    VIX API       1.1.x     Windows  VMware-vix-1.1.4-93057.exe
    VIX API       1.1.x     Linux    VMware-vix-1.1.4-93057.i386.tar.gz
    VIX API       1.1.x     Linux64  VMware-vix-1.1.4-93057.x86_64.tar.gz

    Workstation   6.x       Windows  6.0.4 build 93057
    Workstation   6.x       Linux    6.0.4 build 93057
    Workstation   5.x       Windows  5.5.7 build 91707
    Workstation   5.x       Linux    5.5.7 build 91707

    Player        2.x       Windows  2.0.4 build 93057
    Player        2.x       Linux    2.0.4 build 93057
    Player        1.x       Windows  1.0.6 build 91707
    Player        1.x       Linux    1.0.6 build 91707

    ACE           2.x       Windows  2.0.4 build 93057
    ACE           1.x       Windows  not affected

    Server        1.x       Windows  1.0.6 build 91891
    Server        1.x       Linux    1.0.6 build 91891

    Fusion        1.x       Mac OS/X 1.1.2 build 87978 or later

    ESXi          3.5       ESXi     ESXe350-200805501-I-SG,
                                     ESXe350-200805502-T-SG

    ESX           3.5       ESX      ESX350-200805501-BG
    ESX           3.0.2     ESX      ESX-1004216, ESX-1004726, ESX-1004727
    ESX           3.0.1     ESX      ESX-1004186, ESX-1004725
    ESX           2.5.5     ESX      not affected
    ESX           2.5.4     ESX      not affected


II Service Console rpm updates

  NOTE: ESXi and hosted products are not affected by any service console
        security updates

  a. Security update for cyrus-sasl

    Updated cyrus-sasl package for the ESX Service Console corrects a security
    issue found in the DIGEST-MD5 authentication mechanism of Cyrus'
    implementation of Simple Authentication and Security Layer (SASL). As a
    result of this issue in the authentication mechanism, a remote
    unauthenticated attacker might be able to cause a denial of service error
    on the service console.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the name CVE-2006-1721 to this issue.

    RPMs Updated:
    cyrus-sasl-2.1.15-15.i386.rpm
    cyrus-sasl-md5-2.1.15-1.i386.rpm

    VMware        Product   Running  Replace with/
    Product       Version   on       Apply Patch
    ============  ========  =======  =================
    hosted        any       any      not affected

    ESXi          3.5       ESXi     not affected

    ESX           3.5       ESX      ESX350-200805504-SG
    ESX           3.0.2     ESX      ESX-1004722
    ESX           3.0.1     ESX      ESX-1004721
    ESX           2.5.5     ESX      not affected
    ESX           2.5.4     ESX      not affected

  b. Security update for tcltk

    An input validation flaw was discovered in Tk's GIF image handling. A
    code-size value read from a GIF image was not properly validated before
    being used, leading to a buffer overflow. A specially crafted GIF file
    could use this to cause a crash or, potentially, execute code with the
    privileges of the application using the Tk graphical toolkit.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the name CVE-2008-0553 to this issue.

    A buffer overflow flaw was discovered in Tk's animated GIF image handling.
    An animated GIF containing an initial image smaller than subsequent images
    could cause a crash or, potentially, execute code with the privileges of
    the application using the Tk library.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the name CVE-2007-5378 to this issue.

    A flaw first discovered in the Tcl regular expression engine used in the
    PostgreSQL database server, resulted in an infinite loop when processing
    certain regular expressions.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the name CVE-2007-4772 to this issue.

    RPM Updated:
    tcl-8.3.5-92.8.i386.rpm

    VMware        Product   Running  Replace with/
    Product       Version   on       Apply Patch
    ============  ========  =======  =================
    hosted        any       any      not affected

    ESXi          3.5       ESXi     not affected

    ESX           3.5       ESX      ESX350-200805506-SG
    ESX           3.0.2     ESX      ESX-1004724
    ESX           3.0.1     ESX      ESX-1004723
    ESX           2.5.5     ESX      ESX 2.5.5 Upgrade Patch 8
    ESX           2.5.4     ESX      ESX 2.5.4 Upgrade Patch 19

  c. Security update for unzip

    This patch includes a moderate security update to the service console that
    fixes a flaw in unzip. An attacker could execute malicious code with a
    user's privileges if the user ran unzip on a file designed to leverage
    this flaw.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the name CVE-2008-0888 to this issue.

