Vulnerabilities > CVE-2014-8140 - Out-of-bounds Write vulnerability in multiple products

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
unzip-project
redhat
CWE-787
nessus

Summary

Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-2_0-0213_UNZIP.NASL
    descriptionAn update of the unzip package has been released.
    last seen2020-03-17
    modified2020-03-11
    plugin id134423
    published2020-03-11
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134423
    titlePhoton OS 2.0: Unzip PHSA-2020-2.0-0213
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2020-2.0-0213. The text
    # itself is copyright (C) VMware, Inc.
    
    
    include('compat.inc');
    
    if (description)
    {
      script_id(134423);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/13");
    
      script_cve_id("CVE-2014-8139", "CVE-2014-8140", "CVE-2014-8141");
      script_bugtraq_id(71790, 71792, 71793);
    
      script_name(english:"Photon OS 2.0: Unzip PHSA-2020-2.0-0213");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the unzip package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-2-213.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-8141");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/31");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/03/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/11");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:unzip");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_check(release:"PhotonOS-2.0", cpu:"x86_64", reference:"unzip-6.0-15.ph2")) flag++;
    if (rpm_check(release:"PhotonOS-2.0", cpu:"x86_64", reference:"unzip-debuginfo-6.0-15.ph2")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "unzip");
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201611-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201611-01 (UnZip: Multiple vulnerabilities) Multiple vulnerabilities were found in UnZip. Please review the referenced CVE&rsquo;s for additional information. Impact : Remote attackers could execute arbitrary code or cause Denial of Service. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id94460
    published2016-11-02
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94460
    titleGLSA-201611-01 : UnZip: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201611-01.
    #
    # The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(94460);
      script_version("2.2");
      script_cvs_date("Date: 2020/02/06");
    
      script_cve_id("CVE-2014-8139", "CVE-2014-8140", "CVE-2014-8141", "CVE-2014-9636");
      script_xref(name:"GLSA", value:"201611-01");
    
      script_name(english:"GLSA-201611-01 : UnZip: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201611-01
    (UnZip: Multiple vulnerabilities)
    
        Multiple vulnerabilities were found in UnZip. Please review the
          referenced CVE&rsquo;s for additional information.
      
    Impact :
    
        Remote attackers could execute arbitrary code or cause Denial of
          Service.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201611-01"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All UnZip users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=app-arch/unzip-6.0_p20'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:unzip");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/02/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/11/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/02");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"app-arch/unzip", unaffected:make_list("ge 6.0_p20"), vulnerable:make_list("lt 6.0_p20"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "UnZip");
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-123.NASL
    descriptionUpdated unzip package fix security vulnerabilities : The unzip command line tool is affected by heap-based buffer overflows within the CRC32 verification (CVE-2014-8139), the test_compr_eb() (CVE-2014-8140) and the getZip64Data() (CVE-2014-8141) functions. The input errors may result in in arbitrary code execution. A specially crafted zip file, passed to the command unzip -t, can be used to trigger the vulnerability. OOB access (both read and write) issues also exist in test_compr_eb() that can result in application crash or other unspecified impact. A specially crafted zip file, passed to the command unzip -t, can be used to trigger the issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id82376
    published2015-03-30
    reporterThis script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82376
    titleMandriva Linux Security Advisory : unzip (MDVSA-2015:123)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2015:123. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(82376);
      script_version("1.3");
      script_cvs_date("Date: 2019/08/02 13:32:56");
    
      script_cve_id("CVE-2014-8139", "CVE-2014-8140", "CVE-2014-8141");
      script_xref(name:"MDVSA", value:"2015:123");
    
      script_name(english:"Mandriva Linux Security Advisory : unzip (MDVSA-2015:123)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Mandriva Linux host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated unzip package fix security vulnerabilities :
    
    The unzip command line tool is affected by heap-based buffer overflows
    within the CRC32 verification (CVE-2014-8139), the test_compr_eb()
    (CVE-2014-8140) and the getZip64Data() (CVE-2014-8141) functions. The
    input errors may result in in arbitrary code execution. A specially
    crafted zip file, passed to the command unzip -t, can be used to
    trigger the vulnerability.
    
    OOB access (both read and write) issues also exist in test_compr_eb()
    that can result in application crash or other unspecified impact. A
    specially crafted zip file, passed to the command unzip -t, can be
    used to trigger the issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://advisories.mageia.org/MGASA-2014-0562.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected unzip package.");
      script_set_attribute(attribute:"risk_factor", value:"High");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:unzip");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/03/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/30");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"unzip-6.0-12.1.mbs2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2015-504.NASL
    descriptionA buffer overflow was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary code when the archive was tested with unzip
    last seen2020-06-01
    modified2020-06-02
    plugin id82832
    published2015-04-17
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82832
    titleAmazon Linux AMI : unzip (ALAS-2015-504)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux AMI Security Advisory ALAS-2015-504.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(82832);
      script_version("1.3");
      script_cvs_date("Date: 2020/02/06");
    
      script_cve_id("CVE-2014-8139", "CVE-2014-8140", "CVE-2014-8141", "CVE-2014-9636");
      script_xref(name:"ALAS", value:"2015-504");
      script_xref(name:"RHSA", value:"2015:0700");
    
      script_name(english:"Amazon Linux AMI : unzip (ALAS-2015-504)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux AMI host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A buffer overflow was found in the way unzip uncompressed certain
    extra fields of a file. A specially crafted Zip archive could cause
    unzip to crash or, possibly, execute arbitrary code when the archive
    was tested with unzip's '-t' option. (CVE-2014-9636)
    
    A buffer overflow flaw was found in the way unzip computed the CRC32
    checksum of certain extra fields of a file. A specially crafted Zip
    archive could cause unzip to crash when the archive was tested with
    unzip's '-t' option. (CVE-2014-8139)
    
    An integer underflow flaw, leading to a buffer overflow, was found in
    the way unzip uncompressed certain extra fields of a file. A specially
    crafted Zip archive could cause unzip to crash when the archive was
    tested with unzip's '-t' option. (CVE-2014-8140)
    
    A buffer overflow flaw was found in the way unzip handled Zip64 files.
    A specially crafted Zip archive could possibly cause unzip to crash
    when the archive was uncompressed. (CVE-2014-8141)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/ALAS-2015-504.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum update unzip' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:unzip");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:unzip-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/02/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/04/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/17");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "A")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"ALA", reference:"unzip-6.0-2.9.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"unzip-debuginfo-6.0-2.9.amzn1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "unzip / unzip-debuginfo");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_UNZIP-150113.NASL
    descriptionThis update fixes the following security issues : - heap overflow condition in the CRC32 verification. (CVE-2014-8139) - write error (_8349_) shows a problem in extract.c:test_compr_eb(). (CVE-2014-8140) - read errors (_6430_, _3422_) show problems in process.c:getZip64Data(). (CVE-2014-8141)
    last seen2020-06-01
    modified2020-06-02
    plugin id80825
    published2015-01-19
    reporterThis script is Copyright (C) 2015 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80825
    titleSuSE 11.3 Security Update : unzip (SAT Patch Number 10159)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0700.NASL
    descriptionUpdated unzip packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The unzip utility is used to list, test, or extract files from a zip archive. A buffer overflow was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary code when the archive was tested with unzip
    last seen2020-06-01
    modified2020-06-02
    plugin id81949
    published2015-03-19
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81949
    titleRHEL 6 / 7 : unzip (RHSA-2015:0700)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3113.NASL
    descriptionMichele Spagnuolo of the Google Security Team discovered that unzip, an extraction utility for archives compressed in .zip format, is affected by heap-based buffer overflows within the CRC32 verification function (CVE-2014-8139 ), the test_compr_eb() function (CVE-2014-8140 ) and the getZip64Data() function (CVE-2014-8141 ), which may lead to the execution of arbitrary code.
    last seen2020-03-17
    modified2014-12-29
    plugin id80255
    published2014-12-29
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80255
    titleDebian DSA-3113-1 : unzip - security update
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2015-0037.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2014-9636 CVE-2014-8139 CVE-2014-8140 (CVE-2014-8141) Resolves: #1196132 #1196120 #1196124 #1196128
    last seen2020-06-01
    modified2020-06-02
    plugin id81968
    published2015-03-20
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81968
    titleOracleVM 3.3 : unzip (OVMSA-2015-0037)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-016.NASL
    descriptionUpdated unzip package fix security vulnerabilities : The unzip command line tool is affected by heap-based buffer overflows within the CRC32 verification (CVE-2014-8139), the test_compr_eb() (CVE-2014-8140) and the getZip64Data() (CVE-2014-8141) functions. The input errors may result in in arbitrary code execution. A specially crafted zip file, passed to the command unzip -t, can be used to trigger the vulnerability. OOB access (both read and write) issues also exist in test_compr_eb() that can result in application crash or other unspecified impact. A specially crafted zip file, passed to the command unzip -t, can be used to trigger the issues (CVE-2014-9636).
    last seen2020-06-01
    modified2020-06-02
    plugin id80435
    published2015-01-09
    reporterThis script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80435
    titleMandriva Linux Security Advisory : unzip (MDVSA-2015:016)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-0700.NASL
    descriptionFrom Red Hat Security Advisory 2015:0700 : Updated unzip packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The unzip utility is used to list, test, or extract files from a zip archive. A buffer overflow was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary code when the archive was tested with unzip
    last seen2020-06-01
    modified2020-06-02
    plugin id81947
    published2015-03-19
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81947
    titleOracle Linux 6 / 7 : unzip (ELSA-2015-0700)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2472-1.NASL
    descriptionWolfgang Ettlinger discovered that unzip incorrectly handled certain malformed zip archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id80551
    published2015-01-15
    reporterUbuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80551
    titleUbuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : unzip vulnerabilities (USN-2472-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-1993.NASL
    description - Fix CVE-2014-8139 - CRC32 verification heap-based buffer overread (#1174844) - Fix CVE-2014-8140 - out-of-bounds write issue in test_compr_eb() (#1174851) - Fix CVE-2014-8141 - getZip64Data() out-of-bounds read issues (#1174856) - Fix buffer overflow on long file sizes (#1191136) - CVE-2014-9636 unzip: out-of-bounds read/write in test_compr_eb() in extract.c - re-fix (see https://bugzilla.redhat.com/show_bug.cgi?id=1184985#c7) - Fix CVE-2014-8139 - CRC32 verification heap-based buffer overread (#1174844) - Fix CVE-2014-8140 - out-of-bounds write issue in test_compr_eb() (#1174851) - Fix CVE-2014-8141 - getZip64Data() out-of-bounds read issues (#1174856) - Fix buffer overflow on long file sizes (#1191136) - Fix CVE-2014-8139 - CRC32 verification heap-based buffer overread (#1174844) - Fix CVE-2014-8140 - out-of-bounds write issue in test_compr_eb() (#1174851) - Fix CVE-2014-8141 - getZip64Data() out-of-bounds read issues (#1174856) - Fix buffer overflow on long file sizes (#1191136) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-02-24
    plugin id81454
    published2015-02-24
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/81454
    titleFedora 20 : unzip-6.0-17.fc20 (2015-1993)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2019-060-01.NASL
    descriptionNew infozip packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122576
    published2019-03-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122576
    titleSlackware 14.0 / 14.1 / 14.2 / current : infozip (SSA:2019-060-01)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-1_0-0281_UNZIP.NASL
    descriptionAn update of the unzip package has been released.
    last seen2020-03-17
    modified2020-03-02
    plugin id134208
    published2020-03-02
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134208
    titlePhoton OS 1.0: Unzip PHSA-2020-1.0-0281
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-2035.NASL
    description - Fix CVE-2014-8139 - CRC32 verification heap-based buffer overread (#1174844) - Fix CVE-2014-8140 - out-of-bounds write issue in test_compr_eb() (#1174851) - Fix CVE-2014-8141 - getZip64Data() out-of-bounds read issues (#1174856) - Fix buffer overflow on long file sizes (#1191136) - CVE-2014-9636 unzip: out-of-bounds read/write in test_compr_eb() in extract.c - re-fix (see https://bugzilla.redhat.com/show_bug.cgi?id=1184985#c7) - Fix CVE-2014-8139 - CRC32 verification heap-based buffer overread (#1174844) - Fix CVE-2014-8140 - out-of-bounds write issue in test_compr_eb() (#1174851) - Fix CVE-2014-8141 - getZip64Data() out-of-bounds read issues (#1174856) - Fix buffer overflow on long file sizes (#1191136) - Fix CVE-2014-8139 - CRC32 verification heap-based buffer overread (#1174844) - Fix CVE-2014-8140 - out-of-bounds write issue in test_compr_eb() (#1174851) - Fix CVE-2014-8141 - getZip64Data() out-of-bounds read issues (#1174856) - Fix buffer overflow on long file sizes (#1191136) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-02-16
    plugin id81367
    published2015-02-16
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/81367
    titleFedora 21 : unzip-6.0-20.fc21 (2015-2035)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-0700.NASL
    descriptionUpdated unzip packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The unzip utility is used to list, test, or extract files from a zip archive. A buffer overflow was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary code when the archive was tested with unzip
    last seen2020-06-01
    modified2020-06-02
    plugin id81925
    published2015-03-19
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81925
    titleCentOS 6 / 7 : unzip (CESA-2015:0700)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-124.NASL
    descriptionMichele Spagnuolo of the Google Security Team discovered that unzip, an extraction utility for archives compressed in .zip format, is affected by heap-based buffer overflows within the CRC32 verification function (CVE-2014-8139), the test_compr_eb() function (CVE-2014-8140) and the getZip64Data() function (CVE-2014-8141), which may lead to the execution of arbitrary code. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2015-03-26
    plugin id82107
    published2015-03-26
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82107
    titleDebian DLA-124-1 : unzip security update
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-3_0-0063_UNZIP.NASL
    descriptionAn update of the unzip package has been released.
    last seen2020-03-17
    modified2020-03-02
    plugin id134212
    published2020-03-02
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134212
    titlePhoton OS 3.0: Unzip PHSA-2020-3.0-0063
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20150318_UNZIP_ON_SL6_X.NASL
    descriptionA buffer overflow was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary code when the archive was tested with unzip
    last seen2020-03-18
    modified2015-03-26
    plugin id82263
    published2015-03-26
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82263
    titleScientific Linux Security Update : unzip on SL6.x, SL7.x i386/x86_64 (20150318)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_D93609089D5211E487FD10BF48E1088E.NASL
    descriptionoCERT reports : The UnZip tool is an open source extraction utility for archives compressed in the zip format. The unzip command line tool is affected by heap-based buffer overflows within the CRC32 verification, the test_compr_eb() and the getZip64Data() functions. The input errors may result in arbitrary code execution. A specially crafted zip file, passed to unzip -t, can be used to trigger the vulnerability.
    last seen2020-06-01
    modified2020-06-02
    plugin id80577
    published2015-01-19
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80577
    titleFreeBSD : unzip -- input sanitization errors (d9360908-9d52-11e4-87fd-10bf48e1088e)
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL16480.NASL
    descriptionA buffer overflow flaw was found in the way unzip computed the CRC32 checksum of certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash when the archive was tested with unzip
    last seen2020-06-01
    modified2020-06-02
    plugin id85950
    published2015-09-16
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85950
    titleF5 Networks BIG-IP : Multiple unzip vulnerabilities (SOL16480)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-119.NASL
    descriptionunzip was updated to fix security issues. The unzip command line tool is affected by heap-based buffer overflows within the CRC32 verification (CVE-2014-8139), the test_compr_eb() (CVE-2014-8140) and the getZip64Data() functions (CVE-2014-8141). The input errors may result in in arbitrary code execution. More info can be found in the oCert announcement: http://seclists.org/oss-sec/2014/q4/1127
    last seen2020-06-05
    modified2015-02-10
    plugin id81252
    published2015-02-10
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81252
    titleopenSUSE Security Update : unzip (openSUSE-2015-119)

Redhat

rpms
  • unzip-0:6.0-15.ael7b
  • unzip-0:6.0-15.el7
  • unzip-0:6.0-2.el6_6
  • unzip-debuginfo-0:6.0-15.ael7b
  • unzip-debuginfo-0:6.0-15.el7
  • unzip-debuginfo-0:6.0-2.el6_6