| CVE-2008-0888 |
|
发布时间 :2008-03-17 17:44:00 | ||
| 修订时间 :2011-06-20 00:00:00 | ||||
| NMCOP |
[原文]The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.
[CNNVD]Info-ZIP UnZip inflate_dynamic()函数内存堆栈破坏漏洞(CNNVD-200803-233)
unzip是在Unix下对.zip文件格式进行解压的工具。
unzip的实现上存在漏洞,攻击者可能利用此漏洞通过诱使用户处理恶意文档提升权限。
unzip的inflate.c文件978行的inflate_dynamic()例程在出现错误时使用NEEDBITS()宏将执行流跳转到cleanup例程,而该例程试图free()两个在解压过程中所分配的缓冲区。某些位置在指针没有指向有效缓冲区的情况下便使用了NEEDBITS()宏,包括缓冲区未初始化或指向已经释放的块中。这两种情况都允许攻击者控制指针或指针所指向的缓冲区,导致执行任意指令。
–
CVSS (基础分值)
| CVSS分值: | 9.3 | [严重(HIGH)] |
| 机密性影响: | COMPLETE | [完全的信息泄露导致所有系统文件暴露] |
| 完整性影响: | COMPLETE | [系统完整性可被完全破坏] |
| 可用性影响: | COMPLETE | [可能导致系统完全宕机] |
| 攻击复杂度: | MEDIUM | [漏洞利用存在一定的访问条件] |
| 攻击向量: | NETWORK | [攻击者不需要获取内网访问权或本地访问权] |
| 身份认证: | NONE | [漏洞利用无需身份认证] |
–
CWE (弱点类目)
| CWE-119 | [内存缓冲区边界内操作的限制不恰当] |
–
CPE (受影响的平台与产品)
| 产品及版本信息(CPE)暂不可用 |
–
OVAL (用于检测的技术细节)
| oval:org.mitre.oval:def:9733 | The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attacker… |
| oval:org.mitre.oval:def:8229 | DSA-1522 unzip — programming error |
| *OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。 | |
–
官方数据库链接
–
其它链接及资源
|
http://secunia.com/advisories/30535 (VENDOR_ADVISORY) SECUNIA 30535 |
|
https://issues.rpath.com/browse/RPL-2317 (UNKNOWN) CONFIRM https://issues.rpath.com/browse/RPL-2317 |
|
http://xforce.iss.net/xforce/xfdb/41246 (UNKNOWN) XF unzip-inflatedynamic-code-execution(41246) |
|
http://www.vupen.com/english/advisories/2008/1744 (VENDOR_ADVISORY) VUPEN ADV-2008-1744 |
|
http://www.vupen.com/english/advisories/2008/0913/references (VENDOR_ADVISORY) VUPEN ADV-2008-0913 |
|
http://www.vmware.com/security/advisories/VMSA-2008-0009.html (UNKNOWN) CONFIRM http://www.vmware.com/security/advisories/VMSA-2008-0009.html |
|
http://www.ubuntu.com/usn/usn-589-1 (UNKNOWN) UBUNTU USN-589-1 |
|
http://www.securitytracker.com/id?1019634 (UNKNOWN) SECTRACK 1019634 |
|
http://www.securityfocus.com/bid/28288 (UNKNOWN) BID 28288 |
|
http://www.securityfocus.com/archive/1/archive/1/493080/100/0/threaded (UNKNOWN) BUGTRAQ 20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues |
|
http://www.securityfocus.com/archive/1/archive/1/489967/100/0/threaded (UNKNOWN) BUGTRAQ 20080321 rPSA-2008-0116-1 unzip |
|
http://www.redhat.com/support/errata/RHSA-2008-0196.html (VENDOR_ADVISORY) REDHAT RHSA-2008:0196 |
|
http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:068 (UNKNOWN) MANDRIVA MDVSA-2008:068 |
|
http://www.ipcop.org/index.php?name=News&file=article&sid=40 (UNKNOWN) CONFIRM http://www.ipcop.org/index.php?name=News&file=article&sid=40 |
|
http://www.debian.org/security/2008/dsa-1522 (UNKNOWN) DEBIAN DSA-1522 |
|
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0116 (UNKNOWN) CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0116 |
|
http://wiki.rpath.com/Advisories:rPSA-2008-0116 (UNKNOWN) CONFIRM http://wiki.rpath.com/Advisories:rPSA-2008-0116 |
|
http://support.apple.com/kb/HT4077 (UNKNOWN) CONFIRM http://support.apple.com/kb/HT4077 |
|
http://security.gentoo.org/glsa/glsa-200804-06.xml (UNKNOWN) GENTOO GLSA-200804-06 |
|
http://secunia.com/advisories/31204 (VENDOR_ADVISORY) SECUNIA 31204 |
|
http://secunia.com/advisories/29681 (VENDOR_ADVISORY) SECUNIA 29681 |
|
http://secunia.com/advisories/29495 (VENDOR_ADVISORY) SECUNIA 29495 |
|
http://secunia.com/advisories/29440 (VENDOR_ADVISORY) SECUNIA 29440 |
|
http://secunia.com/advisories/29432 (VENDOR_ADVISORY) SECUNIA 29432 |
|
http://secunia.com/advisories/29427 (VENDOR_ADVISORY) SECUNIA 29427 |
|
http://secunia.com/advisories/29415 (VENDOR_ADVISORY) SECUNIA 29415 |
|
http://secunia.com/advisories/29406 (VENDOR_ADVISORY) SECUNIA 29406 |
|
http://secunia.com/advisories/29392 (VENDOR_ADVISORY) SECUNIA 29392 |
|
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html (UNKNOWN) SUSE SUSE-SR:2008:007 |
|
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html (UNKNOWN) APPLE APPLE-SA-2010-03-29-1 |
–
漏洞信息
| Info-ZIP UnZip inflate_dynamic()函数内存堆栈破坏漏洞 | |
| 高危 | 缓冲区溢出 |
| 2008-03-17 00:00:00 | 2008-12-23 00:00:00 |
| 远程 | |
| unzip是在Unix下对.zip文件格式进行解压的工具。 unzip的实现上存在漏洞,攻击者可能利用此漏洞通过诱使用户处理恶意文档提升权限。 unzip的inflate.c文件978行的inflate_dynamic()例程在出现错误时使用NEEDBITS()宏将执行流跳转到cleanup例程,而该例程试图free()两个在解压过程中所分配的缓冲区。某些位置在指针没有指向有效缓冲区的情况下便使用了NEEDBITS()宏,包括缓冲区未初始化或指向已经释放的块中。这两种情况都允许攻击者控制指针或指针所指向的缓冲区,导致执行任意指令。 |
|
–
公告与补丁
|
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接: https://www.redhat.com/support/errata/RHSA-2008-0196.html |
–
漏洞信息 (F67011)
| VMware Security Advisory 2008-0009 (PacketStormID:F67011) |
2008-06-05 00:00:00 |
| VMware vmware.com |
advisory |
CVE-2007-5671,CVE-2008-0967,CVE-2008-2097,CVE-2008-2100,CVE-2006-1721,CVE-2008-0553,CVE-2007-5378,CVE-2007-4772,CVE-2008-0888,CVE-2008-0062,CVE-2008-0063,CVE-2008-0948 |
[点击下载] |
|
VMware Security Advisory – Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues. |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2008-0009
Synopsis: Updates to VMware Workstation, VMware Player,
VMware ACE, VMware Fusion, VMware Server, VMware
VIX API, VMware ESX, VMware ESXi resolve critical
security issues
Issue date: 2008-06-04
Updated on: 2008-06-04 (initial release of advisory)
CVE numbers: CVE-2007-5671 CVE-2008-0967 CVE-2008-2097
CVE-2008-2100 CVE-2006-1721 CVE-2008-0553
CVE-2007-5378 CVE-2007-4772 CVE-2008-0888
CVE-2008-0062 CVE-2008-0063 CVE-2008-0948
- -------------------------------------------------------------------
1. Summary:
Several critical security vulnerabilities have been addressed
in patches in ESX and in the newest releases of VMware's hosted
product line.