    RPM Updated:
    Unzip-5.50-36.EL3.i386.rpm

    VMware        Product   Running  Replace with/
    Product       Version   on       Apply Patch
    ============  ========  =======  =================
    hosted        any       any      not affected

    ESXi          3.5       ESXi     not affected

    ESX           3.5       ESX      ESX350-200805505-SG
    ESX           3.0.2     ESX      ESX-1004719
    ESX           3.0.1     ESX      ESX-1004190
    ESX           2.5.5     ESX      ESX 2.5.5 Upgrade Patch 8
    ESX           2.5.4     ESX      ESX 2.5.4 Upgrade Patch 19

  d. Security update for krb5

    KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable
    for some krb4 message types, which allows remote attackers to
    cause a denial of service (crash) and possibly execute arbitrary
    code via crafted messages that trigger a NULL pointer dereference
    or double-free.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2008-0062 to this issue.

    NOTE: ESX doesn't contain the krb5kdc binary and is not vulnerable
          to this issue.

    The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not
    properly clear the unused portion of a buffer when generating an
    error message, which might allow remote attackers to obtain
    sensitive information, aka "Uninitialized stack values."

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2008-0063 to this issue.

    NOTE: ESX doesn't contain the krb5kdc binary and is not vulnerable
          to this issue.

    Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used
    by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably
    other versions before 1.3, when running on systems whose unistd.h
    does not define the FD_SETSIZE macro, allows remote attackers to cause
    a denial of service (crash) and possibly execute arbitrary code by
    triggering a large number of open file descriptors.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2008-0948 to this issue.

    RPM Updated:
    krb5-libs-1.2.7-68.i386.rpm

    VMware        Product   Running  Replace with/
    Product       Version   on       Apply Patch
    ============  ========  =======  =================
    hosted        any       any      not affected

    ESXi          3.5       ESXi     not affected

    ESX           3.5       ESX      ESX350-200805507-SG
    ESX           3.0.2     ESX      ESX-1004219
    ESX           3.0.1     ESX      ESX-1004189
    ESX           2.5.5     ESX      ESX 2.5.5 Upgrade Patch 8
    ESX           2.5.4     ESX      ESX 2.5.4 Upgrade Patch 19

4. Solution:

Please review the release notes for your product and version and verify the
md5sum of your downloaded file.

  VMware Workstation 6.0.4
  ------------------------
  http://www.vmware.com/download/ws/
  Release notes:
  http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html

  Windows binary
  md5sum: f50a05831e94c19d98f363c752fca5f9

  RPM Installation file for 32-bit Linux
  md5sum: e7793b14b995d3b505f093c84e849421

  tar Installation file for 32-bit Linux
  md5sum: a0a8e1d8188f4be03357872a57a767ab

  RPM Installation file for 64-bit Linux
  md5sum: 960d753038a268b8f101f4b853c0257e

  tar Installation file for 64-bit Linux
  md5sum: 4697ec8a9d6c1152d785f3b77db9d539

  VMware Workstation 5.5.7
  ------------------------
  http://www.vmware.com/download/ws/ws5.html
  Release notes:
  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html

  Windows binary:
  md5sum: 4c6a6653b7296240197aac048591c659

  Compressed Tar archive for 32-bit Linux
  md5sum: 8fc15d72031489cf5cd5d47b966787e6

  Linux RPM version for 32-bit Linux
  md5sum: f0872fe447ac654a583af16b2f4bba3f


  VMware Player 2.0.4 and 1.0.7
  -----------------------------
  http://www.vmware.com/download/player/
  Release notes Player 1.x:
  http://www.vmware.com/support/player/doc/releasenotes_player.html
  Release notes Player 2.0
  http://www.vmware.com/support/player2/doc/releasenotes_player2.html

  2.0.4 Windows binary
  md5sum: a117664a8bfa7336b846117e5fc048dd

  VMware Player 2.0.4 for Linux (.rpm)
  md5sum: de6ab6364a0966b68eadda2003561cd2

  VMware Player 2.0.4 for Linux (.tar)
  md5sum: 9e1c2bfda6b22a3fc195a86aec11903a

  VMware Player 2.0.4 - 64-bit (.rpm)
  md5sum: 997e5ceffe72f9ce9146071144dacafa

  VMware Player 2.0.4 - 64-bit (.tar)
  md5sum: 18eb4ee49dd7e33ec155ef69d7d259ef

  1.0.7 Windows binary
  md5sum: 51114b3b433dc1b3bf3e434aebbf2b9c

  Player 1.0.7 for Linux (.rpm)
  md5sum: 3b5f97a37df3b984297fa595a5cdba9c

  Player 1.0.7 for Linux (.tar)
  md5sum: b755739144944071492a16fa20f86a51


  VMware ACE
  ----------
  http://www.vmware.com/download/ace/
  Release notes 2.0:
  http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

  VMware-workstation-6.0.4-93057.exe
  md5sum: f50a05831e94c19d98f363c752fca5f9

  VMware-ACE-Management-Server-Appliance-2.0.4-93057.zip
  md5sum: d2ae2246f3d87268cf84c1421d94e86c

