CVE-2004-1010
CVSS10.0
发布时间 :2005-03-01 00:00:00
修订时间 :2016-10-17 22:50:37
NMCOPS    

[原文]Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when using recursive folder compression, allows remote attackers to execute arbitrary code via a ZIP file containing a long pathname.


[CNNVD]Info-ZIP 缓冲区溢出漏洞(CNNVD-200503-034)

        Info-Zip 2.3及可能的早期版本在使用递归文件夹压缩时存在缓冲区溢出,远程攻击者可以通过含有长文件名的ZIP文件执行任意代码。

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9848Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when using recursive folder compression, allows remote attackers to execute a...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1010
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1010
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200503-034
(官方数据源) CNNVD

- 其它链接及资源

http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/028379.html
(UNKNOWN)  FULLDISC  20041103 [HV-MED] Zip/Linux long path buffer overflow
http://marc.info/?l=bugtraq&m=109958840611053&w=2
(UNKNOWN)  BUGTRAQ  20041103 [HV-MED] Zip/Linux long path buffer overflow
http://security.gentoo.org/glsa/glsa-200411-16.xml
(UNKNOWN)  GENTOO  GLSA-200411-16
http://www.ciac.org/ciac/bulletins/p-072.shtml
(UNKNOWN)  CIAC  P-072
http://www.debian.org/security/2005/dsa-624
(UNKNOWN)  DEBIAN  DSA-624
http://www.hexview.com/docs/20041103-1.txt
(UNKNOWN)  MISC  http://www.hexview.com/docs/20041103-1.txt
http://www.info-zip.org/FAQ.html
(UNKNOWN)  CONFIRM  http://www.info-zip.org/FAQ.html
http://www.mandriva.com/security/advisories?name=MDKSA-2004:141
(UNKNOWN)  MANDRAKE  MDKSA-2004:141
http://www.redhat.com/support/errata/RHSA-2004-634.html
(UNKNOWN)  REDHAT  RHSA-2004:634
http://www.securityfocus.com/bid/11603
(VENDOR_ADVISORY)  BID  11603
http://www.turbolinux.com/security/2005/TLSA-2005-18.txt
(UNKNOWN)  TURBO  TLSA-2005-18
http://www.ubuntulinux.org/support/documentation/usn/usn-18-1
(UNKNOWN)  UBUNTU  USN-18-1
http://xforce.iss.net/xforce/xfdb/17956
(UNKNOWN)  XF  infozip-compressed-folder-bo(17956)
https://bugzilla.fedora.us/show_bug.cgi?id=2255
(UNKNOWN)  FEDORA  FLSA:2255

- 漏洞信息

Info-ZIP 缓冲区溢出漏洞
危急 缓冲区溢出
2005-03-01 00:00:00 2005-10-20 00:00:00
远程  
        Info-Zip 2.3及可能的早期版本在使用递归文件夹压缩时存在缓冲区溢出,远程攻击者可以通过含有长文件名的ZIP文件执行任意代码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        Slackware Linux -current
        Slackware infozip-5.52-i486-1.tgz
        ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/in fozip-5.52-i486-1.tgz
        Slackware Linux 10.0
        Slackware infozip-5.52-i486-1.tgz
        ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/ infozip-5.52-i486-1.tgz
        Slackware Linux 10.1
        Slackware infozip-5.52-i486-1.tgz
        ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/ infozip-5.52-i486-1.tgz
        Info-ZIP Zip 2.3
        Debian zip_2.30-5woody2_alpha.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2_al pha.deb
        Debian zip_2.30-5woody2_arm.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2_ar m.deb
        Debian zip_2.30-5woody2_hppa.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2_hp pa.deb
        Debian zip_2.30-5woody2_i386.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2_i3 86.deb
        Debian zip_2.30-5woody2_ia64.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2_ia 64.deb
        Debian zip_2.30-5woody2_m68k.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2_m6 8k.deb
        Debian zip_2.30-5woody2_mips.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2_mi ps.deb
        Debian zip_2.30-5woody2_mipsel.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2_mi psel.deb
        Debian zip_2.30-5woody2_powerpc.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2_po werpc.deb
        Debian zip_2.30-5woody2_s390.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2_s3 90.deb
        Debian zip_2.30-5woody2_sparc.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2_sp arc.deb
        Fedora zip-2.3-26.2.i386.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        Fedora zip-2.3-26.2.x86_64.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        Fedora zip-2.3-26.3.i386.rpm
        RedHat Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        Fedora zip-2.3-26.3.x86_64.rpm
        RedHat Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        Fedora zip-debuginfo-2.3-26.2.i386.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        Fedora zip-debuginfo-2.3-26.2.x86_64.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        Fedora zip-debuginfo-2.3-26.3.i386.rpm
        RedHat Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        Fedora zip-debuginfo-2.3-26.3.x86_64.rpm
        RedHat Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        Mandrake zip-2.3-11.1.100mdk.amd64.rpm
        Mandrake Linux 10.0/AMD64
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake zip-2.3-11.1.100mdk.i586.rpm
        Mandrake Linux 10.0
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake zip-2.3-11.1.101mdk.i586.rpm
        Mandrake Linux 10.1
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake zip-2.3-11.1.101mdk.x86_64.rpm
        Mandrake Linux 10.1/x86_64
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake zip-2.3-11.1.92mdk.amd64.rpm
        Mandrake Linux 9.2/AMD64
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake zip-2.3-11.1.92mdk.i586.rpm
        Mandrake Linux 9.2
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake zip-2.3-9.1.C21mdk.i586.rpm
        Mandrake Corporate Server 2.1
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake zip-2.3-9.1.C21mdk.x86_64.rpm
        Mandrake Corporate Server 2.1/x86_64
        http://www.mandrakesecure.net/en/ftp.php
        RedHat zip-2.3-26.1.0.7.3.legacy.i386.rpm
        http://download.fedoralegacy.org/r