2. Relevant releases:
VMware Workstation 6.0.3 and earlier,
VMware Workstation 5.5.6 and earlier,
VMware Player 2.0.3 and earlier,
VMware Player 1.0.6 and earlier,
VMware ACE 2.0.3 and earlier,
VMware ACE 1.0.5 and earlier,
VMware Server 1.0.5 and earlier,
VMware Fusion 1.1.1 and earlier
VMware ESXi 3.5 without patches ESXe350-200805501-I-SG,
ESXe350-200805502-T-SG,
ESXe350-200805503-C-SG
VMware ESX 3.5 without patches ESX350-200805515-SG, ESX350-200805508-SG,
ESX350-200805501-BG, ESX350-200805504-SG,
ESX350-200805506-SG, ESX350-200805505-SG,
ESX350-200805507-SG
VMware ESX 3.0.2 without patches ESX-1004727, ESX-1004821, ESX-1004216,
ESX-1004726, ESX-1004722, ESX-1004724,
ESX-1004719, ESX-1004219
VMware ESX 3.0.1 without patches ESX-1004186, ESX-1004728, ESX-1004725,
ESX-1004721, ESX-1004723, ESX-1004190,
ESX-1004189
VMware ESX 2.5.5 without update patch 8
VMware ESX 2.5.4 without update patch 19
NOTES: Hosted products VMware Workstation 5.x, VMware Player 1.x,
and VMware ACE 1.x will reach end of general support
2008-11-09. Customers should plan to upgrade to the latest
version of their respective products.
ESX 3.0.1 is in Extended Support and its end of extended
support (Security and Bug fixes) is 2008-07-31. Users should plan
to upgrade to at least 3.0.2 update 1 and preferably the newest
release available before the end of extended support.
ESX 2.5.4 is in Extended Support and its end of extended support
(Security and Bug fixes) is 2008-10-08. Users should plan to upgrade
to at least 2.5.5 and preferably the newest release available before
the end of extended support.
3. Problem description:
a. VMware Tools Local Privilege Escalation on Windows-based guest OS
The VMware Tools Package provides support required for shared folders
(HGFS) and other features.
An input validation error is present in the Windows-based VMware
HGFS.sys driver. Exploitation of this flaw might result in
arbitrary code execution on the guest system by an unprivileged
guest user. It doesn't matter on what host the Windows guest OS
is running, as this is a guest driver vulnerability and not a
vulnerability on the host.
The HGFS.sys driver is present in the guest operating system if the
VMware Tools package is loaded. Even if the host has HGFS disabled
and has no shared folders, Windows-based guests may be affected. This
is regardless if a host supports HGFS.
This issue could be mitigated by removing the VMware Tools package
from Windows based guests. However this is not recommended as it
would impact usability of the product.
NOTE: Installing the new hosted release or ESX patches will not
remediate the issue. The VMware Tools packages will need
to be updated on each Windows-based guest followed by a
reboot of the guest system.
VMware would like to thank iDefense and Stephen Fewer of Harmony
Security for reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2007-5671 to this issue.
VMware Product Running Replace with/
Product Version on Apply Patch
============ ======== ======= =================
Workstation 6.x Windows not affected
Workstation 6.x Linux not affected
Workstation 5.x Windows 5.5.6 build 80404 or later
Workstation 5.x Linux 5.5.6 build 80404 or later
Player 2.x Windows not affected
Player 2.x Linux not affected
Player 1.x Windows 1.0.6 build 80404 or later
Player 1.x Linux 1.0.6 build 80404 or later
ACE 2.x Windows not affected
ACE 1.x Windows 1.0.5 build 79846 or later
Server 1.x Windows 1.0.5 build 80187 or later
Server 1.x Linux 1.0.5 build 80187 or later
Fusion 1.x Mac OS/X not affected
ESXi 3.5 ESXi not affected
ESX 3.5 ESX not affected
ESX 3.0.2 ESX ESX-1004727
ESX 3.0.1 ESX ESX-1004186
ESX 2.5.5 ESX ESX 2.5.5 upgrade patch 5 or later
ESX 2.5.4 ESX ESX 2.5.4 upgrade patch 16 or later
b. Privilege escalation on ESX or Linux based hosted operating systems
This update fixes a security issue related to local exploitation of
an untrusted library path vulnerability in vmware-authd. In order to
exploit this vulnerability, an attacker must have local access and
the ability to execute the set-uid vmware-authd binary on an affected
system. Exploitation of this flaw might result in arbitrary code
execution on the Linux host system by an unprivileged user.
VMware would like to thank iDefense for reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-0967 to this issue.