  VMware-ACE-Management-Server-2.0.4-93057.exe
  md5sum: 41b31b3392d5da2cef77a7bb28654dbf

  VMware-ACE-Management-Server-2.0.4-93057.i386-rhel4.rpm
  md5sum: 9920be4c33773df53a1728b41af4b109

  VMware-ACE-Management-Server-2.0.4-93057.i386-sles9.rpm
  md5sum: 4ec4c37203db863e8844460b5e80920b

  Release notes 1.x:
  http://www.vmware.com/support/ace/doc/releasenotes_ace.html

  VMware-ACE-1.0.6-89199.exe
  md5sum: 110f6e24842a0d154d9ec55ef9225f4f


  VMware Server 1.0.6
  -------------------
  http://www.vmware.com/download/server/
  Release notes:
  http://www.vmware.com/support/server/doc/releasenotes_server.html

  VMware Server for Windows 32-bit and 64-bit
  md5sum: 3e00d5cfae123d875e4298bddabf12f5

  VMware Server Windows client package
  md5sum: 64f3fc1b4520626ae465237d7ec4773e

  VMware Server for Linux
  md5sum: 46ea876bfb018edb6602a921f6597245

  VMware Server for Linux rpm
  md5sum: 9d2f0af908aba443ef80bec8f7ef3485

  Management Interface
  md5sum: 1b3daabbbb49a036fe49f53f812ef64b

  VMware Server Linux client package
  md5sum: 185e5b174659f366fcb38b1c4ad8d3c6


  VMware Fusion 1.1.3
  --------------
  http://www.vmware.com/download/fusion/
  Release notes:
  http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html
  md5sum: D15A3DFD3E7B11FC37AC684586086D


  VMware VIX 1.1.4
  ----------------
  http://www.vmware.com/support/developer/vix-api/
  Release notes:
  http://www.vmware.com/support/pubs/vix-api/VIXAPI-1.1.4-Release-Notes.html
  VMware-vix-1.1.4-93057.exe
  md5sum: 2efb74618c7ead627ecb3b3033e3f9f6

  VMware-vix-1.1.4-93057.i386.tar.gz
  md5sum: 988df2b2bbc975a6fc11f27ad1519832

  VMware-vix-1.1.4-93057.x86_64.tar.gz
  md5sum: a64f951c6fb5b2795a29a5a7607059c0


  ESXi
  ----
  VMware ESXi 3.5 patch ESXe350-200805501-O-SG (authd, openwsman, VIX)
  http://download3.vmware.com/software/esx/ESXe350-200805501-O-SG.zip
  md5sum: 4ce06985d520e94243db1e0504a56d8c
  http://kb.vmware.com/kb/1005073
  http://kb.vmware.com/kb/1004173
  http://kb.vmware.com/kb/1004172

  NOTE: ESXe350-200805501-O-SG contains the following patch bundles:
        ESXe350-200805501-I-SG, ESXe350-200805502-T-SG,
        ESXe350-200805503-C-SG


  ESX
  ---
  VMware ESX 3.5 patch ESX350-200805515-SG (authd)
  http://download3.vmware.com/software/esx/ESX350-200805515-SG.zip
  md5sum: 324b50ade230bcd5079a76e3636163c5
  http://kb.vmware.com/kb/1004170

  VMware ESX 3.5 patch ESX350-200805508-SG (openwsman)
  http://download3.vmware.com/software/esx/ESX350-200805508-SG.zip
  md5sum: 3ff8c06d4a9dd406f64f89c51bf26d12
  http://kb.vmware.com/kb/1004644

  VMware ESX 3.5 patch ESX350-200805501-BG (VIX)
  http://download3.vmware.com/software/esx/ESX350-200805501-BG.zip
  md5sum: 31a620aa249c593c30015b5b6f8c8650
  http://kb.vmware.com/kb/1004637

  VMware ESX 3.5 patch ESX350-200805504-SG (cyrus-sasl)
  http://download3.vmware.com/software/esx/ESX350-200805504-SG.zip
  md5sum: 4c1b1a8dcb09a636b55c64c290f7de51
  http://kb.vmware.com/kb/1004640

  VMware ESX 3.5 patch ESX350-200805506-SG (tcltk)
  http://download3.vmware.com/software/esx/ESX350-200805506-SG.zip
  md5sum: af279eef8fdeddb7808630da1ae717b1
  http://kb.vmware.com/kb/1004642

  VMware ESX 3.5 patch ESX350-200805505-SG (unzip)
  http://download3.vmware.com/software/esx/ESX350-200805505-SG.zip
  md5sum: 07af82d9fd97cccb89d9b90c6ecc41c6
  http://kb.vmware.com/kb/1004641

