Vulnerabilities > CVE-2010-0405 - Numeric Errors vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | Bzip
| 25 |
| Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_2_BZIP2-100921.NASL description This update fixes an integer overflow in the BZ2_decompress function of bzip2/libbz2. This can be exploited via a crafted archive to cause a denial of service or even execute arbitrary code. (CVE-2010-0405) last seen 2020-06-01 modified 2020-06-02 plugin id 49755 published 2010-10-06 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49755 title openSUSE Security Update : bzip2 (openSUSE-SU-2010:0684-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update bzip2-3183. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(49755); script_version("1.8"); script_cvs_date("Date: 2019/10/25 13:36:38"); script_cve_id("CVE-2010-0405"); script_xref(name:"IAVB", value:"2010-B-0083"); script_name(english:"openSUSE Security Update : bzip2 (openSUSE-SU-2010:0684-1)"); script_summary(english:"Check for the bzip2-3183 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update fixes an integer overflow in the BZ2_decompress function of bzip2/libbz2. This can be exploited via a crafted archive to cause a denial of service or even execute arbitrary code. (CVE-2010-0405)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=636978" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2010-09/msg00058.html" ); script_set_attribute( attribute:"solution", value:"Update the affected bzip2 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bzip2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libbz2-1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libbz2-1-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libbz2-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.2"); script_set_attribute(attribute:"patch_publication_date", value:"2010/09/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/10/06"); script_set_attribute(attribute:"stig_severity", value:"II"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.2", reference:"bzip2-1.0.5-36.7.1") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"libbz2-1-1.0.5-36.7.1") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"libbz2-devel-1.0.5-36.7.1") ) flag++; if ( rpm_check(release:"SUSE11.2", cpu:"x86_64", reference:"libbz2-1-32bit-1.0.5-36.7.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bzip2 / libbz2-1 / libbz2-1-32bit / libbz2-devel"); }NASL family Fedora Local Security Checks NASL id FEDORA_2010-15106.NASL description - Bug #627882 - CVE-2010-0405 bzip2: integer overflow flaw in BZ2_decompress Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 49684 published 2010-09-27 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49684 title Fedora 14 : bzip2-1.0.6-1.fc14 (2010-15106) NASL family SuSE Local Security Checks NASL id SUSE_11_1_BZIP2-100921.NASL description This update fixes an integer overflow in the BZ2_decompress function of bzip2/libbz2. This can be exploited via a crafted archive to cause a denial of service or even execute arbitrary code. (CVE-2010-0405) last seen 2020-06-01 modified 2020-06-02 plugin id 49753 published 2010-10-06 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49753 title openSUSE Security Update : bzip2 (openSUSE-SU-2010:0684-1) NASL family Misc. NASL id VMWARE_ESXI_5_0_BUILD_608089_REMOTE.NASL description The remote VMware ESXi 5.0 host is affected by multiple vulnerabilities : - A denial of service vulnerability exists in the big2_toUtf8() function in file lib/xmltok.c in the libexpat library. A remote attacker can exploit this, via an XML document having malformed UTF-8 sequences, to cause a buffer over-read, thus crashing the application. (CVE-2009-3560) - A denial of service vulnerability exists in the updatePosition() function in file lib/xmltok.c in the libexpat library. A remote attacker can exploit this, via an XML document having malformed UTF-8 sequences, to cause a buffer over-read, thus crashing the application. (CVE-2009-3720) - An integer overflow condition exists in the BZ2_decompress() function in file decompress.c in the bzip2 and libbzip2 library. A remote attacker can exploit this, via a crafted compressed file, to cause a denial of service or the execution of arbitrary code. (CVE-2010-0405) - A denial of service vulnerability exists in the audioop module due to multiple integer overflows conditions in file audioop.c. A remote attacker can exploit this, via a large fragment or argument, to cause a buffer overflow, resulting in an application crash. (CVE-2010-1634) - A denial of service vulnerability exists in the audioop module due to a failure to verify the relationships between size arguments and byte string length. A remote attacker can exploit this, via crafted arguments, to cause memory corruption, resulting in an application crash. (CVE-2010-2089) - A flaw exists in the urllib and urllib2 modules due to processing Location headers that specify redirection to a file. A remote attacker