VMware Product Running Replace with/
Product Version on Apply Patch
============ ======== ======= =================
Workstation 6.x Windows not affected
Workstation 6.x Linux 6.0.4 build 93057
Workstation 5.x Windows not affected
Workstation 5.x Linux 5.5.7 build 91707
Player 2.x Windows not affected
Player 2.x Linux 2.0.4 build 93057
Player 1.x Windows not affected
Player 1.x Linux 1.0.7 build 91707
ACE 2.x Windows not affected
ACE 1.x Windows not affected
Server 1.x Windows not affected
Server 1.x Linux 1.0.6 build 91891
Fusion 1.x Mac OS/X not affected
ESXi 3.5 ESXi ESXe350-200805501-I-SG
ESX 3.5 ESX ESX350-200805515-SG
ESX 3.0.2 ESX ESX-1004821
ESX 3.0.1 ESX ESX-1004728
ESX 2.5.5 ESX ESX 2.5.5 update patch 8
ESX 2.5.4 ESX ESX 2.5.4 update patch 19
c. Openwsman Invalid Content-Length Vulnerability
Openwsman is a system management platform that implements the Web
Services Management protocol (WS-Management). It is installed and
running by default. It is used in the VMware Management Service
Console and in ESXi.
The openwsman management service on ESX 3.5 and ESXi 3.5 is vulnerable
to a privilege escalation vulnerability, which may allow users with
non-privileged ESX or Virtual Center accounts to gain root privileges.
To exploit this vulnerability, an attacker would need a local ESX
account or a VirtualCenter account with the Host.Cim.CimInteraction
permission.
Systems with no local ESX accounts and no VirtualCenter accounts with
the Host.Cim.CimInteraction permission are not vulnerable.
This vulnerability cannot be exploited by users without valid login
credentials.
Discovery: Alexander Sotirov, VMware Security Research
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-2097 to this issue.
VMware Product Running Replace with/
Product Version on Apply Patch
============ ======== ======= =================
hosted any any not affected
ESXi 3.5 ESXi ESXe350-200805501-I-SG
ESX 3.5 ESX ESX350-200805508-SG
ESX 3.0.2 ESX not affected
ESX 3.0.1 ESX not affected
ESX 2.5.5 ESX not affected
ESX 2.5.4 ESX not affected
NOTE: VMware hosted products are not affected by this issue.
d. VMware VIX Application Programming Interface (API) Memory Overflow
Vulnerabilities
The VIX API (also known as "Vix") is an API that lets users write scripts
and programs to manipulate virtual machines.
Multiple buffer overflow vulnerabilities are present in the VIX API.
Exploitation of these vulnerabilities might result in code execution on
the host system or on the service console in ESX Server from the guest
operating system.
The VIX API can be enabled and disabled using the "vix.inGuest.enable"
setting in the VMware configuration file. This default value for this
setting is "disabled". This configuration setting is present in the
following products:
VMware Workstation 6.0.2 and higher
VMware ACE 6.0.2 and higher
VMware Server 1.06 and higher
VMware Fusion 1.1.2 and higher
ESX Server 3.0 and higher
ESX Server 3.5 and higher
In previous versions of VMware products where the VIX API was introduced,
the VIX API couldn't be disabled.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-2100 to this issue.
VMware Product Running Replace with/
Product Version on Apply Patch
============ ======== ======= =================
VIX API 1.1.x Windows VMware-vix-1.1.4-93057.exe
VIX API 1.1.x Linux VMware-vix-1.1.4-93057.i386.tar.gz
VIX API 1.1.x Linux64 VMware-vix-1.1.4-93057.x86_64.tar.gz
Workstation 6.x Windows 6.0.4 build 93057
Workstation 6.x Linux 6.0.4 build 93057
Workstation 5.x Windows 5.5.7 build 91707
Workstation 5.x Linux 5.5.7 build 91707
Player 2.x Windows 2.0.4 build 93057
Player 2.x Linux 2.0.4 build 93057
Player 1.x Windows 1.0.6 build 91707
Player 1.x Linux 1.0.6 build 91707
ACE 2.x Windows 2.0.4 build 93057
ACE 1.x Windows not affected
Server 1.x Windows 1.0.6 build 91891
Server 1.x Linux 1.0.6 build 91891
Fusion 1.x Mac OS/X 1.1.2 build 87978 or later
ESXi 3.5 ESXi ESXe350-200805501-I-SG,
ESXe350-200805502-T-SG
ESX 3.5 ESX ESX350-200805501-BG
ESX 3.0.2 ESX ESX-1004216, ESX-1004726, ESX-1004727
ESX 3.0.1 ESX ESX-1004186, ESX-1004725
ESX 2.5.5 ESX not affected
ESX 2.5.4 ESX not affected
II Service Console rpm updates
NOTE: ESXi and hosted products are not affected by any service console
security updates
a. Security update for cyrus-sasl
Updated cyrus-sasl package for the ESX Service Console corrects a security
issue found in the DIGEST-MD5 authentication mechanism of Cyrus'
implementation of Simple Authentication and Security Layer (SASL). As a
result of this issue in the authentication mechanism, a remote
unauthenticated attacker might be able to cause a denial of service error
on the service console.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2006-1721 to this issue.
RPMs Updated:
cyrus-sasl-2.1.15-15.i386.rpm
cyrus-sasl-md5-2.1.15-1.i386.rpm
VMware Product Running Replace with/
Product Version on Apply Patch
============ ======== ======= =================
hosted any any not affected
ESXi 3.5 ESXi not affected
ESX 3.5 ESX ESX350-200805504-SG
ESX 3.0.2 ESX ESX-1004722
ESX 3.0.1 ESX ESX-1004721
ESX 2.5.5 ESX not affected
ESX 2.5.4 ESX not affected
b. Security update for tcltk
An input validation flaw was discovered in Tk's GIF image handling. A
code-size value read from a GIF image was not properly validated before
being used, leading to a buffer overflow. A specially crafted GIF file
could use this to cause a crash or, potentially, execute code with the
privileges of the application using the Tk graphical toolkit.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2008-0553 to this issue.
A buffer overflow flaw was discovered in Tk's animated GIF image handling.
An animated GIF containing an initial image smaller than subsequent images
could cause a crash or, potentially, execute code with the privileges of
the application using the Tk library.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2007-5378 to this issue.
A flaw first discovered in the Tcl regular expression engine used in the
PostgreSQL database server, resulted in an infinite loop when processing
certain regular expressions.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2007-4772 to this issue.