  VMware ESX 3.5 patch ESX350-200805507-SG (krb5)
  http://download3.vmware.com/software/esx/ESX350-200805507-SG.zip
  md5sum: 5d35a1c470daf13c9f4df5bdc9438748
  http://kb.vmware.com/kb/1004643

  VMware ESX 3.0.2 patch ESX-1004727 (HGFS,VIX)
  http://download3.vmware.com/software/vi/ESX-1004727.tgz
  md5sum: 31a67b0fa3449747887945f8d370f19e
  http://kb.vmware.com/kb/1004727

  VMware ESX 3.0.2 patch ESX-1004821 (authd)
  http://download3.vmware.com/software/vi/ESX-1004821.tgz
  md5sum: 5c147bedd07245c903d44257522aeba1
  http://kb.vmware.com/kb/1004821

  VMware ESX 3.0.2 patch ESX-1004216 (VIX)
  http://download3.vmware.com/software/vi/ESX-1004216.tgz
  md5sum: 0784ef70420d28a9a5d6113769f6669a
  http://kb.vmware.com/kb/1004216

  VMware ESX 3.0.2 patch ESX-1004726 (VIX)
  http://download3.vmware.com/software/vi/ESX-1004726.tgz
  md5sum: 44f03b274867b534cd274ccdf4630b86
  http://kb.vmware.com/kb/1004726

  VMware ESX 3.0.2 patch ESX-1004722 (cyrus-sasl)
  http://download3.vmware.com/software/vi/ESX-1004722.tgz
  md5sum: 99dc71aed5bab7711f573b6d322123d6
  http://kb.vmware.com/kb/1004722

  VMware ESX 3.0.2 patch ESX-1004724 (tcltk)
  http://download3.vmware.com/software/vi/ESX-1004724.tgz
  md5sum: fd9a160ca7baa5fc443f2adc8120ecf7
  http://kb.vmware.com/kb/1004724

  VMware ESX 3.0.2 patch ESX-1004719 (unzip)
  http://download3.vmware.com/software/vi/ESX-1004719.tgz
  md5sum: f0c37b9f6be3399536d60f6c6944de82
  http://kb.vmware.com/kb/1004719

  VMware ESX 3.0.2 patch ESX-1004219 (krb5)
  http://download3.vmware.com/software/vi/ESX-1004219.tgz
  md5sum: 7c68279762f407a7a5ee151a650ebfd4
  http://kb.vmware.com/kb/1004219

  VMware ESX 3.0.1 patch ESX-1004186 (HGFS,VIX)
  http://download3.vmware.com/software/vi/ESX-1004186.tgz
  md5sum: f64389a8b97718eccefadce1a14d1198
  http://kb.vmware.com/kb/1004186

  VMware ESX 3.0.1 patch ESX-1004728 (authd)
  http://download3.vmware.com/software/vi/ESX-1004728.tgz
  md5sum: 1f01bb819805b855ffa2ec1040eff5ca
  http://kb.vmware.com/kb/1004728

  VMware ESX 3.0.1 patch ESX-1004725 (VIX)
  http://download3.vmware.com/software/vi/ESX-1004725.tgz
  md5sum: 9fafb04c6d3f6959e623832f539d2dc8
  http://kb.vmware.com/kb/1004725

  VMware ESX 3.0.1 patch ESX-1004721 (cyrus-sasl)
  http://download3.vmware.com/software/vi/ESX-1004721.tgz
  md5sum: 48190819b0f5afddefcb8d209d12b585
  http://kb.vmware.com/kb/1004721

  VMware ESX 3.0.1 patch ESX-1004723 (tcltk)
  http://download3.vmware.com/software/vi/ESX-1004723.tgz
  md5sum: c34ca0a5886e0c0917a93a97c331fd7d
  http://kb.vmware.com/kb/1004723

  VMware ESX 3.0.1 patch ESX-1004190 (unzip)
  http://download3.vmware.com/software/vi/ESX-1004190.tgz
  md5sum: 05187b9f534048c79c62741367cc0dd2
  http://kb.vmware.com/kb/1004190

  VMware ESX 3.0.1 patch ESX-1004189 (krb5)
  http://download3.vmware.com/software/vi/ESX-1004189.tgz
  md5sum: 21b620530b99009f469c872e73a439e8
  http://kb.vmware.com/kb/1004189

  VMware ESX 2.5.5 Upgrade Patch 8
  http://download3.vmware.com/software/esx/esx-2.5.5-90521-upgrade.tar.gz
  md5sum: 392b6947fc3600ca0e8e7788cd5bbb6e
  http://vmware.com/support/esx25/doc/esx-255-200805-patch.html

