Vulnerabilities > CVE-2014-8139 - Out-of-bounds Write vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2020-2_0-0213_UNZIP.NASL description An update of the unzip package has been released. last seen 2020-03-17 modified 2020-03-11 plugin id 134423 published 2020-03-11 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134423 title Photon OS 2.0: Unzip PHSA-2020-2.0-0213 code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2020-2.0-0213. The text # itself is copyright (C) VMware, Inc. include('compat.inc'); if (description) { script_id(134423); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/13"); script_cve_id("CVE-2014-8139", "CVE-2014-8140", "CVE-2014-8141"); script_bugtraq_id(71790, 71792, 71793); script_name(english:"Photon OS 2.0: Unzip PHSA-2020-2.0-0213"); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the unzip package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-2-213.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-8141"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/31"); script_set_attribute(attribute:"patch_publication_date", value:"2020/03/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/11"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:unzip"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_check(release:"PhotonOS-2.0", cpu:"x86_64", reference:"unzip-6.0-15.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", cpu:"x86_64", reference:"unzip-debuginfo-6.0-15.ph2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "unzip"); }
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201611-01.NASL description The remote host is affected by the vulnerability described in GLSA-201611-01 (UnZip: Multiple vulnerabilities) Multiple vulnerabilities were found in UnZip. Please review the referenced CVE’s for additional information. Impact : Remote attackers could execute arbitrary code or cause Denial of Service. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 94460 published 2016-11-02 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94460 title GLSA-201611-01 : UnZip: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201611-01. # # The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(94460); script_version("2.2"); script_cvs_date("Date: 2020/02/06"); script_cve_id("CVE-2014-8139", "CVE-2014-8140", "CVE-2014-8141", "CVE-2014-9636"); script_xref(name:"GLSA", value:"201611-01"); script_name(english:"GLSA-201611-01 : UnZip: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201611-01 (UnZip: Multiple vulnerabilities) Multiple vulnerabilities were found in UnZip. Please review the referenced CVE’s for additional information. Impact : Remote attackers could execute arbitrary code or cause Denial of Service. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201611-01" ); script_set_attribute( attribute:"solution", value: "All UnZip users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-arch/unzip-6.0_p20'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:unzip"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/02/06"); script_set_attribute(attribute:"patch_publication_date", value:"2016/11/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"app-arch/unzip", unaffected:make_list("ge 6.0_p20"), vulnerable:make_list("lt 6.0_p20"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "UnZip"); }
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-123.NASL description Updated unzip package fix security vulnerabilities : The unzip command line tool is affected by heap-based buffer overflows within the CRC32 verification (CVE-2014-8139), the test_compr_eb() (CVE-2014-8140) and the getZip64Data() (CVE-2014-8141) functions. The input errors may result in in arbitrary code execution. A specially crafted zip file, passed to the command unzip -t, can be used to trigger the vulnerability. OOB access (both read and write) issues also exist in test_compr_eb() that can result in application crash or other unspecified impact. A specially crafted zip file, passed to the command unzip -t, can be used to trigger the issues. last seen 2020-06-01 modified 2020-06-02 plugin id 82376 published 2015-03-30 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82376 title Mandriva Linux Security Advisory : unzip (MDVSA-2015:123) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2015:123. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(82376); script_version("1.3"); script_cvs_date("Date: 2019/08/02 13:32:56"); script_cve_id("CVE-2014-8139", "CVE-2014-8140", "CVE-2014-8141"); script_xref(name:"MDVSA", value:"2015:123"); script_name(english:"Mandriva Linux Security Advisory : unzip (MDVSA-2015:123)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Mandriva Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "Updated unzip package fix security vulnerabilities : The unzip command line tool is affected by heap-based buffer overflows within the CRC32 verification (CVE-2014-8139), the test_compr_eb() (CVE-2014-8140) and the getZip64Data() (CVE-2014-8141) functions. The input errors may result in in arbitrary code execution. A specially crafted zip file, passed to the command unzip -t, can be used to trigger the vulnerability. OOB access (both read and write) issues also exist in test_compr_eb() that can result in application crash or other unspecified impact. A specially crafted zip file, passed to the command unzip -t, can be used to trigger the issues." ); script_set_attribute( attribute:"see_also", value:"http://advisories.mageia.org/MGASA-2014-0562.html" ); script_set_attribute(attribute:"solution", value:"Update the affected unzip package."); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:unzip"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:2"); script_set_attribute(attribute:"patch_publication_date", value:"2015/03/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"unzip-6.0-12.1.mbs2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2015-504.NASL