RPM Updated:
tcl-8.3.5-92.8.i386.rpm
VMware Product Running Replace with/
Product Version on Apply Patch
============ ======== ======= =================
hosted any any not affected
ESXi 3.5 ESXi not affected
ESX 3.5 ESX ESX350-200805506-SG
ESX 3.0.2 ESX ESX-1004724
ESX 3.0.1 ESX ESX-1004723
ESX 2.5.5 ESX ESX 2.5.5 Upgrade Patch 8
ESX 2.5.4 ESX ESX 2.5.4 Upgrade Patch 19
c. Security update for unzip
This patch includes a moderate security update to the service console that
fixes a flaw in unzip. An attacker could execute malicious code with a
user's privileges if the user ran unzip on a file designed to leverage
this flaw.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2008-0888 to this issue.
RPM Updated:
Unzip-5.50-36.EL3.i386.rpm
VMware Product Running Replace with/
Product Version on Apply Patch
============ ======== ======= =================
hosted any any not affected
ESXi 3.5 ESXi not affected
ESX 3.5 ESX ESX350-200805505-SG
ESX 3.0.2 ESX ESX-1004719
ESX 3.0.1 ESX ESX-1004190
ESX 2.5.5 ESX ESX 2.5.5 Upgrade Patch 8
ESX 2.5.4 ESX ESX 2.5.4 Upgrade Patch 19
d. Security update for krb5
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable
for some krb4 message types, which allows remote attackers to
cause a denial of service (crash) and possibly execute arbitrary
code via crafted messages that trigger a NULL pointer dereference
or double-free.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-0062 to this issue.
NOTE: ESX doesn't contain the krb5kdc binary and is not vulnerable
to this issue.
The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not
properly clear the unused portion of a buffer when generating an
error message, which might allow remote attackers to obtain
sensitive information, aka "Uninitialized stack values."
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-0063 to this issue.
NOTE: ESX doesn't contain the krb5kdc binary and is not vulnerable
to this issue.
Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used
by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably
other versions before 1.3, when running on systems whose unistd.h
does not define the FD_SETSIZE macro, allows remote attackers to cause
a denial of service (crash) and possibly execute arbitrary code by
triggering a large number of open file descriptors.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-0948 to this issue.
RPM Updated:
krb5-libs-1.2.7-68.i386.rpm
VMware Product Running Replace with/
Product Version on Apply Patch
============ ======== ======= =================
hosted any any not affected
ESXi 3.5 ESXi not affected
ESX 3.5 ESX ESX350-200805507-SG
ESX 3.0.2 ESX ESX-1004219
ESX 3.0.1 ESX ESX-1004189
ESX 2.5.5 ESX ESX 2.5.5 Upgrade Patch 8
ESX 2.5.4 ESX ESX 2.5.4 Upgrade Patch 19
4. Solution:
Please review the release notes for your product and version and verify the
md5sum of your downloaded file.
VMware Workstation 6.0.4
------------------------
http://www.vmware.com/download/ws/
Release notes:
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
Windows binary
md5sum: f50a05831e94c19d98f363c752fca5f9
RPM Installation file for 32-bit Linux
md5sum: e7793b14b995d3b505f093c84e849421
tar Installation file for 32-bit Linux
md5sum: a0a8e1d8188f4be03357872a57a767ab
RPM Installation file for 64-bit Linux
md5sum: 960d753038a268b8f101f4b853c0257e
tar Installation file for 64-bit Linux
md5sum: 4697ec8a9d6c1152d785f3b77db9d539
VMware Workstation 5.5.7
------------------------
http://www.vmware.com/download/ws/ws5.html
Release notes:
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
Windows binary:
md5sum: 4c6a6653b7296240197aac048591c659
Compressed Tar archive for 32-bit Linux
md5sum: 8fc15d72031489cf5cd5d47b966787e6
Linux RPM version for 32-bit Linux
md5sum: f0872fe447ac654a583af16b2f4bba3f
VMware Player 2.0.4 and 1.0.7
-----------------------------
http://www.vmware.com/download/player/
Release notes Player 1.x:
http://www.vmware.com/support/player/doc/releasenotes_player.html
Release notes Player 2.0
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
2.0.4 Windows binary
md5sum: a117664a8bfa7336b846117e5fc048dd
VMware Player 2.0.4 for Linux (.rpm)
md5sum: de6ab6364a0966b68eadda2003561cd2
VMware Player 2.0.4 for Linux (.tar)
md5sum: 9e1c2bfda6b22a3fc195a86aec11903a
VMware Player 2.0.4 - 64-bit (.rpm)
md5sum: 997e5ceffe72f9ce9146071144dacafa
VMware Player 2.0.4 - 64-bit (.tar)
md5sum: 18eb4ee49dd7e33ec155ef69d7d259ef
1.0.7 Windows binary
md5sum: 51114b3b433dc1b3bf3e434aebbf2b9c
Player 1.0.7 for Linux (.rpm)
md5sum: 3b5f97a37df3b984297fa595a5cdba9c
Player 1.0.7 for Linux (.tar)
md5sum: b755739144944071492a16fa20f86a51
VMware ACE
----------
http://www.vmware.com/download/ace/
Release notes 2.0:
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
VMware-workstation-6.0.4-93057.exe
md5sum: f50a05831e94c19d98f363c752fca5f9
VMware-ACE-Management-Server-Appliance-2.0.4-93057.zip
md5sum: d2ae2246f3d87268cf84c1421d94e86c
VMware-ACE-Management-Server-2.0.4-93057.exe
md5sum: 41b31b3392d5da2cef77a7bb28654dbf
VMware-ACE-Management-Server-2.0.4-93057.i386-rhel4.rpm
