oss-sec mailing list archives
Re: Pointer misuse unziping files with busybox
From: cve-assign () mitre org
Date: Thu, 29 Oct 2015 02:04:51 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
http://git.busybox.net/busybox/commit/?id=1de25a6e87e0e627aa34298105a3d17c60a1f44e
Unziping a specially crafted zip file results in a computation of an invalid pointer and a crash reading an invalid address.
Could you please comment directly about the likelihood of exploitability for code execution? See the http://www.openwall.com/lists/oss-security/2015/10/11/5 post. We currently feel that a CVE assignment for a non-exploitable unzip crash on BusyBox may be unlikely, because BusyBox wouldn't realistically be used for deployment of a program that remains running to offer an unzipping service to multiple clients. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWMbYWAAoJEL54rhJi8gl5KOIP/0glPnY2FhWwCDTKcVfjzfGX C0qdsZ7U75V9+ECFvd3VvsogMs/WFt+UaP+wGCkB2VM9WHXlH5k0tMlqQZxIb/fY Nixc54gGFxz3DI6Gm22mQNS2nz1nnjLHvdAfPsKorzb30h/UEOT2msdsBpo/ya8W Z9ELQ8nPmxgjeXw2jQ1lzi8Ng36GhZMUShqKq6RIJRcFDTrtLyeIipux7pKXABEg GKezwuTlQq0ek/ausiaD2I97GsrjobWm590cdVhrUcuhcSajgCgtyYLWVfCqUAhM dvHORPcD0StGedSWqRqVQULMlDdEWyay+icTibAFnuxw/IJan1o3KRNXwG3dPIjW AZs5iJdRZpCq3zaEu6gFRjz1TthBkkFWlOmjxMInHJgqZKVLZ/gsE6S2/V/EqFpX gEpmm68yjGAYWzAUwArVM9am1sz1Pso8XOrLbExC9kkc2UxDNpK4ANMxcFehGeKc /mjodcq7lYoZdtKRasPCGhSJyg4Pd1+fJvSpvcJCQR+TZtucnUeF68VdN+Co8po6 YM9bV9MtzORnAJF3vZWfkjvWanLhL3UdSuh7iY6sg6m+Ui0FscCFCcHccgwSM62k 59/04Qw1Z9xav6hq3Dd9KR6EoCpJwiZkfBqLG9+Qejcj8q+fp1Vgqea3iJJNpPqA Hwp1wqHbGbeg1vJhOBFk =VGYW -----END PGP SIGNATURE-----
Current thread:
- Pointer misuse unziping files with busybox Gustavo Grieco (Oct 25)
- Re: Pointer misuse unziping files with busybox Gustavo Grieco (Oct 26)
- Re: Pointer misuse unziping files with busybox cve-assign (Oct 28)
- Re: Pointer misuse unziping files with busybox Gustavo Grieco (Oct 30)
- Re: Re: Pointer misuse unziping files with busybox Rich Felker (Oct 30)
- Re: Pointer misuse unziping files with busybox cve-assign (Nov 03)