F5 Networks: K16480 (CVE-2014-8140): Multiple unzip vulnerabilities CVE-2014-8139, CVE-2014-8140, and CVE-2014-8141

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From USN-2472-1:

Wolfgang Ettlinger discovered that unzip incorrectly handled certain malformed zip archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code.

From DSA-3113:

Michele Spagnuolo of the Google Security Team discovered that unzip, an

extraction utility for archives compressed in .zip format, is affected

by heap-based buffer overflows within the CRC32 verification function

(CVE-2014-8139), the test_compr_eb() function (CVE-2014-8140) and the

getZip64Data() function (CVE-2014-8141), which may lead to the execution

of arbitrary code.

From SUSE_CVE-2014-8140:

This CVE is addressed in the SUSE advisories SUSE-SU-2015:0026-1, SUSE-SU-2015:0070-1, openSUSE-SU-2015:0240-1

From ALAS-2015-504:

A buffer overflow was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary code when the archive was tested with unzip's '-t' option. (CVE-2014-9636)

A buffer overflow flaw was found in the way unzip computed the CRC32 checksum of certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash when the archive was tested with unzip's '-t' option. (CVE-2014-8139)

An integer underflow flaw, leading to a buffer overflow, was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash when the archive was tested with unzip's '-t' option. (CVE-2014-8140)

A buffer overflow flaw was found in the way unzip handled Zip64 files. A specially crafted Zip archive could possibly cause unzip to crash when the archive was uncompressed. (CVE-2014-8141)

From CESA-2015:0700:

The unzip utility is used to list, test, or extract files from a zip archive.

A buffer overflow was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary code when the archive was tested with unzip's '-t' option. (CVE-2014-9636)

A buffer overflow flaw was found in the way unzip computed the CRC32 checksum of certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash when the archive was tested with unzip's '-t' option. (CVE-2014-8139)

An integer underflow flaw, leading to a buffer overflow, was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash when the archive was tested with unzip's '-t' option. (CVE-2014-8140)

A buffer overflow flaw was found in the way unzip handled Zip64 files. A specially crafted Zip archive could possibly cause unzip to crash when the archive was uncompressed. (CVE-2014-8141)

Red Hat would like to thank oCERT for reporting the CVE-2014-8139, CVE-2014-8140, and CVE-2014-8141 issues. oCERT acknowledges Michele Spagnuolo of the Google Security Team as the original reporter of these issues.

All unzip users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.

From VID-D9360908-9D52-11E4-87FD-10BF48E1088E:

oCERT reports:

The UnZip tool is an open source extraction utility for archives

compressed in the zip format.

The unzip command line tool is affected by heap-based buffer

overflows within the CRC32 verification, the test_compr_eb() and

the getZip64Data() functions. The input errors may result in

arbitrary code execution.

A specially crafted zip file, passed to unzip -t, can be used to

trigger the vulnerability.

From SOL16480:

A specially crafted ZIP archive may cause unzip to crash.