Vulnerabilities > CVE-2009-1884 - Numeric Errors vulnerability in Bzip Compress-Raw-Bzip2
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a related issue to CVE-2009-1391.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2009-8888.NASL description Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw- Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a related issue to CVE-2009-1391. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 40690 published 2009-08-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40690 title Fedora 10 : perl-Compress-Raw-Bzip2-2.020-1.fc10 (2009-8888) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2009-8888. # include("compat.inc"); if (description) { script_id(40690); script_version ("1.12"); script_cvs_date("Date: 2019/08/02 13:32:30"); script_cve_id("CVE-2009-1884"); script_xref(name:"FEDORA", value:"2009-8888"); script_name(english:"Fedora 10 : perl-Compress-Raw-Bzip2-2.020-1.fc10 (2009-8888)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw- Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a related issue to CVE-2009-1391. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=518278" ); # https://lists.fedoraproject.org/pipermail/package-announce/2009-August/028269.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6566b3bf" ); script_set_attribute( attribute:"solution", value:"Update the affected perl-Compress-Raw-Bzip2 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:perl-Compress-Raw-Bzip2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:10"); script_set_attribute(attribute:"patch_publication_date", value:"2009/08/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/08/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^10([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 10.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC10", reference:"perl-Compress-Raw-Bzip2-2.020-1.fc10")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl-Compress-Raw-Bzip2"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2009-8868.NASL description Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw- Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a related issue to CVE-2009-1391. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 40688 published 2009-08-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40688 title Fedora 11 : perl-Compress-Raw-Bzip2-2.020-1.fc11 (2009-8868) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2009-8868. # include("compat.inc"); if (description) { script_id(40688); script_version ("1.12"); script_cvs_date("Date: 2019/08/02 13:32:30"); script_cve_id("CVE-2009-1884"); script_xref(name:"FEDORA", value:"2009-8868"); script_name(english:"Fedora 11 : perl-Compress-Raw-Bzip2-2.020-1.fc11 (2009-8868)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw- Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a related issue to CVE-2009-1391. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=518278" ); # https://lists.fedoraproject.org/pipermail/package-announce/2009-August/028252.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?d46b764d" ); script_set_attribute( attribute:"solution", value:"Update the affected perl-Compress-Raw-Bzip2 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:perl-Compress-Raw-Bzip2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:11"); script_set_attribute(attribute:"patch_publication_date", value:"2009/08/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/08/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^11([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 11.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC11", reference:"perl-Compress-Raw-Bzip2-2.020-1.fc11")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl-Compress-Raw-Bzip2"); }
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200908-07.NASL description The remote host is affected by the vulnerability described in GLSA-200908-07 (Perl Compress::Raw modules: Denial of Service) Leo Bergolth reported an off-by-one error in the inflate() function in Zlib.xs of Compress::Raw::Zlib, possibly leading to a heap-based buffer overflow (CVE-2009-1391). Paul Marquess discovered a similar vulnerability in the bzinflate() function in Bzip2.xs of Compress::Raw::Bzip2 (CVE-2009-1884). Impact : A remote attacker might entice a user or automated system (for instance running SpamAssassin or AMaViS) to process specially crafted files, possibly resulting in a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 40632 published 2009-08-20 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40632 title GLSA-200908-07 : Perl Compress::Raw modules: Denial of Service code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200908-07. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(40632); script_version("1.13"); script_cvs_date("Date: 2019/08/02 13:32:45"); script_cve_id("CVE-2009-1391", "CVE-2009-1884"); script_bugtraq_id(35307); script_xref(name:"GLSA", value:"200908-07"); script_name(english:"GLSA-200908-07 : Perl Compress::Raw modules: Denial of Service"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200908-07 (Perl Compress::Raw modules: Denial of Service) Leo Bergolth reported an off-by-one error in the inflate() function in Zlib.xs of Compress::Raw::Zlib, possibly leading to a heap-based buffer overflow (CVE-2009-1391). Paul Marquess discovered a similar vulnerability in the bzinflate() function in Bzip2.xs of Compress::Raw::Bzip2 (CVE-2009-1884). Impact : A remote attacker might entice a user or automated system (for instance running SpamAssassin or AMaViS) to process specially crafted files, possibly resulting in a Denial of Service condition. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200908-07" ); script_set_attribute( attribute:"solution", value: "All Compress::Raw::Zlib users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=perl-core/Compress-Raw-Zlib-2.020' All Compress::Raw::Bzip2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=perl-core/Compress-Raw-Bzip2-2.020'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:Compress-Raw-Bzip2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:Compress-Raw-Zlib"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2009/08/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/08/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"perl-core/Compress-Raw-Bzip2", unaffected:make_list("ge 2.020"), vulnerable:make_list("lt 2.020"))) flag++; if (qpkg_check(package:"perl-core/Compress-Raw-Zlib", unaffected:make_list("ge 2.020"), vulnerable:make_list("lt 2.020"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Perl Compress::Raw modules"); }
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-207.NASL description A vulnerability has been found and corrected in perl-Compress-Raw-Bzip : Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a related issue to CVE-2009-1391 (CVE-2009-1884). This update provides a solution to this vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 48151 published 2010-07-30 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/48151 title Mandriva Linux Security Advisory : perl-Compress-Raw-Bzip2 (MDVSA-2009:207)
Seebug
bulletinFamily | exploit |
description | CVE(CAN) ID: CVE-2009-1884 Compress::Raw::Zlib2是Perl中使用的一个模块,提供了到zlib2压缩库的低层接口。 Compress-Raw-Bzip2模块的Bzip2.xs中的bzinflate函数存在单字节堆溢出漏洞。如果用户处理了特制的bzip2压缩流,就可以触发这个溢出,导致使用该模块的应用程序崩溃或挂起。 CPAN Compress::Raw::Bzip2 2.x 厂商补丁: CPAN ---- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://bugs.gentoo.org/attachment.cgi?id=201642&action=view |
id | SSV:12086 |
last seen | 2017-11-19 |
modified | 2009-08-21 |
published | 2009-08-21 |
reporter | Root |
title | Perl Compress::Raw::Bzip2模块单字节溢出漏洞 |
References
- http://security.gentoo.org/glsa/glsa-200908-07.xml
- https://bugs.gentoo.org/show_bug.cgi?id=281955
- https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00999.html
- https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00982.html
- http://www.securityfocus.com/bid/36082
- http://secunia.com/advisories/36386
- https://bugzilla.redhat.com/show_bug.cgi?id=518278
- http://secunia.com/advisories/36415
- https://exchange.xforce.ibmcloud.com/vulnerabilities/52628