  VMware ESX 2.5.4 Upgrade Patch 19
  http://download3.vmware.com/software/esx/esx-2.5.4-90520-upgrade.tar.gz
  md5sum: 442788fd0bccb0d994c75b268bd12760
  http://vmware.com/support/esx25/doc/esx-254-200805-patch.html

5. References:

   CVE numbers
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5671
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0967
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2097
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2100
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1721
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0553
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5378
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4772
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0888
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0948

6. Change log:

2008-06-04  VMSA-2008-0009    Initial release

- -------------------------------------------------------------------
7. Contact:

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

  * [email protected]
  * [email protected]cus.com
  * [email protected]

E-mail:  [email protected]
PGP key at: http://kb.vmware.com/kb/1055

VMware Security Center
http://www.vmware.com/security

VMware security response policy
http://www.vmware.com/support/policies/security_response.html

General support life cycle policy
http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html

Copyright 2008 VMware Inc.  All rights reserved.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIRs08S2KysvBH1xkRCMxFAJ0WJX76quFzCV+avwupq3Lu72UKigCfRftj
CZvxoXw/sZxDCSDjVzYAhrA=
=s04s
-----END PGP SIGNATURE-----
    


漏洞信息 (F65284)

Gentoo Linux Security Advisory 200804-6 (PacketStormID:F65284)

2008-04-08 00:00:00
Gentoo  security.gentoo.org

advisory

linux,gentoo

CVE-2008-0888

[点击下载]

Gentoo Linux Security Advisory GLSA 200804-06 – Tavis Ormandy of the Google Security Team discovered that the NEEDBITS macro in the inflate_dynamic() function in the file inflate.c can be invoked using invalid buffers, which can lead to a double free. Versions less than 5.52-r2 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200804-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: UnZip: User-assisted execution of arbitrary code
      Date: April 06, 2008
      Bugs: #213761
        ID: 200804-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

A double free vulnerability discovered in UnZip might lead to the
execution of arbitrary code.

Background
==========

Info-ZIP's UnZip is a tool to list and extract files inside PKZIP
compressed files.

Affected packages
=================

    -------------------------------------------------------------------
     Package         /  Vulnerable  /                       Unaffected
    -------------------------------------------------------------------
  1  app-arch/unzip      < 5.52-r2                          >= 5.52-r2

Description
===========

Tavis Ormandy of the Google Security Team discovered that the NEEDBITS
macro in the inflate_dynamic() function in the file inflate.c can be
invoked using invalid buffers, which can lead to a double free.

Impact
======

Remote attackers could entice a user or automated system to open a
specially crafted ZIP file that might lead to the execution of
arbitrary code or a Denial of Service.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All UnZip users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-arch/unzip-5.52-r2"

References
==========

  [ 1 ] CVE-2008-0888
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0888

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200804-06.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2008 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5
    


漏洞信息 (F64772)

Ubuntu Security Notice 589-1 (PacketStormID:F64772)

2008-03-20 00:00:00
Ubuntu  security.ubuntu.com

advisory,remote,arbitrary

linux,ubuntu

CVE-2008-0888

[点击下载]

Ubuntu Security Notice 589-1 – Tavis Ormandy discovered that unzip did not correctly clean up pointers. If a user or automated service was tricked into processing a specially crafted ZIP archive, a remote attacker could execute arbitrary code with user privileges.

=========================================================== 
Ubuntu Security Notice USN-589-1             March 20, 2008
unzip vulnerability
CVE-2008-0888
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  unzip                           5.52-6ubuntu4.1

Ubuntu 6.10:
  unzip                           5.52-8ubuntu1.1

Ubuntu 7.04:
  unzip                           5.52-9ubuntu3.1

Ubuntu 7.10:
  unzip                           5.52-10ubuntu1.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Tavis Ormandy discovered that unzip did not correctly clean up pointers.
If a user or automated service was tricked into processing a specially
crafted ZIP archive, a remote attacker could execute arbitrary code with
user privileges.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-6ubuntu4.1.diff.gz
      Size/MD5:    12788 c944a77823f756df4f6f1352028c51ba
    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-6ubuntu4.1.dsc
      Size/MD5:      535 05a4c713cd2bc201d7fec5dd0f1807ce
    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52.orig.tar.gz
      Size/MD5:  1140291 9d23919999d6eac9217d1f41472034a9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-6ubuntu4.1_amd64.deb
      Size/MD5:   161102 b975bb72efc3b8b8a7355011090a76d3

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-6ubuntu4.1_i386.deb
      Size/MD5:   147240 7470f2fa04517e0b5b601f69db54ac84

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-6ubuntu4.1_powerpc.deb
      Size/MD5:   165218 a6b0dc720809d80d31e809492056eee0