can exploit this, via a crafted URL, to gain sensitive information or cause a denial of service. (CVE-2011-1521) - A privilege escalation vulnerability exists due to an incorrect ACL being used for the VMware Tools folder. An attacker on an adjacent network with access to a guest operating system can exploit this to gain elevated privileges on the guest operating system. (CVE-2012-1518) last seen 2020-06-01 modified 2020-06-02 plugin id 70881 published 2013-11-13 reporter This script is (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70881 title ESXi 5.0 < Build 608089 Multiple Vulnerabilities (remote check) NASL family Fedora Local Security Checks NASL id FEDORA_2010-15120.NASL description - Wed Sep 22 2010 Ivana Hutarova Varekova <varekova at redhat.com> - 1.0.6-1 - update to 1.0.6 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 49685 published 2010-09-27 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49685 title Fedora 13 : bzip2-1.0.6-1.fc13 (2010-15120) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2010-0703.NASL description From Red Hat Security Advisory 2010:0703 : Updated bzip2 packages that fix one security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. bzip2 is a freely available, high-quality data compressor. It provides both standalone compression and decompression utilities, as well as a shared library for use with other programs. An integer overflow flaw was discovered in the bzip2 decompression routine. This issue could, when decompressing malformed archives, cause bzip2, or an application linked against the libbz2 library, to crash or, potentially, execute arbitrary code. (CVE-2010-0405) Users of bzip2 should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running applications using the libbz2 library must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68102 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68102 title Oracle Linux 3 / 4 / 5 : bzip2 (ELSA-2010-0703) NASL family Solaris Local Security Checks NASL id SOLARIS10_126868-04.NASL description SunOS 5.10: SunFreeware bzip2 patch. Date this patch was last updated by Sun : Nov/15/10 last seen 2020-06-01 modified 2020-06-02 plugin id 107457 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107457 title Solaris 10 (sparc) : 126868-04 NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2112.NASL description Mikolaj Izdebski has discovered an integer overflow flaw in the BZ2_decompress function in bzip2/libbz2. An attacker could use a crafted bz2 file to cause a denial of service (application crash) or potentially to execute arbitrary code. (CVE-2010-0405 ) last seen 2020-06-01 modified 2020-06-02 plugin id 49291 published 2010-09-21 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49291 title Debian DSA-2112-1 : bzip2 - integer overflow NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0703.NASL description Updated bzip2 packages that fix one security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. bzip2 is a freely available, high-quality data compressor. It provides both standalone compression and decompression utilities, as well as a shared library for use with other programs. An integer overflow flaw was discovered in the bzip2 decompression routine. This issue could, when decompressing malformed archives, cause bzip2, or an application linked against the libbz2 library, to crash or, potentially, execute arbitrary code. (CVE-2010-0405) Users of bzip2 should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running applications using the libbz2 library must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 49301 published 2010-09-21 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49301 title RHEL 3 / 4 / 5 : bzip2 (RHSA-2010:0703) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0858.NASL description Updated bzip2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. bzip2 is a freely available, high-quality data compressor. It provides both standalone compression and decompression utilities, as well as a shared library for use with other programs. An integer overflow flaw was discovered in the bzip2 decompression routine. This issue could, when decompressing malformed archives, cause bzip2, or an application linked against the libbz2 library, to crash or, potentially, execute arbitrary code. (CVE-2010-0405) Users of bzip2 should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running applications using the libbz2 library must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 50630 published 2010-11-18 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50630 title RHEL 6 : bzip2 (RHSA-2010:0858) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201110-20.NASL description The remote host is affected by the vulnerability described in GLSA-201110-20 (Clam AntiVirus: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Clam AntiVirus. Please review the CVE identifiers referenced below for details. Impact : An unauthenticated remote attacker may execute arbitrary code with the privileges of the Clam AntiVirus process or cause a Denial of Service by causing an affected user or system to scan a crafted file. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 56595 published 2011-10-24 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56595 title GLSA-201110-20 : Clam AntiVirus: Multiple vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_BZIP2-100916.NASL description This update fixes an integer overflow in the BZ2_decompress function of bzip2/libbz2. This could have been exploited via a crafted archive to cause a denial of service or even execute arbitrary code. (CVE-2010-0405) last seen 2020-06-01 modified 2020-06-02 plugin id 50893 published 2010-12-02 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50893 title SuSE 11 / 11.1 Security Update : bzip2 (SAT Patch Numbers 3121 / 3125) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2010-0858.NASL description From Red Hat Security Advisory 2010:0858 : Updated bzip2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. bzip2 is a freely available, high-quality data compressor. It provides both standalone compression and decompression utilities, as well as a shared library for use with other programs. An integer overflow flaw was discovered in the bzip2 decompression routine. This issue could, when decompressing malformed archives, cause bzip2, or an application linked against the libbz2 library, to crash or, potentially, execute arbitrary code. (CVE-2010-0405) Users of bzip2 should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running applications using the libbz2 library must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68136 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68136 title Oracle Linux 6 : bzip2 (ELSA-2010-0858) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-986-2.NASL description USN-986-1 fixed a vulnerability in bzip2. This update provides the corresponding update for ClamAV. An integer overflow was discovered in bzip2. If a user or automated system were tricked into decompressing a crafted bz2 file, an attacker could cause bzip2 or any application linked against libbz2 to crash or possibly execute code as the user running the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 49304 published 2010-09-21 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49304 title Ubuntu 9.04 / 9.10 / 10.04 LTS : clamav vulnerability (USN-986-2) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_126869-05.NASL description SunOS 5.10_x86: SunFreeware bzip2 patch. Date this patch was last updated by Sun : Nov/15/10 last seen 2020-06-01 modified 2020-06-02 plugin id 107958 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107958 title Solaris 10 (x86) : 126869-05 NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2012-0005.NASL description a. VMware Tools Display Driver Privilege Escalation The VMware XPDM and WDDM display drivers contain buffer overflow vulnerabilities and the XPDM display driver does not properly check for NULL pointers. Exploitation of these issues may lead to local privilege escalation on Windows-based Guest Operating Systems. VMware would like to thank Tarjei Mandt for reporting theses issues to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2012-1509 (XPDM buffer overrun), CVE-2012-1510 (WDDM buffer overrun) and CVE-2012-1508 (XPDM null pointer dereference) to these issues. Note: CVE-2012-1509 doesn last seen 2020-06-01 modified 2020-06-02 plugin id 58362 published 2012-03-16 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58362 title VMSA-2012-0005 : VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi, and ESX address several security issues NASL family Fedora Local Security Checks NASL id FEDORA_2010-18564.NASL description - Sat Dec 4 2010 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 0.96.5-1300 - updated to 0.96.5 - CVE-2010-4260 Multiple errors within the processing of PDF files can be exploited to e.g. cause a crash. - CVE-2010-4261 An off-by-one error within the last seen 2020-06-01 modified 2020-06-02 plugin id 51346 published 2010-12-20 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/51346 title Fedora 13 : clamav-0.96.5-1300.fc13 (2010-18564) NASL family Scientific Linux Local Security Checks NASL id SL_20100920_BZIP2_ON_SL3_X__SL4_X__SL5_X.NASL description An integer overflow flaw was discovered in the bzip2 decompression routine. This issue could, when decompressing malformed archives, cause bzip2, or an application linked against the libbz2 library, to crash or, potentially, execute arbitrary code. (CVE-2010-0405) All running applications using the libbz2 library must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 60858 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60858 title Scientific Linux Security Update : bzip2 on SL3.x, SL4.x, SL5.x i386/x86_64 NASL family SuSE Local Security Checks NASL id SUSE_BZIP2-7169.NASL description This update fixes an integer overflow in the BZ2_decompress