md5sum: 9920be4c33773df53a1728b41af4b109
VMware-ACE-Management-Server-2.0.4-93057.i386-sles9.rpm
md5sum: 4ec4c37203db863e8844460b5e80920b
Release notes 1.x:
http://www.vmware.com/support/ace/doc/releasenotes_ace.html
VMware-ACE-1.0.6-89199.exe
md5sum: 110f6e24842a0d154d9ec55ef9225f4f
VMware Server 1.0.6
-------------------
http://www.vmware.com/download/server/
Release notes:
http://www.vmware.com/support/server/doc/releasenotes_server.html
VMware Server for Windows 32-bit and 64-bit
md5sum: 3e00d5cfae123d875e4298bddabf12f5
VMware Server Windows client package
md5sum: 64f3fc1b4520626ae465237d7ec4773e
VMware Server for Linux
md5sum: 46ea876bfb018edb6602a921f6597245
VMware Server for Linux rpm
md5sum: 9d2f0af908aba443ef80bec8f7ef3485
Management Interface
md5sum: 1b3daabbbb49a036fe49f53f812ef64b
VMware Server Linux client package
md5sum: 185e5b174659f366fcb38b1c4ad8d3c6
VMware Fusion 1.1.3
--------------
http://www.vmware.com/download/fusion/
Release notes:
http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html
md5sum: D15A3DFD3E7B11FC37AC684586086D
VMware VIX 1.1.4
----------------
http://www.vmware.com/support/developer/vix-api/
Release notes:
http://www.vmware.com/support/pubs/vix-api/VIXAPI-1.1.4-Release-Notes.html
VMware-vix-1.1.4-93057.exe
md5sum: 2efb74618c7ead627ecb3b3033e3f9f6
VMware-vix-1.1.4-93057.i386.tar.gz
md5sum: 988df2b2bbc975a6fc11f27ad1519832
VMware-vix-1.1.4-93057.x86_64.tar.gz
md5sum: a64f951c6fb5b2795a29a5a7607059c0
ESXi
----
VMware ESXi 3.5 patch ESXe350-200805501-O-SG (authd, openwsman, VIX)
http://download3.vmware.com/software/esx/ESXe350-200805501-O-SG.zip
md5sum: 4ce06985d520e94243db1e0504a56d8c
http://kb.vmware.com/kb/1005073
http://kb.vmware.com/kb/1004173
http://kb.vmware.com/kb/1004172
NOTE: ESXe350-200805501-O-SG contains the following patch bundles:
ESXe350-200805501-I-SG, ESXe350-200805502-T-SG,
ESXe350-200805503-C-SG
ESX
---
VMware ESX 3.5 patch ESX350-200805515-SG (authd)
http://download3.vmware.com/software/esx/ESX350-200805515-SG.zip
md5sum: 324b50ade230bcd5079a76e3636163c5
http://kb.vmware.com/kb/1004170
VMware ESX 3.5 patch ESX350-200805508-SG (openwsman)
http://download3.vmware.com/software/esx/ESX350-200805508-SG.zip
md5sum: 3ff8c06d4a9dd406f64f89c51bf26d12
http://kb.vmware.com/kb/1004644
VMware ESX 3.5 patch ESX350-200805501-BG (VIX)
http://download3.vmware.com/software/esx/ESX350-200805501-BG.zip
md5sum: 31a620aa249c593c30015b5b6f8c8650
http://kb.vmware.com/kb/1004637
VMware ESX 3.5 patch ESX350-200805504-SG (cyrus-sasl)
http://download3.vmware.com/software/esx/ESX350-200805504-SG.zip
md5sum: 4c1b1a8dcb09a636b55c64c290f7de51
http://kb.vmware.com/kb/1004640
VMware ESX 3.5 patch ESX350-200805506-SG (tcltk)
http://download3.vmware.com/software/esx/ESX350-200805506-SG.zip
md5sum: af279eef8fdeddb7808630da1ae717b1
http://kb.vmware.com/kb/1004642
VMware ESX 3.5 patch ESX350-200805505-SG (unzip)
http://download3.vmware.com/software/esx/ESX350-200805505-SG.zip
md5sum: 07af82d9fd97cccb89d9b90c6ecc41c6
http://kb.vmware.com/kb/1004641
VMware ESX 3.5 patch ESX350-200805507-SG (krb5)
http://download3.vmware.com/software/esx/ESX350-200805507-SG.zip
md5sum: 5d35a1c470daf13c9f4df5bdc9438748
http://kb.vmware.com/kb/1004643
VMware ESX 3.0.2 patch ESX-1004727 (HGFS,VIX)
http://download3.vmware.com/software/vi/ESX-1004727.tgz
md5sum: 31a67b0fa3449747887945f8d370f19e
http://kb.vmware.com/kb/1004727
VMware ESX 3.0.2 patch ESX-1004821 (authd)
http://download3.vmware.com/software/vi/ESX-1004821.tgz
md5sum: 5c147bedd07245c903d44257522aeba1
http://kb.vmware.com/kb/1004821
VMware ESX 3.0.2 patch ESX-1004216 (VIX)
http://download3.vmware.com/software/vi/ESX-1004216.tgz
md5sum: 0784ef70420d28a9a5d6113769f6669a
http://kb.vmware.com/kb/1004216
VMware ESX 3.0.2 patch ESX-1004726 (VIX)
http://download3.vmware.com/software/vi/ESX-1004726.tgz
md5sum: 44f03b274867b534cd274ccdf4630b86
http://kb.vmware.com/kb/1004726
VMware ESX 3.0.2 patch ESX-1004722 (cyrus-sasl)
http://download3.vmware.com/software/vi/ESX-1004722.tgz
md5sum: 99dc71aed5bab7711f573b6d322123d6
http://kb.vmware.com/kb/1004722
VMware ESX 3.0.2 patch ESX-1004724 (tcltk)
http://download3.vmware.com/software/vi/ESX-1004724.tgz
md5sum: fd9a160ca7baa5fc443f2adc8120ecf7
http://kb.vmware.com/kb/1004724
VMware ESX 3.0.2 patch ESX-1004719 (unzip)
http://download3.vmware.com/software/vi/ESX-1004719.tgz
md5sum: f0c37b9f6be3399536d60f6c6944de82
http://kb.vmware.com/kb/1004719
VMware ESX 3.0.2 patch ESX-1004219 (krb5)
http://download3.vmware.com/software/vi/ESX-1004219.tgz
md5sum: 7c68279762f407a7a5ee151a650ebfd4
http://kb.vmware.com/kb/1004219
VMware ESX 3.0.1 patch ESX-1004186 (HGFS,VIX)
http://download3.vmware.com/software/vi/ESX-1004186.tgz
md5sum: f64389a8b97718eccefadce1a14d1198
http://kb.vmware.com/kb/1004186
VMware ESX 3.0.1 patch ESX-1004728 (authd)
http://download3.vmware.com/software/vi/ESX-1004728.tgz
md5sum: 1f01bb819805b855ffa2ec1040eff5ca
http://kb.vmware.com/kb/1004728
VMware ESX 3.0.1 patch ESX-1004725 (VIX)
http://download3.vmware.com/software/vi/ESX-1004725.tgz
md5sum: 9fafb04c6d3f6959e623832f539d2dc8