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-6ubuntu4.1_sparc.deb
      Size/MD5:   164078 552d2029d247f091442e174eae9c3a19

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-8ubuntu1.1.diff.gz
      Size/MD5:    12565 7c86995d3353555020b5072979437d32
    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-8ubuntu1.1.dsc
      Size/MD5:      535 942549c5fc2654810ecece441c702ed7
    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52.orig.tar.gz
      Size/MD5:  1140291 9d23919999d6eac9217d1f41472034a9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-8ubuntu1.1_amd64.deb
      Size/MD5:   164316 1fba1ee7c30fbd2572c49d55938eac54

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-8ubuntu1.1_i386.deb
      Size/MD5:   151466 20e48a45fad384a8310ce970c00903b2

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-8ubuntu1.1_powerpc.deb
      Size/MD5:   165248 c9f333ffc8b3ea28bd5882c6f683d200

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-8ubuntu1.1_sparc.deb
      Size/MD5:   163544 b9cf45c1b44e808e6f4bc28a0e462ba5

Updated packages for Ubuntu 7.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-9ubuntu3.1.diff.gz
      Size/MD5:    91922 4ab4fa170cfb1009969476118e6c5ea0
    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-9ubuntu3.1.dsc
      Size/MD5:      619 721b61d3b81b58e01eab7e4d75ec0616
    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52.orig.tar.gz
      Size/MD5:  1140291 9d23919999d6eac9217d1f41472034a9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-9ubuntu3.1_amd64.deb
      Size/MD5:   167272 1b0f7e30281083c3c1f7ee7ea1edbff4

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-9ubuntu3.1_i386.deb
      Size/MD5:   154032 ab6718b23c1cff644082b0126a72a02e

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-9ubuntu3.1_powerpc.deb
      Size/MD5:   169850 b3cf955d0462608841b350435a049f4d

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-9ubuntu3.1_sparc.deb
      Size/MD5:   166698 4a8cfaa0a4f1eb5bd54649a8a770b9fd

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-10ubuntu1.1.diff.gz
      Size/MD5:    92162 9cb570c2efaac04984b2a0742015ea05
    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-10ubuntu1.1.dsc
      Size/MD5:      621 8e761acc5aa550a4c12c32a1c233d992
    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52.orig.tar.gz
      Size/MD5:  1140291 9d23919999d6eac9217d1f41472034a9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-10ubuntu1.1_amd64.deb
      Size/MD5:   167694 cd72a56dbb1eab868f159b9b822a22c8

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-10ubuntu1.1_i386.deb
      Size/MD5:   154212 be2f160d462a22bd11bf744498e69977

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-10ubuntu1.1_powerpc.deb
      Size/MD5:   169998 630a0893db3e5fee553860240946cb21

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-10ubuntu1.1_sparc.deb
      Size/MD5:   166968 88ffce45be1200383a5609f09be92417

    


漏洞信息 (F64699)

Mandriva Linux Security Advisory 2008-068 (PacketStormID:F64699)

2008-03-19 00:00:00
Mandriva  mandriva.com

advisory,arbitrary

linux,mandriva

CVE-2008-0888

[点击下载]

Mandriva Linux Security Advisory – Tavis Ormandy of Google Security discovered an invalid pointer flaw in unzip that could lead to the execution of arbitrary code with the privileges of the user running unzip.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:068
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : unzip
 Date    : March 18, 2008
 Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 Tavis Ormandy of Google Security discovered an invalid pointer flaw
 in unzip that could lead to the execution of arbitrary code with the
 privileges of the user running unzip.
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0888
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 8ab02d1ae7407c44cd1a1b9ec6c9cf61  2007.0/i586/unzip-5.52-3.1mdv2007.0.i586.rpm 
 57f5147c837b81e917a8d5651360e2cc  2007.0/SRPMS/unzip-5.52-3.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 b7e80efd92608ae0a78a984e34bb8eff  2007.0/x86_64/unzip-5.52-3.1mdv2007.0.x86_64.rpm 
 57f5147c837b81e917a8d5651360e2cc  2007.0/SRPMS/unzip-5.52-3.1mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 57dde2a4dc7f38ebcdff410b370f61f4  2007.1/i586/unzip-5.52-3.1mdv2007.1.i586.rpm 
 d8415ea1276040828fe1d413ee286563  2007.1/SRPMS/unzip-5.52-3.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 5cb9ca374ed552c88db439e6cb940e33  2007.1/x86_64/unzip-5.52-3.1mdv2007.1.x86_64.rpm 
 d8415ea1276040828fe1d413ee286563  2007.1/SRPMS/unzip-5.52-3.1mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 994efe8ccdbc3513e8095dd35065905c  2008.0/i586/unzip-5.52-3.1mdv2008.0.i586.rpm 
 166137b40bd05dcd93a014d9ce0bb34f  2008.0/SRPMS/unzip-5.52-3.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 38d80bbd775b4d190adc8c4b86cc77aa  2008.0/x86_64/unzip-5.52-3.1mdv2008.0.x86_64.rpm 
 166137b40bd05dcd93a014d9ce0bb34f  2008.0/SRPMS/unzip-5.52-3.1mdv2008.0.src.rpm