function of bzip2/libbz2. This can be exploited via a crafted archive to cause a denial of service or even execute arbitrary code. (CVE-2010-0405) last seen 2020-06-01 modified 2020-06-02 plugin id 49832 published 2010-10-11 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49832 title SuSE 10 Security Update : bzip2 (ZYPP Patch Number 7169) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201301-05.NASL description The remote host is affected by the vulnerability described in GLSA-201301-05 (bzip2: User-assisted execution of arbitrary code) An integer overflow vulnerability has been discovered in bzip2. Please review the CVE identifier referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted compressed file using bzip2, possibly resulting in execution of arbitrary code with the privileges of the process, or a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 63439 published 2013-01-09 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63439 title GLSA-201301-05 : bzip2: User-assisted execution of arbitrary code NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2010-0019.NASL description a. Service Console update for samba The service console package samba is updated to version 3.0.9-1.3E.18. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-3069 to this issue. b. Service Console update for bzip2 The service console package bzip2 is updated to version 1.0.2-14.EL3 in ESX 3.x and version 1.0.3-6 in ESX 4.x. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-0405 to this issue. c. Service Console update for OpenSSL The service console package openssl updated to version 0.9.7a-33.26. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-0590, CVE-2009-2409 and CVE-2009-3555 to the issues addressed in this update. last seen 2020-06-01 modified 2020-06-02 plugin id 51077 published 2010-12-08 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51077 title VMSA-2010-0019 : VMware ESX third-party updates for Service Console NASL family MacOS X Local Security Checks NASL id MACOSX_10_6_7.NASL description The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.7. Mac OS X 10.6.7 contains security fixes for the following products : - AirPort - Apache - AppleScript - ATS - bzip2 - CarbonCore - ClamAV - CoreText - File Quarantine - HFS - ImageIO - Image RAW - Installer - Kerberos - Kernel - Libinfo - libxml - Mailman - PHP - QuickLook - QuickTime - Ruby - Samba - Subversion - Terminal - X11 last seen 2020-06-01 modified 2020-06-02 plugin id 52754 published 2011-03-22 reporter This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/52754 title Mac OS X 10.6.x < 10.6.7 Multiple Vulnerabilities NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0703.NASL description Updated bzip2 packages that fix one security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. bzip2 is a freely available, high-quality data compressor. It provides both standalone compression and decompression utilities, as well as a shared library for use with other programs. An integer overflow flaw was discovered in the bzip2 decompression routine. This issue could, when decompressing malformed archives, cause bzip2, or an application linked against the libbz2 library, to crash or, potentially, execute arbitrary code. (CVE-2010-0405) Users of bzip2 should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running applications using the libbz2 library must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 49633 published 2010-09-22 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49633 title CentOS 3 / 4 / 5 : bzip2 (CESA-2010:0703) NASL family Fedora Local Security Checks NASL id FEDORA_2010-15125.NASL description - Wed Sep 22 2010 Ivana Hutarova Varekova <varekova at redhat.com> - 1.0.6-1 - update to 1.0.6 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 50697 published 2010-11-24 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50697 title Fedora 12 : bzip2-1.0.6-1.fc12 (2010-15125) NASL family SuSE Local Security Checks NASL id SUSE_11_3_BZIP2-100921.NASL description This update fixes an integer overflow in the BZ2_decompress function of bzip2/libbz2. This can be exploited via a crafted archive to cause a denial of service or even execute arbitrary code. (CVE-2010-0405) last seen 2020-06-01 modified 2020-06-02 plugin id 75443 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75443 title openSUSE Security Update : bzip2 (openSUSE-SU-2010:0684-1) NASL family Misc. NASL id VMWARE_VMSA-2012-0005_REMOTE.NASL description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the following components : - Apache Tomcat - bzip2 library - JRE - WDDM display driver - XPDM display driver last seen 2020-06-01 modified 2020-06-02 plugin id 89106 published 2016-03-03 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/89106 title VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2012-0005) (BEAST) (remote check) NASL family Scientific Linux Local Security Checks NASL id SL_20101110_BZIP2_ON_SL6_X.NASL