- 漏洞信息 (F35616)

dsa-624.txt (PacketStormID:F35616)
2005-01-06 00:00:00
 
advisory,overflow,arbitrary
linux,debian
CVE-2004-1010
[点击下载]

Debian Security Advisory 624-1 - A buffer overflow has been discovered in zip, the archiver for .zip files. When doing recursive folder compression the program did not check the resulting path length, which would lead to memory being overwritten. A malicious person could convince a user to create an archive containing a specially crafted path name, which could lead to the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 624-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
January 5th, 2004                       http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : zip
Vulnerability  : buffer overflow
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2004-1010

A buffer overflow has been discovered in zip, the archiver for .zip
files.  When doing recursive folder compression the program did not
check the resulting path length, which would lead to memory being
overwritten.  A malicious person could convince a user to create an
archive containing a specially crafted path name, which could lead to
the execution of arbitrary code.

For the stable distribution (woody) this problem has been fixed in
version 2.30-5woody2.

For the unstable distribution (sid) this problem has been fixed in
version 2.30-8.

We recommend that you upgrade your zip package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2.dsc
      Size/MD5 checksum:      563 6591a439c2d018f0ac27956eb798a235
    http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2.diff.gz
      Size/MD5 checksum:    17849 800ce2d42e7b980b3678e07af5370c18
    http://security.debian.org/pool/updates/main/z/zip/zip_2.30.orig.tar.gz
      Size/MD5 checksum:   728636 9426b2042139de1f112f271ebdcb0ff0

  Alpha architecture:

    http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2_alpha.deb
      Size/MD5 checksum:   126748 7cf6bdf363740b74f1870045974a56e5

  ARM architecture:

    http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2_arm.deb
      Size/MD5 checksum:    92916 16cd350936aa0af3ea96f281d51a7593

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2_i386.deb
      Size/MD5 checksum:    88770 e5418be39ba5b40385cf410305c244ec

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2_ia64.deb
      Size/MD5 checksum:   147144 12c28325afdf27f027c949f035b73423

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2_hppa.deb
      Size/MD5 checksum:   100354 9e40bc0998846233c5a659be5203eba1

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2_m68k.deb
      Size/MD5 checksum:    85306 e7ad986d4c81a64bf9ad1779af36cb35

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2_mips.deb
      Size/MD5 checksum:   110088 32a6fd4fad18a252793398230d0681d7

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2_mipsel.deb
      Size/MD5 checksum:   109978 b380dd0331e6e04bd6293d2914f4f5de

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2_powerpc.deb
      Size/MD5 checksum:    93960 c958e82d88be4f29d69918359a6d26b7

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2_s390.deb
      Size/MD5 checksum:    90742 62f27d6e6860a6790c76ebf270e4b349

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2_sparc.deb
      Size/MD5 checksum:   107756 588c6c0288dbdb2272fc3a6a6e3e9855


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFB26G9W5ql+IAeqTIRAtw7AKCHrArR31izhVAySPzL9OQK2oNcEwCfQz4E
ahYYBNb2X1Yt3vJFm5Hdue0=
=r0DN
-----END PGP SIGNATURE-----

    

- 漏洞信息

11414
Info-Zip Recursive Compression Path Overflow
Context Dependent Input Manipulation
Loss of Integrity Upgrade
Exploit Public Vendor Verified

- 漏洞描述

A local overflow exists in Zip 2.3. Zip fails to properly perform recursive folder compression for long paths resulting in a buffer overflow. With a specially crafted path, an attacker can possibly execute arbitrary code resulting in a loss of integrity.

- 时间线

2004-11-03 2004-10-03
2004-11-03 2005-03-11

- 解决方案

It has been reported that this issue has been fixed. Upgrade to version 2.31, or higher, to address this vulnerability.