 Corporate 3.0:
 fc663b970f8876e8f83a8d93acf019c0  corporate/3.0/i586/unzip-5.50-9.4.C30mdk.i586.rpm 
 dafe241ea7b42965ad69da9d4b95719a  corporate/3.0/SRPMS/unzip-5.50-9.4.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 ac91d1e086ad8aeb7c6bd1e8a67a2beb  corporate/3.0/x86_64/unzip-5.50-9.4.C30mdk.x86_64.rpm 
 dafe241ea7b42965ad69da9d4b95719a  corporate/3.0/SRPMS/unzip-5.50-9.4.C30mdk.src.rpm

 Corporate 4.0:
 6389250d173ed94a1736a1881247e29e  corporate/4.0/i586/unzip-5.52-1.4.20060mlcs4.i586.rpm 
 589667d7f856c52f748fae21a76bed57  corporate/4.0/SRPMS/unzip-5.52-1.4.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 2d28c159cb0e827c84de9f79acfbfde6  corporate/4.0/x86_64/unzip-5.52-1.4.20060mlcs4.x86_64.rpm 
 589667d7f856c52f748fae21a76bed57  corporate/4.0/SRPMS/unzip-5.52-1.4.20060mlcs4.src.rpm

 Multi Network Firewall 2.0:
 57b08ef4bc95454c51a06606c5b3ec2e  mnf/2.0/i586/unzip-5.50-9.4.M20mdk.i586.rpm 
 a08d9ddf441401aa1967cd81b781e6cd  mnf/2.0/SRPMS/unzip-5.50-9.4.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iD8DBQFH4EAlmqjQ0CJFipgRAjsfAJ0cIy+MQW/ARQmvODg70kOv2neK/gCdEFRj
M7cz0koPMBEkaShat50CIqc=
=BTId
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    


漏洞信息 (F64649)

Debian Linux Security Advisory 1522-1 (PacketStormID:F64649)

2008-03-17 00:00:00
Debian  debian.org

advisory,arbitrary,code execution

linux,debian

CVE-2008-0888

[点击下载]

Debian Security Advisory 1522-1 – Tavis Ormandy discovered that unzip, when processing specially crafted ZIP archives, could pass invalid pointers to the C library's free routine, potentially leading to arbitrary code execution.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ----------------------------------------------------------------------
Debian Security Advisory DSA-1522-1                [email protected]
http://www.debian.org/security/                         Florian Weimer
March 17, 2008                     http://www.debian.org/security/faq
- ----------------------------------------------------------------------

Package        : unzip
Vulnerability  : programming error
Problem type   : local
Debian-specific: no
CVE Id(s)      : CVE-2008-0888

Tavis Ormandy discovered that unzip, when processing specially crafted
ZIP archives, could pass invalid pointers to the C library's free
routine, potentially leading to arbitrary code execution
(CVE-2008-0888).

For the stable distribution (etch), this problem has been fixed in
version 5.52-9etch1.

For the old stable distribution (sarge), this problem has been fixed
in version 5.52-1sarge5.

The unstable distribution (sid) will be fixed soon.

We recommend that you upgrade your unzip package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52.orig.tar.gz
    Size/MD5 checksum:  1140291 9d23919999d6eac9217d1f41472034a9
  http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge5.diff.gz
    Size/MD5 checksum:     6624 f4c389ef9a5f917416c68e8c0add754c
  http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge5.dsc
    Size/MD5 checksum:      820 d0458a4fb2dbf3f040a78ba05d760884

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge5_alpha.deb
    Size/MD5 checksum:   175112 ccbb3a82f15dd1b8d7c1c7d038aa97bb

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge5_amd64.deb
    Size/MD5 checksum:   155144 cec288676d7ac195c013ffbd5b96db3c

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge5_arm.deb
    Size/MD5 checksum:   155706 eac17a818a4debec6782606199988963

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge5_hppa.deb
    Size/MD5 checksum:   163094 64cb7f948ac502dd7700f193277f54c4

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge5_i386.deb
    Size/MD5 checksum:   145370 25acd84205d972fa65875593299403eb