description An integer overflow flaw was discovered in the bzip2 decompression routine. This issue could, when decompressing malformed archives, cause bzip2, or an application linked against the libbz2 library, to crash or, potentially, execute arbitrary code. (CVE-2010-0405) All running applications using the libbz2 library must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 60887 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60887 title Scientific Linux Security Update : bzip2 on SL6.x i386/x86_64 NASL family Fedora Local Security Checks NASL id FEDORA_2010-17439.NASL description ---------------------------------------------------------------------- ---------- ChangeLog : - Sun Oct 31 2010 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 0.96.4-1300 - updated to 0.96.4 - execute last seen 2020-06-01 modified 2020-06-02 plugin id 50683 published 2010-11-23 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50683 title Fedora 13 : clamav-0.96.4-1300.fc13 (2010-17439) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2010-0019_REMOTE.NASL description The remote VMware ESX host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries : - bzip2 - Network Security Services (NSS) Library - OpenSSL - Samba last seen 2020-06-01 modified 2020-06-02 plugin id 89745 published 2016-03-08 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89745 title VMware ESX Multiple Vulnerabilities (VMSA-2010-0019) (remote check) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-986-3.NASL description USN-986-1 fixed vulnerabilities in bzip2. dpkg statically links against libbz2 and needed to be rebuilt to use the updated libbz2. An integer overflow was discovered in bzip2. If a user or automated system were tricked into decompressing a crafted bz2 file, an attacker could cause bzip2 or any application linked against libbz2 to crash or possibly execute code as the user running the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 49305 published 2010-09-21 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49305 title Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : dpkg vulnerability (USN-986-3) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-185.NASL description An integer overflow has been found and corrected in bzip2 which could be exploited by using a specially crafted bz2 file and cause a denial of service attack (CVE-2010-0405). Additionally clamav has been upgraded to 0.96.2 and has been patched for this issue. perl-Compress-Bzip2 in MES5 has been linked against the system bzip2 library to resolv this issue. Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90 The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 49300 published 2010-09-21 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49300 title Mandriva Linux Security Advisory : bzip2 (MDVSA-2010:185) NASL family Fedora Local Security Checks NASL id FEDORA_2010-15443.NASL description - Bug #627882 - CVE-2010-0405 bzip2: integer overflow flaw in BZ2_decompress Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 49769 published 2010-10-06 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49769 title Fedora 14 : clamav-0.96.3-1400.fc14 (2010-15443) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-986-1.NASL description An integer overflow was discovered in bzip2. If a user or automated system were tricked into decompressing a crafted bz2 file, an attacker could cause bzip2 or any application linked against libbz2 to crash or possibly execute code as the user running the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 49303 published 2010-09-21 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49303 title Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : bzip2 vulnerability (USN-986-1) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_0DDB57A9DA204E99B0484366092F3D31.NASL description Secunia reports : A vulnerability has been reported in bzip2, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. The vulnerability is caused due to an integer overflow in the last seen 2020-06-01 modified 2020-06-02 plugin id 50328 published 2010-10-26 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50328 title FreeBSD : bzip2 -- integer overflow vulnerability (0ddb57a9-da20-4e99-b048-4366092f3d31) NASL family SuSE Local Security Checks NASL id SUSE9_12645.NASL description This update fixes an integer overflow in the BZ2_decompress function of bzip2/libbz2. This could have been exploited via a crafted archive to cause a denial of service or even execute arbitrary code. (CVE-2010-0405) last seen 2020-06-01 modified 2020-06-02 plugin id 49760 published 2010-10-06 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49760 title SuSE9 Security Update : bzip2 (YOU Patch Number 12645) NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL15878.NASL description Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file. last seen 2020-06-01 modified 2020-06-02 plugin id 79587 published 2014-11-27 