http://kb.vmware.com/kb/1004725
VMware ESX 3.0.1 patch ESX-1004721 (cyrus-sasl)
http://download3.vmware.com/software/vi/ESX-1004721.tgz
md5sum: 48190819b0f5afddefcb8d209d12b585
http://kb.vmware.com/kb/1004721
VMware ESX 3.0.1 patch ESX-1004723 (tcltk)
http://download3.vmware.com/software/vi/ESX-1004723.tgz
md5sum: c34ca0a5886e0c0917a93a97c331fd7d
http://kb.vmware.com/kb/1004723
VMware ESX 3.0.1 patch ESX-1004190 (unzip)
http://download3.vmware.com/software/vi/ESX-1004190.tgz
md5sum: 05187b9f534048c79c62741367cc0dd2
http://kb.vmware.com/kb/1004190
VMware ESX 3.0.1 patch ESX-1004189 (krb5)
http://download3.vmware.com/software/vi/ESX-1004189.tgz
md5sum: 21b620530b99009f469c872e73a439e8
http://kb.vmware.com/kb/1004189
VMware ESX 2.5.5 Upgrade Patch 8
http://download3.vmware.com/software/esx/esx-2.5.5-90521-upgrade.tar.gz
md5sum: 392b6947fc3600ca0e8e7788cd5bbb6e
http://vmware.com/support/esx25/doc/esx-255-200805-patch.html
VMware ESX 2.5.4 Upgrade Patch 19
http://download3.vmware.com/software/esx/esx-2.5.4-90520-upgrade.tar.gz
md5sum: 442788fd0bccb0d994c75b268bd12760
http://vmware.com/support/esx25/doc/esx-254-200805-patch.html
5. References:
CVE numbers
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5671
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0967
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2097
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1721
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0553
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5378
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0948
6. Change log:
2008-06-04 VMSA-2008-0009 Initial release
- -------------------------------------------------------------------
7. Contact:
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
* [email protected]
* [email protected]
* [email protected]
E-mail: [email protected]
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center
http://www.vmware.com/security
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
General support life cycle policy
http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html
Copyright 2008 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFIRs08S2KysvBH1xkRCMxFAJ0WJX76quFzCV+avwupq3Lu72UKigCfRftj
CZvxoXw/sZxDCSDjVzYAhrA=
=s04s
-----END PGP SIGNATURE-----
–
漏洞信息 (F65284)
| Gentoo Linux Security Advisory 200804-6 (PacketStormID:F65284) |
2008-04-08 00:00:00 |
| Gentoo security.gentoo.org |
advisory |
linux,gentoo |
CVE-2008-0888 |
[点击下载] |
|
Gentoo Linux Security Advisory GLSA 200804-06 – Tavis Ormandy of the Google Security Team discovered that the NEEDBITS macro in the inflate_dynamic() function in the file inflate.c can be invoked using invalid buffers, which can lead to a double free. Versions less than 5.52-r2 are affected. |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200804-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: UnZip: User-assisted execution of arbitrary code
Date: April 06, 2008
Bugs: #213761
ID: 200804-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
A double free vulnerability discovered in UnZip might lead to the
execution of arbitrary code.
Background
==========
Info-ZIP's UnZip is a tool to list and extract files inside PKZIP
compressed files.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-arch/unzip < 5.52-r2 >= 5.52-r2
Description
===========
Tavis Ormandy of the Google Security Team discovered that the NEEDBITS
macro in the inflate_dynamic() function in the file inflate.c can be
invoked using invalid buffers, which can lead to a double free.
Impact
======
Remote attackers could entice a user or automated system to open a
specially crafted ZIP file that might lead to the execution of
arbitrary code or a Denial of Service.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All UnZip users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-arch/unzip-5.52-r2"
References
==========
[ 1 ] CVE-2008-0888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0888
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200804-06.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2008 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
–
漏洞信息 (F64772)
| Ubuntu Security Notice 589-1 (PacketStormID:F64772) |
2008-03-20 00:00:00 |
| Ubuntu security.ubuntu.com |
advisory,remote,arbitrary |
linux,ubuntu |
CVE-2008-0888 |
[点击下载] |
|
Ubuntu Security Notice 589-1 – Tavis Ormandy discovered that unzip did not correctly clean up pointers. If a user or automated service was tricked into processing a specially crafted ZIP archive, a remote attacker could execute arbitrary code with user privileges. |
===========================================================
Ubuntu Security Notice USN-589-1 March 20, 2008
unzip vulnerability
CVE-2008-0888
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
unzip 5.52-6ubuntu4.1
Ubuntu 6.10:
unzip 5.52-8ubuntu1.1
Ubuntu 7.04:
unzip 5.52-9ubuntu3.1
Ubuntu 7.10:
unzip 5.52-10ubuntu1.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Tavis Ormandy discovered that unzip did not correctly clean up pointers.