description A buffer overflow was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary code when the archive was tested with unzip last seen 2020-06-01 modified 2020-06-02 plugin id 82832 published 2015-04-17 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82832 title Amazon Linux AMI : unzip (ALAS-2015-504) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2015-504. # include("compat.inc"); if (description) { script_id(82832); script_version("1.3"); script_cvs_date("Date: 2020/02/06"); script_cve_id("CVE-2014-8139", "CVE-2014-8140", "CVE-2014-8141", "CVE-2014-9636"); script_xref(name:"ALAS", value:"2015-504"); script_xref(name:"RHSA", value:"2015:0700"); script_name(english:"Amazon Linux AMI : unzip (ALAS-2015-504)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "A buffer overflow was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary code when the archive was tested with unzip's '-t' option. (CVE-2014-9636) A buffer overflow flaw was found in the way unzip computed the CRC32 checksum of certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash when the archive was tested with unzip's '-t' option. (CVE-2014-8139) An integer underflow flaw, leading to a buffer overflow, was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash when the archive was tested with unzip's '-t' option. (CVE-2014-8140) A buffer overflow flaw was found in the way unzip handled Zip64 files. A specially crafted Zip archive could possibly cause unzip to crash when the archive was uncompressed. (CVE-2014-8141)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2015-504.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update unzip' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:unzip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:unzip-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/02/06"); script_set_attribute(attribute:"patch_publication_date", value:"2015/04/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/17"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"unzip-6.0-2.9.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"unzip-debuginfo-6.0-2.9.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "unzip / unzip-debuginfo"); }
NASL family Debian Local Security Checks NASL id DEBIAN_DLA-150.NASL description A flaw was found in the test_compr_eb() function allowing out-of-bounds read and write access to memory locations. By carefully crafting a corrupt ZIP archive an attacker can trigger a heap overflow, resulting in application crash or possibly having other unspecified impact. Additionally this update corrects a defective patch applied to address CVE-2014-8139, which caused a regression with executable jar files. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2015-03-26 plugin id 82133 published 2015-03-26 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82133 title Debian DLA-150-1 : unzip security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-150-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(82133); script_version("1.9"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-8139", "CVE-2014-9636"); script_bugtraq_id(71790, 71825); script_name(english:"Debian DLA-150-1 : unzip security update"); script_summary(english:"Checks dpkg output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "A flaw was found in the test_compr_eb() function allowing out-of-bounds read and write access to memory locations. By carefully crafting a corrupt ZIP archive an attacker can trigger a heap overflow, resulting in application crash or possibly having other unspecified impact. Additionally this update corrects a defective patch applied to address CVE-2014-8139, which caused a regression with executable jar files. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2015/02/msg00003.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/squeeze-lts/unzip" ); script_set_attribute( attribute:"solution", value:"Upgrade the affected unzip package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:unzip"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/02/06"); script_set_attribute(attribute:"patch_publication_date", value:"2015/02/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/26"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"6.0", prefix:"unzip", reference:"6.0-4+deb6u2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family SuSE Local Security Checks NASL id SUSE_11_UNZIP-150113.NASL description This update fixes the following security issues : - heap overflow condition in the CRC32 verification. (CVE-2014-8139) - write error (_8349_) shows a problem in extract.c:test_compr_eb(). (CVE-2014-8140) - read errors (_6430_, _3422_) show problems in process.c:getZip64Data(). (CVE-2014-8141) last seen 2020-06-01 modified 2020-06-02 plugin id 80825 published 2015-01-19 reporter This script is Copyright (C) 2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80825 title SuSE 11.3 Security Update : unzip (SAT Patch Number 10159) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-0700.NASL description Updated unzip packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The unzip utility is used to list, test, or extract files from a zip archive. A buffer overflow was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary code when the archive was tested with unzip last seen 2020-06-01 modified 2020-06-02 plugin id 81949 published 2015-03-19 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81949 title RHEL 6 / 7 : unzip (RHSA-2015:0700) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3113.NASL description Michele Spagnuolo of the Google Security Team discovered that unzip, an extraction utility for archives compressed in .zip format, is affected by heap-based buffer overflows within the CRC32 verification function (CVE-2014-8139 ), the test_compr_eb() function (CVE-2014-8140 ) and the getZip64Data() function (CVE-2014-8141 ), which may lead to the execution of arbitrary code. last seen 2020-03-17 modified 2014-12-29 plugin id 80255 published 2014-12-29 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/80255 title Debian DSA-3113-1 : unzip - security update NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2015-0037.