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge5_ia64.deb
    Size/MD5 checksum:   206728 761bbebd459da89bd49abd4dea12786f

m68k architecture (Motorola Mc680x0)

  http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge5_m68k.deb
    Size/MD5 checksum:   134162 fbd7716086863fe16105d1f5f2119e69

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge5_mips.deb
    Size/MD5 checksum:   163330 a9ba43871f5e4d3ce3ff1e467414763c

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge5_mipsel.deb
    Size/MD5 checksum:   164240 63ec0268379ebd88e7994861e1403056

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge5_powerpc.deb
    Size/MD5 checksum:   157564 e22e222f4ca08bbfcdbe639e9f63aff3

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge5_s390.deb
    Size/MD5 checksum:   156696 06f222f0b745fa4288cb1091769a55e7

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge5_sparc.deb
    Size/MD5 checksum:   155286 12031b8c655980f08d115450c865166f

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-9etch1.diff.gz
    Size/MD5 checksum:    11786 4d13383683bf9cc67c7746075684f4e6
  http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52.orig.tar.gz
    Size/MD5 checksum:  1140291 9d23919999d6eac9217d1f41472034a9
  http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-9etch1.dsc
    Size/MD5 checksum:      819 2b208e750aadf9e33373334c7d98dd18

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-9etch1_alpha.deb
    Size/MD5 checksum:   185310 4852a24bd4e91ab179b4fe981b12e6d2

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-9etch1_amd64.deb
    Size/MD5 checksum:   161564 35a4168402a9d6baa4e7e6f081cfdb25

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-9etch1_arm.deb
    Size/MD5 checksum:   163704 476e8f4d40eded9200b65ee790912864

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-9etch1_hppa.deb
    Size/MD5 checksum:   170130 0f8579b4b22caba32407120a87659ed1

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-9etch1_i386.deb
    Size/MD5 checksum:   152010 07c17cb71fd58fec087e4085ddf663fe

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-9etch1_ia64.deb
    Size/MD5 checksum:   224620 cdf576f5ee72d9e6dc4d6cbab88596e1

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-9etch1_mips.deb
    Size/MD5 checksum:   170648 06d0beaad2654a277582a866caa4f5c8

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-9etch1_mipsel.deb
    Size/MD5 checksum:   170216 137b212825edc0e9c427ea996f8f6451

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-9etch1_powerpc.deb
    Size/MD5 checksum:   163698 2ba0eb1b35a090e061fd4392fe2ea4e0

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-9etch1_s390.deb
    Size/MD5 checksum:   162602 718c9302a309ca9015669155abd548d6

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-9etch1_sparc.deb
    Size/MD5 checksum:   162024 51be9db04eec6dc2e6214b417ff1a94f


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show ' and http://packages.debian.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBR97PUb97/wQC1SS+AQKMUggAgQEXrlY6tVdDJTDeYmzcREaf+1MHkLEt
nWafeztMP4MG3BynNqpc67n4AJmFwOlQ9rwQD4WMxjcEovEyQtu+R35c+zPOEVQa
rnug7nPusanzyAeiqRErNMQmgRtH9Ms/MnAzLjRpU0JKWNN7H6U3lMQyLABkpRrF
u8sJ+75k2zNcGH7J+nOqAnkZogKoZsTY6Nj1rWfomKcQ3dSPwDO9GbzrGVqZavt2
s06g8A1wMUluAjhbfC9idSMP5Y97jN4zfJW4gF2diUaxLqrjx5SuG4KvgFJw7AZY
nIbnBEjiijNd30OQ7DvTGPLzYexJhbbw6gigbxtogeARAsU2zA+/nw==
=XNZG
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    


漏洞信息


43332
UnZip inflate.c inflate_dynamic() Function NEEDBITS Macro Unspecified Code Execution

Context Dependent

Input Manipulation
Loss of Integrity Third-Party Solution
Exploit Unknown Third-party Verified


漏洞描述

UnZip contains an unspecified flaw in the NEEDBITS macro in the 'inflate_dynamic()' function in inflate.c, which may allow a context-dependent attacker to execute arbitrary code. No further details have been provided.


时间线


2008-03-04

Unknow
Unknow Unknow


解决方案

Multiple vendors have released a patch to address this vulnerability. There are no known workarounds or upgrades to correct this issue. Check the vendor advisory, changelog, or solution in the references section for details.


相关参考


漏洞作者

本文标题:CVE-2008-0888-漏洞详情
本文链接:
(转载请附上本文链接)
http://vulsee.com/archives/vulsee_2021/0108_3356.html
转载请附本站链接,未经允许不得转载,,谢谢:微慑信息网-VulSee.com » CVE-2008-0888-漏洞详情
分享到: 更多 (0)

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址

微慑信息网 专注工匠精神

访问我们联系我们