Current-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
NetBSD Security Advisory 2010-007: Integer overflow in libbz2 decompression code
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NetBSD Security Advisory 2010-007
=================================
Topic: Integer overflow in libbz2 decompression code
Version: NetBSD-current: source prior to September 21, 2010
NetBSD 5.0: affected
NetBSD 4.0.1: affected
pkgsrc: bzip2 package prior to 1.0.6
Severity: potential remote DoS or code-injection attack
Fixed: NetBSD-current: Sep 20, 2010
NetBSD-5 branch Sep 23, 2010
NetBSD-5-0 branch Sep 23, 2010
NetBSD-4 branch Sep 23, 2010
NetBSD-4-0 branch Sep 23, 2010
pkgsrc 2010Q2: bzip2-1.0.6 corrects this issue
Please note that NetBSD releases prior to 4.0 are no longer supported.
It is recommended that all users upgrade to a supported release.
Abstract
========
The bzip2/bunzip2 functions and the libbz2 library provide compression
and decompression functionality similar to gzip/gunzip and libgzip but
with better compression ratio and worse compression performance.
The bug described in CVE-2010-0405 affects decompression and can cause
a local or remote DoS attack or possible random code execution
in a program that tries to decompress attacker controlled streams.
Technical Details
=================
There is an integer overflow in the bzip2 decompression code which
can be used to cause a negative value to be used for a buffer size.
The bzip code is also used in other derivative programs such as tar(1)
and pax(1), so utilities using these programs can be affected.
Solutions and Workarounds
=========================
- - Patch, recompile, and re-install libbz2, restart all daemons possibly
affected
CVS branch file revision
------------- ---------------- --------
HEAD src/dist/bzip2/decompress.c 1.2
netbsd-5.0 src/dist/bzip2/decompress.c 1.1.1.3
netbsd-5 src/dist/bzip2/decompress.c 1.1.1.3
netbsd-4.0 src/dist/bzip2/decompress.c 1.1.1.3
netbsd-4 src/dist/bzip2/decompress.c 1.1.1.3
The following instructions briefly summarize how to update and
recompile libbz2. In these instructions, replace:
BRANCH with the appropriate CVS branch (from the above table)
FILES with the file names for that branch (from the above table)
To update from CVS, re-build, and re-install libbz2:
# cd src
# cvs update -d -P -r BRANCH FILES
# cd lib/libbz2
# make USETOOLS=no cleandir dependall
# make USETOOLS=no install
# cd ../../rescue
# make USETOOLS=no cleandir dependall
# make USETOOLS=no install
Alternatively, apply the following patch (with potential offset
differences):
http://ftp.NetBSD.org/pub/NetBSD/security/patches/SA2010-007-libbz2.patch
For more information on building (oriented towards rebuilding the
entire system, however) see:
http://www.netbsd.org/guide/en/chap-build.html
Thanks To
=========
Mikolaj Izdebski for finding and reporting the vulnerability.
Christos Zoulas for fixing the problem.
Revision History
================
2010-09-27 Initial release
More Information
================
Advisories may be updated as new information becomes available.
The most recent version of this advisory (PGP signed) can be found at
http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2010-007.txt.asc
Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.org/ and http://www.NetBSD.org/Security/ .
Copyright 2010, The NetBSD Foundation, Inc. All Rights Reserved.
Redistribution permitted only in full, unmodified form.
$NetBSD: NetBSD-SA2010-007.txt,v 1.4 2010/09/27 20:41:45 tonnerre Exp $
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (NetBSD)
iQIcBAEBAgAGBQJMoQRgAAoJEAZJc6xMSnBudBAQALrzG5JCEorlWj2SlcKioO4j
HSTp7K70cT1Ry6YLraqP4CocBeNTv7QoDcvezBpk0KYinTzTaz+jHykWWKl+WR3a
sUFqdsyhJp4eaibpqLeaZlesEinMFhVgwwG4MC2ZMpddZPdcm1FpJ+L01ANI9fKo
NQhPFQ2OxOlpaZjLundE4Iij7vQw9nTo6+ierZYi4SjIZC0DYlPb8aySDpnRa4DV
W2H50hCfJlQKGjQsQiR8alS+JUldG4x59Ci+pTE8QoY6Ndh3Vrwryf/ZaZlBxJ/g
x93emKXFIrz/SwCQM5kQCXOok96tTKUdMr6tza/gETvjtkiYOtoOBpz4Y3Af5mrU
GLgnwJjVQ+uzk7TSOebmOHHCGt/tUhiQdccXzLc141rgeXtrFs4+2hMW4X3RYg7U
puZb7XTRkoCE9lBMZ7h6AMTivbcNFN4gsVHZEa0raQrvV5N3SQCaxSdLiWYS2Rx1
uYGhTigsOtiMoz/2jyb01FugMYgbi3STPtKXHsJ8lzkAX0FwESvsHFY4/1PLrGMZ
Vb9CXzLiM0CURv2YgC1ReUBTIHM6DrtX/HCcNZ0VV19/IsMkZ5iWq2deZu07m5Hu
fu2zEMDeKLtOUCZwSwbvLpDUill059rfg1NYNCzETqpiCCMTLUW/i0/YcrMfzjWU
Sg/u7Cu6yxYp1LrynFDi
=65/e
-----END PGP SIGNATURE-----
Home |
Main Index |
Thread Index |
Old Index