[Secure-testing-team] Bug#847485: unzip: CVE-2014-9913: buffer oveflowin "unzip -l" via list_files() in list.c
Salvatore Bonaccorso
carnil at debian.org
Thu Dec 8 16:32:38 UTC 2016
Source: unzip
Version: 6.0-16
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for unzip.
CVE-2014-9913[0]:
Buffer overflow in "unzip -l" via list_files() in list.c
Reproducible with same PoZ.zip as generated in [1], but not the same issue.
Will fill separate bug for that.
$ unzip -l PoZ.zip
Archive: PoZ.zip
Length Date Time Name
--------- ---------- ----- ----
*** buffer overflow detected ***: unzip terminated
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x70bcb)[0x7efc039dabcb]
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7efc03a630e7]
/lib/x86_64-linux-gnu/libc.so.6(+0xf7220)[0x7efc03a61220]
/lib/x86_64-linux-gnu/libc.so.6(+0xf67d9)[0x7efc03a607d9]
/lib/x86_64-linux-gnu/libc.so.6(_IO_default_xsputn+0xac)[0x7efc039debec]
/lib/x86_64-linux-gnu/libc.so.6(_IO_vfprintf+0xcd3)[0x7efc039b19f3]
/lib/x86_64-linux-gnu/libc.so.6(__vsprintf_chk+0x8c)[0x7efc03a6086c]
/lib/x86_64-linux-gnu/libc.so.6(__sprintf_chk+0x7d)[0x7efc03a607bd]
unzip[0x40f2e3]
unzip[0x411004]
unzip[0x41172f]
unzip[0x403c61]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1)[0x7efc0398a2b1]
unzip[0x401e39]
======= Memory map: ========
00400000-00426000 r-xp 00000000 fd:00 276486 /usr/bin/unzip
00625000-00626000 r--p 00025000 fd:00 276486 /usr/bin/unzip
00626000-00627000 rw-p 00026000 fd:00 276486 /usr/bin/unzip
00627000-00719000 rw-p 00000000 00:00 0
02362000-02383000 rw-p 00000000 00:00 0 [heap]
7efc03753000-7efc03769000 r-xp 00000000 fd:00 524295 /lib/x86_64-linux-gnu/libgcc_s.so.1
7efc03769000-7efc03968000 ---p 00016000 fd:00 524295 /lib/x86_64-linux-gnu/libgcc_s.so.1
7efc03968000-7efc03969000 r--p 00015000 fd:00 524295 /lib/x86_64-linux-gnu/libgcc_s.so.1
7efc03969000-7efc0396a000 rw-p 00016000 fd:00 524295 /lib/x86_64-linux-gnu/libgcc_s.so.1
7efc0396a000-7efc03aff000 r-xp 00000000 fd:00 531855 /lib/x86_64-linux-gnu/libc-2.24.so
7efc03aff000-7efc03cfe000 ---p 00195000 fd:00 531855 /lib/x86_64-linux-gnu/libc-2.24.so
7efc03cfe000-7efc03d02000 r--p 00194000 fd:00 531855 /lib/x86_64-linux-gnu/libc-2.24.so
7efc03d02000-7efc03d04000 rw-p 00198000 fd:00 531855 /lib/x86_64-linux-gnu/libc-2.24.so
7efc03d04000-7efc03d08000 rw-p 00000000 00:00 0
7efc03d08000-7efc03d17000 r-xp 00000000 fd:00 524381 /lib/x86_64-linux-gnu/libbz2.so.1.0.4
7efc03d17000-7efc03f16000 ---p 0000f000 fd:00 524381 /lib/x86_64-linux-gnu/libbz2.so.1.0.4
7efc03f16000-7efc03f17000 r--p 0000e000 fd:00 524381 /lib/x86_64-linux-gnu/libbz2.so.1.0.4
7efc03f17000-7efc03f18000 rw-p 0000f000 fd:00 524381 /lib/x86_64-linux-gnu/libbz2.so.1.0.4
7efc03f18000-7efc03f3b000 r-xp 00000000 fd:00 531850 /lib/x86_64-linux-gnu/ld-2.24.so
7efc03f8d000-7efc04128000 r--p 00000000 fd:00 264231 /usr/lib/locale/locale-archive
7efc04128000-7efc0412a000 rw-p 00000000 00:00 0
7efc04136000-7efc0413a000 rw-p 00000000 00:00 0
7efc0413a000-7efc0413b000 r--p 00022000 fd:00 531850 /lib/x86_64-linux-gnu/ld-2.24.so
7efc0413b000-7efc0413c000 rw-p 00023000 fd:00 531850 /lib/x86_64-linux-gnu/ld-2.24.so
7efc0413c000-7efc0413d000 rw-p 00000000 00:00 0
7ffc84a93000-7ffc84ab4000 rw-p 00000000 00:00 0 [stack]
7ffc84ba5000-7ffc84ba7000 r--p 00000000 00:00 0 [vvar]
7ffc84ba7000-7ffc84ba9000 r-xp 00000000 00:00 0 [vdso]
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2014-9913
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9913
[1] https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list