oss-sec mailing list archives

Re: LZW decompression issues

From: Florian Weimer <fw () deneb enyo de>
Date: Wed, 28 Sep 2011 21:11:32 +0200

* Tomas Hoger:

Following bugzillas list various code bases that were checked for the
issue and if they are affected or not:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2895
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2896


Not good. 8-(

Looking at <http://minnie.tuhs.org/cgi-bin/utree.pl?file=4.3BSD-Reno/src/usr.bin/compress/compress.c>,
it seems that these constants

| char_type lmask[9] = {0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80, 0x00};
| char_type rmask[9] = {0x00, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f, 0xff};

can be used to build signatures to spot candidate binaries.

Current thread:

Re: LZW decompression issues, (continued)
- - Re: LZW decompression issues Colin Percival (Sep 28)
  - Re: LZW decompression issues Tomas Hoger (Sep 28)
    - Re: LZW decompression issues Solar Designer (Sep 28)
  - Re: LZW decompression issues Tavis Ormandy (Sep 28)
    - Re: LZW decompression issues Solar Designer (Sep 28)
    - Re: LZW decompression issues Tomas Hoger (Sep 29)
    - Re: LZW decompression issues Tim Zingelman (Sep 29)
    - Re: LZW decompression issues Joerg Sonnenberger (Sep 29)
    - Re: LZW decompression issues Solar Designer (Sep 29)
    - Re: LZW decompression issues Tavis Ormandy (Sep 29)
- Re: LZW decompression issues Florian Weimer (Sep 28)