Summary: | app-arch/zip: buffer overflow | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Thierry Carrez (RETIRED) <koon> | ||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | major | ||||||||
Priority: | High | ||||||||
Version: | unspecified | ||||||||
Hardware: | All | ||||||||
OS: | All | ||||||||
Whiteboard: | A2 [glsa] | ||||||||
Package list: | Runtime testing required: | --- | |||||||
Attachments: |
|
Description
Thierry Carrez (RETIRED)
2004-11-06 01:31:17 UTC
Created attachment 43387 [details, diff]
zip-CAN-2004-1010.patch
Patch from Josh Bressers @ RedHat
No maintainer, security should patch. Supplied patch applies cleanly... Overflow confirmed for x in $(seq 0 9); do b=$x`perl -e 'print "A" x 254'` ; mkdir -p $b ; cd $b; done cd ../../../../../../../../../../ solar@simple z $ ulimit -c unlimited; zip -r file.zip * zip: stack smashing attack in function filetime() Aborted (core dumped) Patched in zip-2.3-r4 zip-2.3-r2: ppc amd64 ppc64 arm sparc mips ia64 alpha hppa x86 zip-2.3-r4: ~amd64 ~hppa ~x86 ~mips ~ia64 ~ppc ~alpha ~sparc ~ppc64 ~arm fixed confirmed working zip -r * no longer segfaults. Created attachment 43406 [details]
file.zip
test file.zip
Arches, please test and mark stable. See ZIP file from comment #5. Stable on ppc64 stable on x86 Stable on sparc. Stable on amd64 Reopening - please do not close security bugs until the GLSA has been issued. IA64 is done. Stable on alpha. Stable on ppc. mips stable. GLSA 200411-16 |