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79587 title F5 Networks BIG-IP : bzip2 vulnerability (SOL15878) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2010-263-01.NASL description New bzip2 packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 49290 published 2010-09-21 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49290 title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 8.1 / 9.0 / 9.1 / current : bzip2 (SSA:2010-263-01) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2011-001.NASL description The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2011-001 applied. This security update contains fixes for the following products : - Apache - bzip2 - ClamAV - ImageIO - Kerberos - Libinfo - libxml - Mailman - PHP - QuickLook - Ruby - X11 last seen 2020-06-01 modified 2020-06-02 plugin id 52753 published 2011-03-22 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/52753 title Mac OS X Multiple Vulnerabilities (Security Update 2011-001) NASL family Misc. NASL id CLAMAV_0_96_3.NASL description According to its version, the clamd antivirus daemon on the remote host is earlier than 0.96.3. Such versions are reportedly affected by multiple vulnerabilities : - There is a failure to properly parse a specially crafted PDF file because of insufficient bounds-checks on PDF files in the last seen 2020-06-01 modified 2020-06-02 plugin id 49712 published 2010-10-05 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49712 title ClamAV < 0.96.3 Multiple Vulnerabilities
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://blogs.sun.com/security/entry/cve_2010_0405_integer_overflow
- http://blogs.sun.com/security/entry/cve_2010_0405_integer_overflow
- http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96.3
- http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96.3
- http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
- http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051278.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051278.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051366.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051366.html
- http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html
- http://marc.info/?l=oss-security&m=128506868510655&w=2
- http://marc.info/?l=oss-security&m=128506868510655&w=2
- http://secunia.com/advisories/41452
- http://secunia.com/advisories/41452
- http://secunia.com/advisories/41505
- http://secunia.com/advisories/41505
- http://secunia.com/advisories/42350
- http://secunia.com/advisories/42350
- http://secunia.com/advisories/42404
- http://secunia.com/advisories/42404
- http://secunia.com/advisories/42405
- http://secunia.com/advisories/42405
- http://secunia.com/advisories/42529
- http://secunia.com/advisories/42529
- http://secunia.com/advisories/42530
- http://secunia.com/advisories/42530
- http://secunia.com/advisories/48378
- http://secunia.com/advisories/48378
- http://security.gentoo.org/glsa/glsa-201301-05.xml
- http://security.gentoo.org/glsa/glsa-201301-05.xml
- http://support.apple.com/kb/HT4581
- http://support.apple.com/kb/HT4581
- http://www.bzip.org/
- http://www.bzip.org/
- http://www.redhat.com/support/errata/RHSA-2010-0703.html
- http://www.redhat.com/support/errata/RHSA-2010-0703.html
- http://www.redhat.com/support/errata/RHSA-2010-0858.html
- http://www.redhat.com/support/errata/RHSA-2010-0858.html
- http://www.securityfocus.com/archive/1/515055/100/0/threaded
- http://www.securityfocus.com/archive/1/515055/100/0/threaded
- http://www.ubuntu.com/usn/usn-986-1
- http://www.ubuntu.com/usn/usn-986-1
- http://www.ubuntu.com/usn/USN-986-2
- http://www.ubuntu.com/usn/USN-986-2
- http://www.ubuntu.com/usn/USN-986-3
- http://www.ubuntu.com/usn/USN-986-3
- http://www.vmware.com/security/advisories/VMSA-2010-0019.html
- http://www.vmware.com/security/advisories/VMSA-2010-0019.html
- http://www.vupen.com/english/advisories/2010/2455
- http://www.vupen.com/english/advisories/2010/2455
- http://www.vupen.com/english/advisories/2010/3043
- http://www.vupen.com/english/advisories/2010/3043
- http://www.vupen.com/english/advisories/2010/3052
- http://www.vupen.com/english/advisories/2010/3052
- http://www.vupen.com/english/advisories/2010/3073
- http://www.vupen.com/english/advisories/2010/3073
- http://www.vupen.com/english/advisories/2010/3126
- http://www.vupen.com/english/advisories/2010/3126
- http://www.vupen.com/english/advisories/2010/3127
- http://www.vupen.com/english/advisories/2010/3127
- http://xorl.wordpress.com/2010/09/21/cve-2010-0405-bzip2-integer-overflow/
- http://xorl.wordpress.com/2010/09/21/cve-2010-0405-bzip2-integer-overflow/
- https://bugzilla.redhat.com/show_bug.cgi?id=627882
- https://bugzilla.redhat.com/show_bug.cgi?id=627882
- https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2230
- https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2230
- https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2231
- https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2231