Arch Linux Security Advisory ASA-201605-24
=========================================
Severity: Critical
Date    : 2016-05-18
CVE-ID  : CVE-2016-2334 CVE-2016-2335
Package : p7zip
Type    : arbitrary code execution
Remote  : Yes
Link    : https://wiki.archlinux.org/title/CVE

Summary
======
The package p7zip before version 15.14.1-2 is vulnerable to arbitrary
code execution.

Resolution
=========
Upgrade to 15.14.1-2.

# pacman -Syu "p7zip>=15.14.1-2"

The problems have been fixed upstream but no release is available yet.

Workaround
=========
None.

Description
==========
- CVE-2016-2334 (arbitrary code execution)

An exploitable heap overflow vulnerability exists in the
NArchive::NHfs::CHandler::ExtractZlibFile method functionality of 7zip
that can lead to arbitrary code execution.
Before decompression, ExtractZlibFile method read block size and its
offset from file and after that read block data into static size buffer
"buf". Because there is no check whether size of block is bigger than
size of "buf", malformed size of block exceeding mentioned "buf" size
will cause buffer overflow and heap corruption.

- CVE-2016-2335 (arbitrary code execution)

An out of bound read vulnerability exists in the
CInArchive::ReadFileItem method functionality of 7zip for handling UDF
files that can lead to denial of service or code execution.
Because volumes can have more than one partition map their objects are
keep in object vector. To start looking for item, method tries to
achieve proper partition object using to this mentioned partition maps
object vector and "PartitionRef" field from Long Allocation Descriptor.
Lack of checking whether "PartitionRef" field is bigger than available
amount of partition map objects cause read out of bounds and can lead
in some circumstances to arbitrary code execution.

Impact
=====
A remote attacker is able to use a specially crafted archive that, when
processed, is leading to arbitrary code execution.

References
=========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2334
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2335
https://talosintelligence.com/vulnerability_reports/TALOS-2016-0093/
https://talosintelligence.com/vulnerability_reports/TALOS-2016-0094/

ArchLinux: 201605-24: p7zip: arbitrary code execution

May 18, 2016

Summary

- CVE-2016-2334 (arbitrary code execution) An exploitable heap overflow vulnerability exists in the NArchive::NHfs::CHandler::ExtractZlibFile method functionality of 7zip that can lead to arbitrary code execution. Before decompression, ExtractZlibFile method read block size and its offset from file and after that read block data into static size buffer "buf". Because there is no check whether size of block is bigger than size of "buf", malformed size of block exceeding mentioned "buf" size will cause buffer overflow and heap corruption.
- CVE-2016-2335 (arbitrary code execution)
An out of bound read vulnerability exists in the CInArchive::ReadFileItem method functionality of 7zip for handling UDF files that can lead to denial of service or code execution. Because volumes can have more than one partition map their objects are keep in object vector. To start looking for item, method tries to achieve proper partition object using to this mentioned partition maps object vector and "PartitionRef" field from Long Allocation Descriptor. Lack of checking whether "PartitionRef" field is bigger than available amount of partition map objects cause read out of bounds and can lead in some circumstances to arbitrary code execution.

Resolution

Upgrade to 15.14.1-2. # pacman -Syu "p7zip>=15.14.1-2"
The problems have been fixed upstream but no release is available yet.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2334 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2335 https://talosintelligence.com/vulnerability_reports/TALOS-2016-0093/ https://talosintelligence.com/vulnerability_reports/TALOS-2016-0094/

Severity
Package : p7zip
Type : arbitrary code execution
Remote : Yes
Link : https://wiki.archlinux.org/title/CVE

Workaround

None.

Related News

19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved