Vulnerabilities > CVE-2014-9636 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| OS | 4 | |
| OS | 1 | |
| OS | 2 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-2978-1.NASL description This update for unzip fixes the following security issues : CVE-2014-9913: Specially crafted zip files could trigger invalid memory writes possibly resulting in DoS or corruption (bsc#1013993) CVE-2015-7696: Specially crafted zip files with password protection could trigger a crash and lead to denial of service (bsc#950110) CVE-2015-7697: Specially crafted zip files could trigger an endless loop and lead to denial of service (bsc#950111) CVE-2016-9844: Specially crafted zip files could trigger invalid memory writes possibly resulting in DoS or corruption (bsc#1013992) CVE-2018-1000035: Prevent heap-based buffer overflow in the processing of password-protected archives that allowed an attacker to perform a denial of service or to possibly achieve code execution (bsc#1080074). CVE-2014-9636: Prevent denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression (bsc#914442). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 117902 published 2018-10-03 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117902 title SUSE SLED12 / SLES12 Security Update : unzip (SUSE-SU-2018:2978-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2018:2978-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(117902); script_version("1.3"); script_cvs_date("Date: 2019/09/10 13:51:49"); script_cve_id("CVE-2014-9636", "CVE-2014-9913", "CVE-2015-7696", "CVE-2015-7697", "CVE-2016-9844", "CVE-2018-1000035"); script_bugtraq_id(71825); script_name(english:"SUSE SLED12 / SLES12 Security Update : unzip (SUSE-SU-2018:2978-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for unzip fixes the following security issues : CVE-2014-9913: Specially crafted zip files could trigger invalid memory writes possibly resulting in DoS or corruption (bsc#1013993) CVE-2015-7696: Specially crafted zip files with password protection could trigger a crash and lead to denial of service (bsc#950110) CVE-2015-7697: Specially crafted zip files could trigger an endless loop and lead to denial of service (bsc#950111) CVE-2016-9844: Specially crafted zip files could trigger invalid memory writes possibly resulting in DoS or corruption (bsc#1013992) CVE-2018-1000035: Prevent heap-based buffer overflow in the processing of password-protected archives that allowed an attacker to perform a denial of service or to possibly achieve code execution (bsc#1080074). CVE-2014-9636: Prevent denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression (bsc#914442). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1013992" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1013993" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1080074" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=910683" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=914442" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=950110" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=950111" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-9636/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-9913/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-7696/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-7697/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-9844/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-1000035/" ); # https://www.suse.com/support/update/announcement/2018/suse-su-20182978-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e66d8fc8" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Server 12-SP3:zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2117=1 SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2117=1" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:ND"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:unzip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:unzip-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:unzip-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/02/06"); script_set_attribute(attribute:"patch_publication_date", value:"2018/10/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP3", os_ver + " SP" + sp); if (os_ver == "SLED12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP3", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"3", reference:"unzip-6.00-33.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"unzip-debuginfo-6.00-33.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"unzip-debugsource-6.00-33.8.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"unzip-6.00-33.8.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"unzip-debuginfo-6.00-33.8.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"unzip-debugsource-6.00-33.8.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "unzip"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201611-01.NASL description The remote host is affected by the vulnerability described in GLSA-201611-01 (UnZip: Multiple vulnerabilities) Multiple vulnerabilities were found in UnZip. Please review the referenced CVE’s for additional information. Impact : Remote attackers could execute arbitrary code or cause Denial of Service. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 94460 published 2016-11-02 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94460 title GLSA-201611-01 : UnZip: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201611-01. # # The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(94460); script_version("2.2"); script_cvs_date("Date: 2020/02/06"); script_cve_id("CVE-2014-8139", "CVE-2014-8140", "CVE-2014-8141", "CVE-2014-9636"); script_xref(name:"GLSA", value:"201611-01"); script_name(english:"GLSA-201611-01 : UnZip: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201611-01 (UnZip: Multiple vulnerabilities) Multiple vulnerabilities were found in UnZip. Please review the referenced CVE’s for additional information. Impact : Remote attackers could execute arbitrary code or cause Denial of Service. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201611-01" ); script_set_attribute( attribute:"solution", value: "All UnZip users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-arch/unzip-6.0_p20'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:unzip"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/02/06"); script_set_attribute(attribute:"patch_publication_date", value:"2016/11/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"app-arch/unzip", unaffected:make_list("ge 6.0_p20"), vulnerable:make_list("lt 6.0_p20"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "UnZip"); }NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2015-504.NASL description A buffer overflow was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary code when the archive was tested with unzip last seen 2020-06-01 modified 2020-06-02 plugin id 82832 published 2015-04-17 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82832 title Amazon Linux AMI : unzip (ALAS-2015-504) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2015-504. # include("compat.inc"); if (description) { script_id(82832); script_version("1.3"); script_cvs_date("Date: 2020/02/06"); script_cve_id("CVE-2014-8139", "CVE-2014-8140", "CVE-2014-8141", "CVE-2014-9636"); script_xref(name:"ALAS", value:"2015-504"); script_xref(name:"RHSA", value:"2015:0700"); script_name(english:"Amazon Linux AMI : unzip (ALAS-2015-504)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "A buffer overflow was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary code when the archive was tested with unzip's '-t' option. (CVE-2014-9636) A buffer overflow flaw was found in the way unzip computed the CRC32 checksum of certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash when the archive was tested with unzip's '-t' option. (CVE-2014-8139) An integer underflow flaw, leading to a buffer overflow, was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash when the archive was tested with unzip's '-t' option. (CVE-2014-8140) A buffer overflow flaw was found in the way unzip handled Zip64 files. A specially crafted Zip archive could possibly cause unzip to crash when the archive was uncompressed. (CVE-2014-8141)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2015-504.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update unzip' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:unzip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:unzip-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/02/06"); script_set_attribute(attribute:"patch_publication_date", value:"2015/04/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/17"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"unzip-6.0-2.9.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"unzip-debuginfo-6.0-2.9.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "unzip / unzip-debuginfo"); }NASL family Fedora Local Security Checks NASL id FEDORA_2015-1189.NASL description Security fix for CVE-2014-9636 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-01-29 plugin id 81061 published 2015-01-29 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81061 title Fedora 21 : unzip-6.0-18.fc21 (2015-1189) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-150.NASL description A flaw was found in the test_compr_eb() function allowing out-of-bounds read and write access to memory locations. By carefully crafting a corrupt ZIP archive an attacker can trigger a heap overflow, resulting in application crash or possibly having other unspecified impact. Additionally this update corrects a defective patch applied to address CVE-2014-8139, which caused a regression with executable jar files. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2015-03-26 plugin id 82133 published 2015-03-26 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82133 title Debian DLA-150-1 : unzip security update NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-1124.NASL description This update for unzip fixes the following security issues : - CVE-2014-9913: Specially crafted zip files could trigger invalid memory writes possibly resulting in DoS or corruption (bsc#1013993) - CVE-2015-7696: Specially crafted zip files with password protection could trigger a crash and lead to denial of service (bsc#950110) - CVE-2015-7697: Specially crafted zip files could trigger an endless loop and lead to denial of service (bsc#950111) - CVE-2016-9844: Specially crafted zip files could trigger invalid memory writes possibly resulting in DoS or corruption (bsc#1013992) - CVE-2018-1000035: Prevent heap-based buffer overflow in the processing of password-protected archives that allowed an attacker to perform a denial of service or to possibly achieve code execution (bsc#1080074). - CVE-2014-9636: Prevent denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression (bsc#914442). This non-security issue was fixed : - Allow processing of Windows zip64 archives (Windows archivers set total_disks field to 0 but per standard, valid values are 1 and higher) (bnc#910683) This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-05 modified 2018-10-09 plugin id 117981 published 2018-10-09 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117981 title openSUSE Security Update : unzip (openSUSE-2018-1124) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-0700.NASL description Updated unzip packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The unzip utility is used to list, test, or extract files from a zip archive. A buffer overflow was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary code when the archive was tested with unzip last seen 2020-06-01 modified 2020-06-02 plugin id 81949 published 2015-03-19 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81949 title RHEL 6 / 7 : unzip (RHSA-2015:0700) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2015-0037.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2014-9636 CVE-2014-8139 CVE-2014-8140 (CVE-2014-8141) Resolves: #1196132 #1196120 #1196124 #1196128 last seen 2020-06-01 modified 2020-06-02 plugin id 81968 published 2015-03-20 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81968 title OracleVM 3.3 : unzip (OVMSA-2015-0037) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-016.NASL description Updated unzip package fix security vulnerabilities : The unzip command line tool is affected by heap-based buffer overflows within the CRC32 verification (CVE-2014-8139), the test_compr_eb() (CVE-2014-8140) and the getZip64Data() (CVE-2014-8141) functions. The input errors may result in in arbitrary code execution. A specially crafted zip file, passed to the command unzip -t, can be used to trigger the vulnerability. OOB access (both read and write) issues also exist in test_compr_eb() that can result in application crash or other unspecified impact. A specially crafted zip file, passed to the command unzip -t, can be used to trigger the issues (CVE-2014-9636). last seen 2020-06-01 modified 2020-06-02 plugin id 80435 published 2015-01-09 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80435 title Mandriva Linux Security Advisory : unzip (MDVSA-2015:016) NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-0355-1.NASL description unzip was updated to fix one security issue. This security issue was fixed : - Out-of-bounds read/write in test_compr_eb() in extract.c (CVE-2014-9636). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 83688 published 2015-05-20 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83688 title SUSE SLED12 / SLES12 Security Update : unzip (SUSE-SU-2015:0355-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-709.NASL description This update for unzip fixes the following issues : - CVE-2014-9636: Prevent denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression (bsc#914442) - CVE-2018-1000035: Prevent heap-based buffer overflow in the processing of password-protected archives that allowed an attacker to perform a denial of service or to possibly achieve code execution (bsc#1080074) This non-security issue was fixed : +- Allow processing of Windows zip64 archives (Windows archivers set total_disks field to 0 but per standard, valid values are 1 and higher) (bnc#910683) This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-05 modified 2018-07-09 plugin id 110965 published 2018-07-09 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110965 title openSUSE Security Update : unzip (openSUSE-2018-709) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-0700.NASL description From Red Hat Security Advisory 2015:0700 : Updated unzip packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The unzip utility is used to list, test, or extract files from a zip archive. A buffer overflow was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary code when the archive was tested with unzip last seen 2020-06-01 modified 2020-06-02 plugin id 81947 published 2015-03-19 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81947 title Oracle Linux 6 / 7 : unzip (ELSA-2015-0700) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1883-1.NASL description This update for unzip fixes the following issues : - CVE-2014-9636: Prevent denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression (bsc#914442) - CVE-2018-1000035: Prevent heap-based buffer overflow in the processing of password-protected archives that allowed an attacker to perform a denial of service or to possibly achieve code execution (bsc#1080074) The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-21 modified 2019-01-02 plugin id 120030 published 2019-01-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120030 title SUSE SLED15 / SLES15 Security Update : unzip (SUSE-SU-2018:1883-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2489-1.NASL description Michal Zalewski discovered that unzip incorrectly handled certain malformed zip archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 81162 published 2015-02-04 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81162 title Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : unzip vulnerability (USN-2489-1) NASL family Fedora Local Security Checks NASL id FEDORA_2015-1993.NASL description - Fix CVE-2014-8139 - CRC32 verification heap-based buffer overread (#1174844) - Fix CVE-2014-8140 - out-of-bounds write issue in test_compr_eb() (#1174851) - Fix CVE-2014-8141 - getZip64Data() out-of-bounds read issues (#1174856) - Fix buffer overflow on long file sizes (#1191136) - CVE-2014-9636 unzip: out-of-bounds read/write in test_compr_eb() in extract.c - re-fix (see https://bugzilla.redhat.com/show_bug.cgi?id=1184985#c7) - Fix CVE-2014-8139 - CRC32 verification heap-based buffer overread (#1174844) - Fix CVE-2014-8140 - out-of-bounds write issue in test_compr_eb() (#1174851) - Fix CVE-2014-8141 - getZip64Data() out-of-bounds read issues (#1174856) - Fix buffer overflow on long file sizes (#1191136) - Fix CVE-2014-8139 - CRC32 verification heap-based buffer overread (#1174844) - Fix CVE-2014-8140 - out-of-bounds write issue in test_compr_eb() (#1174851) - Fix CVE-2014-8141 - getZip64Data() out-of-bounds read issues (#1174856) - Fix buffer overflow on long file sizes (#1191136) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-02-24 plugin id 81454 published 2015-02-24 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81454 title Fedora 20 : unzip-6.0-17.fc20 (2015-1993) NASL family Fedora Local Security Checks NASL id FEDORA_2015-1267.NASL description Security fix for CVE-2014-9636 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-01-30 plugin id 81095 published 2015-01-30 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81095 title Fedora 20 : unzip-6.0-15.fc20 (2015-1267) NASL family Fedora Local Security Checks NASL id FEDORA_2015-2035.NASL description - Fix CVE-2014-8139 - CRC32 verification heap-based buffer overread (#1174844) - Fix CVE-2014-8140 - out-of-bounds write issue in test_compr_eb() (#1174851) - Fix CVE-2014-8141 - getZip64Data() out-of-bounds read issues (#1174856) - Fix buffer overflow on long file sizes (#1191136) - CVE-2014-9636 unzip: out-of-bounds read/write in test_compr_eb() in extract.c - re-fix (see https://bugzilla.redhat.com/show_bug.cgi?id=1184985#c7) - Fix CVE-2014-8139 - CRC32 verification heap-based buffer overread (#1174844) - Fix CVE-2014-8140 - out-of-bounds write issue in test_compr_eb() (#1174851) - Fix CVE-2014-8141 - getZip64Data() out-of-bounds read issues (#1174856) - Fix buffer overflow on long file sizes (#1191136) - Fix CVE-2014-8139 - CRC32 verification heap-based buffer overread (#1174844) - Fix CVE-2014-8140 - out-of-bounds write issue in test_compr_eb() (#1174851) - Fix CVE-2014-8141 - getZip64Data() out-of-bounds read issues (#1174856) - Fix buffer overflow on long file sizes (#1191136) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-02-16 plugin id 81367 published 2015-02-16 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81367 title Fedora 21 : unzip-6.0-20.fc21 (2015-2035) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2015-0700.NASL description Updated unzip packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The unzip utility is used to list, test, or extract files from a zip archive. A buffer overflow was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary code when the archive was tested with unzip last seen 2020-06-01 modified 2020-06-02 plugin id 81925 published 2015-03-19 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81925 title CentOS 6 / 7 : unzip (CESA-2015:0700) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_E543C6F8ABF211E48AC7D050992ECDE8.NASL description Ubuntu Security Notice USN-2489-1 reports : Michal Zalewski discovered that unzip incorrectly handled certain malformed zip archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 81154 published 2015-02-04 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81154 title FreeBSD : unzip -- out of boundary access issues in test_compr_eb (e543c6f8-abf2-11e4-8ac7-d050992ecde8) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3152.NASL description A flaw was found in the test_compr_eb() function allowing out-of-bounds read and write access to memory locations. By carefully crafting a corrupt ZIP archive an attacker can trigger a heap overflow, resulting in application crash or possibly having other unspecified impact. last seen 2020-03-17 modified 2015-02-04 plugin id 81149 published 2015-02-04 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81149 title Debian DSA-3152-1 : unzip - security update NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-509.NASL description This update for unzip fixes the following issues : - CVE-2014-9636: Prevent denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression (bsc#914442) - CVE-2018-1000035: Prevent heap-based buffer overflow in the processing of password-protected archives that allowed an attacker to perform a denial of service or to possibly achieve code execution (bsc#1080074) This non-security issue was fixed : +- Allow processing of Windows zip64 archives (Windows archivers set total_disks field to 0 but per standard, valid values are 1 and higher) (bnc#910683) This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 123214 published 2019-03-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123214 title openSUSE Security Update : unzip (openSUSE-2019-509) NASL family Scientific Linux Local Security Checks NASL id SL_20150318_UNZIP_ON_SL6_X.NASL description A buffer overflow was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary code when the archive was tested with unzip last seen 2020-03-18 modified 2015-03-26 plugin id 82263 published 2015-03-26 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82263 title Scientific Linux Security Update : unzip on SL6.x, SL7.x i386/x86_64 (20150318) NASL family SuSE Local Security Checks NASL id SUSE_11_UNZIP-150220.NASL description This update fixes the following security issues : - input sanitization errors. (bnc#909214). (CVE-2014-8139) - out-of-bounds read/write in test_compr_eb() (bnc#914442). (CVE-2014-9636) last seen 2020-06-01 modified 2020-06-02 plugin id 81542 published 2015-02-26 reporter This script is Copyright (C) 2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81542 title SuSE 11.3 Security Update : unzip (SAT Patch Number 10344) NASL family SuSE Local Security Checks NASL id SUSE_11_UNZIP-150221.NASL description This update fixes the following security issues : - input sanitization errors. (bnc#909214). (CVE-2014-8139) - out-of-bounds read/write in test_compr_eb() (bnc#914442). (CVE-2014-9636) last seen 2020-06-01 modified 2020-06-02 plugin id 81543 published 2015-02-26 reporter This script is Copyright (C) 2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81543 title SuSE 11.3 Security Update : unzip (SAT Patch Number 10344)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148792.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148849.html
- http://seclists.org/oss-sec/2014/q4/1131
- http://seclists.org/oss-sec/2014/q4/489
- http://seclists.org/oss-sec/2014/q4/496
- http://seclists.org/oss-sec/2015/q1/216
- http://secunia.com/advisories/62738
- http://secunia.com/advisories/62751
- http://www.debian.org/security/2015/dsa-3152
- http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450
- http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
- http://www.securityfocus.com/bid/71825
- http://www.ubuntu.com/usn/USN-2489-1
- https://security.gentoo.org/glsa/201611-01