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2014-9636 CVE-2014-8139 CVE-2014-8140 (CVE-2014-8141) Resolves: #1196132 #1196120 #1196124 #1196128 last seen 2020-06-01 modified 2020-06-02 plugin id 81968 published 2015-03-20 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81968 title OracleVM 3.3 : unzip (OVMSA-2015-0037) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-016.NASL description Updated unzip package fix security vulnerabilities : The unzip command line tool is affected by heap-based buffer overflows within the CRC32 verification (CVE-2014-8139), the test_compr_eb() (CVE-2014-8140) and the getZip64Data() (CVE-2014-8141) functions. The input errors may result in in arbitrary code execution. A specially crafted zip file, passed to the command unzip -t, can be used to trigger the vulnerability. OOB access (both read and write) issues also exist in test_compr_eb() that can result in application crash or other unspecified impact. A specially crafted zip file, passed to the command unzip -t, can be used to trigger the issues (CVE-2014-9636). last seen 2020-06-01 modified 2020-06-02 plugin id 80435 published 2015-01-09 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80435 title Mandriva Linux Security Advisory : unzip (MDVSA-2015:016) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-0700.NASL description From Red Hat Security Advisory 2015:0700 : Updated unzip packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The unzip utility is used to list, test, or extract files from a zip archive. A buffer overflow was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary code when the archive was tested with unzip last seen 2020-06-01 modified 2020-06-02 plugin id 81947 published 2015-03-19 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81947 title Oracle Linux 6 / 7 : unzip (ELSA-2015-0700) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2472-1.NASL description Wolfgang Ettlinger discovered that unzip incorrectly handled certain malformed zip archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 80551 published 2015-01-15 reporter Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/80551 title Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : unzip vulnerabilities (USN-2472-1) NASL family Fedora Local Security Checks NASL id FEDORA_2015-1993.NASL description - Fix CVE-2014-8139 - CRC32 verification heap-based buffer overread (#1174844) - Fix CVE-2014-8140 - out-of-bounds write issue in test_compr_eb() (#1174851) - Fix CVE-2014-8141 - getZip64Data() out-of-bounds read issues (#1174856) - Fix buffer overflow on long file sizes (#1191136) - CVE-2014-9636 unzip: out-of-bounds read/write in test_compr_eb() in extract.c - re-fix (see https://bugzilla.redhat.com/show_bug.cgi?id=1184985#c7) - Fix CVE-2014-8139 - CRC32 verification heap-based buffer overread (#1174844) - Fix CVE-2014-8140 - out-of-bounds write issue in test_compr_eb() (#1174851) - Fix CVE-2014-8141 - getZip64Data() out-of-bounds read issues (#1174856) - Fix buffer overflow on long file sizes (#1191136) - Fix CVE-2014-8139 - CRC32 verification heap-based buffer overread (#1174844) - Fix CVE-2014-8140 - out-of-bounds write issue in test_compr_eb() (#1174851) - Fix CVE-2014-8141 - getZip64Data() out-of-bounds read issues (#1174856) - Fix buffer overflow on long file sizes (#1191136) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-02-24 plugin id 81454 published 2015-02-24 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81454 title Fedora 20 : unzip-6.0-17.fc20 (2015-1993) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2019-060-01.NASL description New infozip packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 122576 published 2019-03-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122576 title Slackware 14.0 / 14.1 / 14.2 / current : infozip (SSA:2019-060-01) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2020-1_0-0281_UNZIP.NASL description An update of the unzip package has been released. last seen 2020-03-17 modified 2020-03-02 plugin id 134208 published 2020-03-02 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134208 title Photon OS 1.0: Unzip PHSA-2020-1.0-0281 NASL family Fedora Local Security Checks NASL id FEDORA_2015-2035.NASL description - Fix CVE-2014-8139 - CRC32 verification heap-based buffer overread (#1174844) - Fix CVE-2014-8140 - out-of-bounds write issue in test_compr_eb() (#1174851) - Fix CVE-2014-8141 - getZip64Data() out-of-bounds read issues (#1174856) - Fix buffer overflow on long file sizes (#1191136) - CVE-2014-9636 unzip: out-of-bounds read/write in test_compr_eb() in extract.c - re-fix (see https://bugzilla.redhat.com/show_bug.cgi?id=1184985#c7) - Fix CVE-2014-8139 - CRC32 verification heap-based buffer overread (#1174844) - Fix CVE-2014-8140 - out-of-bounds write issue in test_compr_eb() (#1174851) - Fix CVE-2014-8141 - getZip64Data() out-of-bounds read issues (#1174856) - Fix buffer overflow on long file sizes (#1191136) - Fix CVE-2014-8139 - CRC32 verification heap-based buffer overread (#1174844) - Fix CVE-2014-8140 - out-of-bounds write issue in test_compr_eb() (#1174851) - Fix CVE-2014-8141 - getZip64Data() out-of-bounds read issues (#1174856) - Fix buffer overflow on long file sizes (#1191136) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-02-16 plugin id 81367 published 2015-02-16 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81367 title Fedora 