If a user or automated service was tricked into processing a specially
crafted ZIP archive, a remote attacker could execute arbitrary code with
user privileges.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-6ubuntu4.1.diff.gz
Size/MD5: 12788 c944a77823f756df4f6f1352028c51ba
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-6ubuntu4.1.dsc
Size/MD5: 535 05a4c713cd2bc201d7fec5dd0f1807ce
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52.orig.tar.gz
Size/MD5: 1140291 9d23919999d6eac9217d1f41472034a9
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-6ubuntu4.1_amd64.deb
Size/MD5: 161102 b975bb72efc3b8b8a7355011090a76d3
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-6ubuntu4.1_i386.deb
Size/MD5: 147240 7470f2fa04517e0b5b601f69db54ac84
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-6ubuntu4.1_powerpc.deb
Size/MD5: 165218 a6b0dc720809d80d31e809492056eee0
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-6ubuntu4.1_sparc.deb
Size/MD5: 164078 552d2029d247f091442e174eae9c3a19
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-8ubuntu1.1.diff.gz
Size/MD5: 12565 7c86995d3353555020b5072979437d32
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-8ubuntu1.1.dsc
Size/MD5: 535 942549c5fc2654810ecece441c702ed7
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52.orig.tar.gz
Size/MD5: 1140291 9d23919999d6eac9217d1f41472034a9
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-8ubuntu1.1_amd64.deb
Size/MD5: 164316 1fba1ee7c30fbd2572c49d55938eac54
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-8ubuntu1.1_i386.deb
Size/MD5: 151466 20e48a45fad384a8310ce970c00903b2
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-8ubuntu1.1_powerpc.deb
Size/MD5: 165248 c9f333ffc8b3ea28bd5882c6f683d200
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-8ubuntu1.1_sparc.deb
Size/MD5: 163544 b9cf45c1b44e808e6f4bc28a0e462ba5
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-9ubuntu3.1.diff.gz
Size/MD5: 91922 4ab4fa170cfb1009969476118e6c5ea0
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-9ubuntu3.1.dsc
Size/MD5: 619 721b61d3b81b58e01eab7e4d75ec0616
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52.orig.tar.gz
Size/MD5: 1140291 9d23919999d6eac9217d1f41472034a9
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-9ubuntu3.1_amd64.deb
Size/MD5: 167272 1b0f7e30281083c3c1f7ee7ea1edbff4
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-9ubuntu3.1_i386.deb
Size/MD5: 154032 ab6718b23c1cff644082b0126a72a02e
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-9ubuntu3.1_powerpc.deb
Size/MD5: 169850 b3cf955d0462608841b350435a049f4d
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-9ubuntu3.1_sparc.deb
Size/MD5: 166698 4a8cfaa0a4f1eb5bd54649a8a770b9fd
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-10ubuntu1.1.diff.gz
Size/MD5: 92162 9cb570c2efaac04984b2a0742015ea05
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-10ubuntu1.1.dsc
Size/MD5: 621 8e761acc5aa550a4c12c32a1c233d992
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52.orig.tar.gz
Size/MD5: 1140291 9d23919999d6eac9217d1f41472034a9
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-10ubuntu1.1_amd64.deb
Size/MD5: 167694 cd72a56dbb1eab868f159b9b822a22c8
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-10ubuntu1.1_i386.deb
Size/MD5: 154212 be2f160d462a22bd11bf744498e69977
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-10ubuntu1.1_powerpc.deb
Size/MD5: 169998 630a0893db3e5fee553860240946cb21
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-10ubuntu1.1_sparc.deb
Size/MD5: 166968 88ffce45be1200383a5609f09be92417
–
漏洞信息 (F64699)
| Mandriva Linux Security Advisory 2008-068 (PacketStormID:F64699) |
2008-03-19 00:00:00 |
| Mandriva mandriva.com |
advisory,arbitrary |
linux,mandriva |
CVE-2008-0888 |
[点击下载] |
|
Mandriva Linux Security Advisory – Tavis Ormandy of Google Security discovered an invalid pointer flaw in unzip that could lead to the execution of arbitrary code with the privileges of the user running unzip. |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:068
http://www.mandriva.com/security/
_______________________________________________________________________
Package : unzip
Date : March 18, 2008
Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
Tavis Ormandy of Google Security discovered an invalid pointer flaw
in unzip that could lead to the execution of arbitrary code with the
privileges of the user running unzip.
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0888
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
8ab02d1ae7407c44cd1a1b9ec6c9cf61 2007.0/i586/unzip-5.52-3.1mdv2007.0.i586.rpm
57f5147c837b81e917a8d5651360e2cc 2007.0/SRPMS/unzip-5.52-3.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
b7e80efd92608ae0a78a984e34bb8eff 2007.0/x86_64/unzip-5.52-3.1mdv2007.0.x86_64.rpm
57f5147c837b81e917a8d5651360e2cc 2007.0/SRPMS/unzip-5.52-3.1mdv2007.0.src.rpm
Mandriva Linux 2007.1:
57dde2a4dc7f38ebcdff410b370f61f4 2007.1/i586/unzip-5.52-3.1mdv2007.1.i586.rpm
d8415ea1276040828fe1d413ee286563 2007.1/SRPMS/unzip-5.52-3.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
5cb9ca374ed552c88db439e6cb940e33 2007.1/x86_64/unzip-5.52-3.1mdv2007.1.x86_64.rpm
d8415ea1276040828fe1d413ee286563 2007.1/SRPMS/unzip-5.52-3.1mdv2007.1.src.rpm
Mandriva Linux 2008.0:
994efe8ccdbc3513e8095dd35065905c 2008.0/i586/unzip-5.52-3.1mdv2008.0.i586.rpm
166137b40bd05dcd93a014d9ce0bb34f 2008.0/SRPMS/unzip-5.52-3.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
38d80bbd775b4d190adc8c4b86cc77aa 2008.0/x86_64/unzip-5.52-3.1mdv2008.0.x86_64.rpm
166137b40bd05dcd93a014d9ce0bb34f 2008.0/SRPMS/unzip-5.52-3.1mdv2008.0.src.rpm
Corporate 3.0:
fc663b970f8876e8f83a8d93acf019c0 corporate/3.0/i586/unzip-5.50-9.4.C30mdk.i586.rpm
dafe241ea7b42965ad69da9d4b95719a corporate/3.0/SRPMS/unzip-5.50-9.4.C30mdk.src.rpm
Corporate 3.0/X86_64:
ac91d1e086ad8aeb7c6bd1e8a67a2beb corporate/3.0/x86_64/unzip-5.50-9.4.C30mdk.x86_64.rpm
dafe241ea7b42965ad69da9d4b95719a corporate/3.0/SRPMS/unzip-5.50-9.4.C30mdk.src.rpm
Corporate 4.0:
6389250d173ed94a1736a1881247e29e corporate/4.0/i586/unzip-5.52-1.4.20060mlcs4.i586.rpm
589667d7f856c52f748fae21a76bed57 corporate/4.0/SRPMS/unzip-5.52-1.4.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
2d28c159cb0e827c84de9f79acfbfde6 corporate/4.0/x86_64/unzip-5.52-1.4.20060mlcs4.x86_64.rpm
589667d7f856c52f748fae21a76bed57 corporate/4.0/SRPMS/unzip-5.52-1.4.20060mlcs4.src.rpm
Multi Network Firewall 2.0:
57b08ef4bc95454c51a06606c5b3ec2e mnf/2.0/i586/unzip-5.50-9.4.M20mdk.i586.rpm
a08d9ddf441401aa1967cd81b781e6cd mnf/2.0/SRPMS/unzip-5.50-9.4.M20mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
iD8DBQFH4EAlmqjQ0CJFipgRAjsfAJ0cIy+MQW/ARQmvODg70kOv2neK/gCdEFRj