- 相关参考

- 漏洞作者

- 漏洞信息

Info-ZIP Zip Remote Recursive Directory Compression Buffer Overflow Vulnerability
Boundary Condition Error 11603
Yes No
2004-11-04 12:00:00 2009-07-12 08:06:00
The individual responsible for the discovery of this issue is currently unknown; HexView <vuln@hexview.com> disclosed this issue.

- 受影响的程序版本

Turbolinux Turbolinux Workstation 8.0
Turbolinux Turbolinux Workstation 7.0
Turbolinux Turbolinux Server 10.0
Turbolinux Turbolinux Server 8.0
Turbolinux Turbolinux Server 7.0
Turbolinux Turbolinux Desktop 10.0
Turbolinux Home
Turbolinux Appliance Server Workgroup Edition 1.0
Turbolinux Appliance Server Hosting Edition 1.0
Slackware Linux 10.1
Slackware Linux 10.0
Slackware Linux 9.1
Slackware Linux 9.0
Slackware Linux 8.1
Slackware Linux -current
SGI ProPack 3.0
Info-ZIP Zip 2.3
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Gentoo Linux 1.4
+ Gentoo Linux
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
+ Red Hat Enterprise Linux AS 3
+ Red Hat Enterprise Linux AS 2.1
+ Red Hat Fedora Core3
+ Red Hat Fedora Core2
+ Red Hat Fedora Core1
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 3
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux 9.0 i386
+ RedHat Linux 8.0 i686
+ RedHat Linux 8.0 i386
+ RedHat Linux 8.0
+ RedHat Linux 7.3 i386
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Info-ZIP Zip 2.1
+ Oracle Oracle10g Application Server 10.1 .0.2
+ Oracle Oracle10g Enterprise Edition 10.1 .0.2
+ Oracle Oracle10g Personal Edition 10.1 .0.2
+ Oracle Oracle10g Standard Edition 10.1 .0.2
Avaya Network Routing
Avaya Modular Messaging (MSS) 2.0
Avaya Modular Messaging (MSS) 1.1
Avaya MN100
Avaya Intuity LX
Avaya CVLAN

- 漏洞讨论

A remote recursive directory compression buffer overflow vulnerability reportedly affects Info-ZIP Zip. This issue is due to insufficient buffer boundary verification prior to copying user-supplied data.

Successful exploitation of this issue would allow an attacker to execute arbitrary code on the affected computer with the privileges of a user running the affected application. This issue would likely facilitate unauthorized access or privilege escalation.

Reports from Harry Johnston indicate the OraClient 10g component of Oracle Database Server 10g incorporates a vulnerable version of Info-ZIP Zip and is therefore vulnerable to this issue.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

Slackware has released an advisory (SSA:2005-121-01) and fixes to address this issue. Please see the referenced advisory for more information.

Ubuntu has released an advisory (USN-18-1) to address this issue. Please see the referenced advisory for more information.

RedHat Fedora has released advisory FEDORA-2004-399 along with fixes for this issue in their Fedora Core 2 packages. Please see the referenced advisory for more information.

RedHat Fedora has released advisory FEDORA-2004-400 along with fixes for this issue in their Fedora Core 3 packages. Please see the referenced advisory for more information.

Gentoo Linux has released advisory (GLSA 200411-16) dealing with this issue. Gentoo advises that all zip users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-arch/zip-2.3-r4"

For more information please see the referenced Gentoo advisory.

Mandrake has released advisory MDKSA-2004:141 to address this issue. Please see the referenced advisory for further information on obtaining and applying fixes.

SUSE has released an advisory (SUSE-SR:2004:003) that address this and various other issues. Please see the referenced advisory for more information.

Red Hat has released advisory RHSA-2004:634-08 to address this issue in Red Hat Enterprise Linux. Please see the advisory in Web references for more information.

Debian has released an advisory DSA 624-1 to address this issue. Please see the referenced advisory for more information.

SGI has released advisory 20050101-01-U to address various issues in SGI Advanced Linux Environment 3. This advisory includes updated SGI ProPack 3 Service Pack 3 packages. Please see the referenced advisory for more information.

Avaya has released advisory ASA-2005-019 to document the affected versions of Avaya products. Please see the referenced advisory for further information.

Turbolinux has released advisory Turbolinux Security Announcement 31/Jan/2005 to address various issues. Please see the referenced advisory for more information.

Fedora has released an advisory (Fedora Legacy Update Advisory FLSA:2255) to address this issue in Red Hat Linux 7.3 - i386, Red Hat Linux 9 - i386, and Fedora Core 1 - i386. Please see the referenced advisory for more information.


Slackware Linux -current

Slackware Linux 10.0

Slackware Linux 10.1

Info-ZIP Zip 2.3

SGI ProPack 3.0

Slackware Linux 8.1

Slackware Linux 9.0

Slackware Linux 9.1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站