21 : unzip-6.0-20.fc21 (2015-2035) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2015-0700.NASL description Updated unzip packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The unzip utility is used to list, test, or extract files from a zip archive. A buffer overflow was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary code when the archive was tested with unzip last seen 2020-06-01 modified 2020-06-02 plugin id 81925 published 2015-03-19 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81925 title CentOS 6 / 7 : unzip (CESA-2015:0700) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-124.NASL description Michele Spagnuolo of the Google Security Team discovered that unzip, an extraction utility for archives compressed in .zip format, is affected by heap-based buffer overflows within the CRC32 verification function (CVE-2014-8139), the test_compr_eb() function (CVE-2014-8140) and the getZip64Data() function (CVE-2014-8141), which may lead to the execution of arbitrary code. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2015-03-26 plugin id 82107 published 2015-03-26 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82107 title Debian DLA-124-1 : unzip security update NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3152.NASL description A flaw was found in the test_compr_eb() function allowing out-of-bounds read and write access to memory locations. By carefully crafting a corrupt ZIP archive an attacker can trigger a heap overflow, resulting in application crash or possibly having other unspecified impact. last seen 2020-03-17 modified 2015-02-04 plugin id 81149 published 2015-02-04 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81149 title Debian DSA-3152-1 : unzip - security update NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2020-3_0-0063_UNZIP.NASL description An update of the unzip package has been released. last seen 2020-03-17 modified 2020-03-02 plugin id 134212 published 2020-03-02 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134212 title Photon OS 3.0: Unzip PHSA-2020-3.0-0063 NASL family Scientific Linux Local Security Checks NASL id SL_20150318_UNZIP_ON_SL6_X.NASL description A buffer overflow was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary code when the archive was tested with unzip last seen 2020-03-18 modified 2015-03-26 plugin id 82263 published 2015-03-26 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82263 title Scientific Linux Security Update : unzip on SL6.x, SL7.x i386/x86_64 (20150318) NASL family SuSE Local Security Checks NASL id SUSE_11_UNZIP-150220.NASL description This update fixes the following security issues : - input sanitization errors. (bnc#909214). (CVE-2014-8139) - out-of-bounds read/write in test_compr_eb() (bnc#914442). (CVE-2014-9636) last seen 2020-06-01 modified 2020-06-02 plugin id 81542 published 2015-02-26 reporter This script is Copyright (C) 2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81542 title SuSE 11.3 Security Update : unzip (SAT Patch Number 10344) NASL family SuSE Local Security Checks NASL id SUSE_11_UNZIP-150221.NASL description This update fixes the following security issues : - input sanitization errors. (bnc#909214). (CVE-2014-8139) - out-of-bounds read/write in test_compr_eb() (bnc#914442). (CVE-2014-9636) last seen 2020-06-01 modified 2020-06-02 plugin id 81543 published 2015-02-26 reporter This script is Copyright (C) 2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81543 title SuSE 11.3 Security Update : unzip (SAT Patch Number 10344) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_D93609089D5211E487FD10BF48E1088E.NASL description oCERT reports : The UnZip tool is an open source extraction utility for archives compressed in the zip format. The unzip command line tool is affected by heap-based buffer overflows within the CRC32 verification, the test_compr_eb() and the getZip64Data() functions. The input errors may result in arbitrary code execution. A specially crafted zip file, passed to unzip -t, can be used to trigger the vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 80577 published 2015-01-19 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/80577 title FreeBSD : unzip -- input sanitization errors (d9360908-9d52-11e4-87fd-10bf48e1088e) NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL16480.NASL description A buffer overflow flaw was found in the way unzip computed the CRC32 checksum of certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash when the archive was tested with unzip last seen 2020-06-01 modified 2020-06-02 plugin id 85950 published 2015-09-16 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85950 title F5 Networks BIG-IP : Multiple unzip vulnerabilities (SOL16480) NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-119.NASL description unzip was updated to fix security issues. The unzip command line tool is affected by heap-based buffer overflows within the CRC32 verification (CVE-2014-8139), the test_compr_eb() (CVE-2014-8140) and the getZip64Data() functions (CVE-2014-8141). The input errors may result in in arbitrary code execution. More info can be found in the oCert announcement: http://seclists.org/oss-sec/2014/q4/1127 last seen 2020-06-05 modified 2015-02-10 plugin id 81252 published 2015-02-10 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81252 title openSUSE Security Update : unzip (openSUSE-2015-119)
Redhat
rpms |
|
References
- http://www.ocert.org/advisories/ocert-2014-011.html
- http://www.ocert.org/advisories/ocert-2014-011.html
- http://www.securitytracker.com/id/1031433
- http://www.securitytracker.com/id/1031433
- https://access.redhat.com/errata/RHSA-2015:0700
- https://access.redhat.com/errata/RHSA-2015:0700
- https://bugzilla.redhat.com/show_bug.cgi?id=1174844
- https://bugzilla.redhat.com/show_bug.cgi?id=1174844