M7cz0koPMBEkaShat50CIqc=
=BTId
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
–
漏洞信息 (F64649)
| Debian Linux Security Advisory 1522-1 (PacketStormID:F64649) |
2008-03-17 00:00:00 |
| Debian debian.org |
advisory,arbitrary,code execution |
linux,debian |
CVE-2008-0888 |
[点击下载] |
|
Debian Security Advisory 1522-1 – Tavis Ormandy discovered that unzip, when processing specially crafted ZIP archives, could pass invalid pointers to the C library's free routine, potentially leading to arbitrary code execution. |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------- Debian Security Advisory DSA-1522-1 [email protected] http://www.debian.org/security/ Florian Weimer March 17, 2008 http://www.debian.org/security/faq - ---------------------------------------------------------------------- Package : unzip Vulnerability : programming error Problem type : local Debian-specific: no CVE Id(s) : CVE-2008-0888 Tavis Ormandy discovered that unzip, when processing specially crafted ZIP archives, could pass invalid pointers to the C library's free routine, potentially leading to arbitrary code execution (CVE-2008-0888). For the stable distribution (etch), this problem has been fixed in version 5.52-9etch1. For the old stable distribution (sarge), this problem has been fixed in version 5.52-1sarge5. The unstable distribution (sid) will be fixed soon. We recommend that you upgrade your unzip package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52.orig.tar.gz Size/MD5 checksum: 1140291 9d23919999d6eac9217d1f41472034a9 http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge5.diff.gz Size/MD5 checksum: 6624 f4c389ef9a5f917416c68e8c0add754c http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge5.dsc Size/MD5 checksum: 820 d0458a4fb2dbf3f040a78ba05d760884 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge5_alpha.deb Size/MD5 checksum: 175112 ccbb3a82f15dd1b8d7c1c7d038aa97bb amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge5_amd64.deb Size/MD5 checksum: 155144 cec288676d7ac195c013ffbd5b96db3c arm architecture (ARM) http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge5_arm.deb Size/MD5 checksum: 155706 eac17a818a4debec6782606199988963 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge5_hppa.deb Size/MD5 checksum: 163094 64cb7f948ac502dd7700f193277f54c4 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge5_i386.deb Size/MD5 checksum: 145370 25acd84205d972fa65875593299403eb ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge5_ia64.deb Size/MD5 checksum: 206728 761bbebd459da89bd49abd4dea12786f m68k architecture (Motorola Mc680x0) http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge5_m68k.deb Size/MD5 checksum: 134162 fbd7716086863fe16105d1f5f2119e69 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge5_mips.deb Size/MD5 checksum: 163330 a9ba43871f5e4d3ce3ff1e467414763c mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge5_mipsel.deb Size/MD5 checksum: 164240 63ec0268379ebd88e7994861e1403056 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge5_powerpc.deb Size/MD5 checksum: 157564 e22e222f4ca08bbfcdbe639e9f63aff3 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge5_s390.deb Size/MD5 checksum: 156696 06f222f0b745fa4288cb1091769a55e7 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge5_sparc.deb Size/MD5 checksum: 155286 12031b8c655980f08d115450c865166f Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-9etch1.diff.gz Size/MD5 checksum: 11786 4d13383683bf9cc67c7746075684f4e6 http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52.orig.tar.gz Size/MD5 checksum: 1140291 9d23919999d6eac9217d1f41472034a9 http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-9etch1.dsc Size/MD5 checksum: 819 2b208e750aadf9e33373334c7d98dd18 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-9etch1_alpha.deb Size/MD5 checksum: 185310 4852a24bd4e91ab179b4fe981b12e6d2 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-9etch1_amd64.deb Size/MD5 checksum: 161564 35a4168402a9d6baa4e7e6f081cfdb25 arm architecture (ARM) http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-9etch1_arm.deb Size/MD5 checksum: 163704 476e8f4d40eded9200b65ee790912864 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-9etch1_hppa.deb Size/MD5 checksum: 170130 0f8579b4b22caba32407120a87659ed1 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-9etch1_i386.deb Size/MD5 checksum: 152010 07c17cb71fd58fec087e4085ddf663fe ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-9etch1_ia64.deb Size/MD5 checksum: 224620 cdf576f5ee72d9e6dc4d6cbab88596e1 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-9etch1_mips.deb Size/MD5 checksum: 170648 06d0beaad2654a277582a866caa4f5c8 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-9etch1_mipsel.deb Size/MD5 checksum: 170216 137b212825edc0e9c427ea996f8f6451 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-9etch1_powerpc.deb Size/MD5 checksum: 163698 2ba0eb1b35a090e061fd4392fe2ea4e0 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-9etch1_s390.deb Size/MD5 checksum: 162602 718c9302a309ca9015669155abd548d6 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-9etch1_sparc.deb Size/MD5 checksum: 162024 51be9db04eec6dc2e6214b417ff1a94f These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [email protected] Package info: `apt-cache show' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBR97PUb97/wQC1SS+AQKMUggAgQEXrlY6tVdDJTDeYmzcREaf+1MHkLEt nWafeztMP4MG3BynNqpc67n4AJmFwOlQ9rwQD4WMxjcEovEyQtu+R35c+zPOEVQa rnug7nPusanzyAeiqRErNMQmgRtH9Ms/MnAzLjRpU0JKWNN7H6U3lMQyLABkpRrF u8sJ+75k2zNcGH7J+nOqAnkZogKoZsTY6Nj1rWfomKcQ3dSPwDO9GbzrGVqZavt2 s06g8A1wMUluAjhbfC9idSMP5Y97jN4zfJW4gF2diUaxLqrjx5SuG4KvgFJw7AZY nIbnBEjiijNd30OQ7DvTGPLzYexJhbbw6gigbxtogeARAsU2zA+/nw== =XNZG -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
–
漏洞信息
43332 |
|
| UnZip inflate.c inflate_dynamic() Function NEEDBITS Macro Unspecified Code Execution | |
Context Dependent |
Input Manipulation |
| Loss of Integrity | Third-Party Solution |
| Exploit Unknown | Third-party Verified |
–
漏洞描述
| UnZip contains an unspecified flaw in the NEEDBITS macro in the 'inflate_dynamic()' function in inflate.c, which may allow a context-dependent attacker to execute arbitrary code. No further details have been provided. |
–
时间线
2008-03-04 |
Unknow |
| Unknow | Unknow |
–
解决方案
| Multiple vendors have released a patch to address this vulnerability. There are no known workarounds or upgrades to correct this issue. Check the vendor advisory, changelog, or solution in the references section for details. |
–
相关参考
|
![[八卦] 王婷婷—揭秘一个大三女生的性爱录像-微慑信息网-VulSee.com](http://free.86hy.com/crack/pic/1.jpg)
![[随笔]今天国际警察节-微慑信息网-VulSee.com](http://photo.sohu.com/20041017/Img222528326.jpg)
青云网
