INFORMATION BULLETIN
INFORMATION BULLETIN
| PROBLEM: | The ZIP program is an archiving utility which can create ZIP-compatible archives. A buffer overflow issue has been found in ZIP when handling long file names. |
| PLATFORM: | Red Hat Enterprise Linux AS, ES, and WS (all v.3) Red Hat Enterprise Linux AS, ES, and WS (all v.2.1) Red Hat Desktop (v.3) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor Debian GNU/Linux 3.0 (woody) SGI ProPack 3 Service Pack 3 for SGI Altix family of systems |
| DAMAGE: | An attacker could execute arbitrary code or cause ZIP to crash. |
| SOLUTION: | Upgrade to Red Hat's latest packages. |
| VULNERABILITY ASSESSMENT: |
The risk is MEDIUM. By creating a specially crafted path, an attacker could possibly execute arbitrary code with the permissions of the targeted user or cause the ZIP program to crash. |
| LINKS: | |
| CIAC BULLETIN: | http://www.ciac.org/ciac/bulletins/p-072.shtml |
| ORIGINAL BULLETIN: | https://rhn.redhat.com/errata/RHSA-2004-634.html |
| ADDITIONAL LINK: | Debian Security Advisory DSA 624-1 http://www.debian.org/security/2005/dsa-624 SGI Security Advisory Number 20050101-01-U ftp://patches.sgi.com/support/free/security/advisories/20050101-01-U.asc |
| CVE/CAN: | http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CAN-2004-1010 |
REVISION HISTORY:
01/05/2005 - added link to updated packages available in Debian Security
Advisory DSA 624-1.
01/18/2005 - added link to updated packages available in SGI Security Advisory
Number 20050101-01-U fro SGI ProPack 3 Service Pack 3 for
SGI Altix family of systems.
[***** Start Red Hat Advisory: RHSA-2004:634-08 *****]
Updated zip package fixes security issue
Advisory: RHSA-2004:634-08
Last updated on: 2004-12-16
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CAN-2004-1010
Security Advisory
Details:
An updated zip package that fixes a buffer overflow vulnerability is now
available.
The zip program is an archiving utility which can create ZIP-compatible
archives.
A buffer overflow bug has been discovered in zip when handling long file
names. An attacker could create a specially crafted path which could
cause zip to crash or execute arbitrary instructions. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-1010 to this issue.
Users of zip should upgrade to this updated package, which contains
backported patches and is not vulnerable to this issue.
Updated packages:
Red Hat Desktop (v. 3)
-----------------------------------------------------------------------------
SRPMS:
zip-2.3-16.1.src.rpm aa360ac25cf50772fd010cf2d1d91db7
IA-32:
zip-2.3-16.1.i386.rpm 41fec60bfbbca5266e4bbff55f42031a
x86_64:
zip-2.3-16.1.x86_64.rpm 1ed34c119e86a0c739c1c5bb706ffb69
Red Hat Enterprise Linux AS (v. 2.1)
-----------------------------------------------------------------------------
SRPMS:
zip-2.3-10.1.src.rpm b062c345c3d6c56ed1c042145643c8c8
IA-32:
zip-2.3-10.1.i386.rpm a06a150a5652173a8309cca26cc3c70f
IA-64:
zip-2.3-10.1.ia64.rpm 6cab305bdaca789e53e760184050fab9
Red Hat Enterprise Linux AS (v. 3)
-----------------------------------------------------------------------------
SRPMS:
zip-2.3-16.1.src.rpm aa360ac25cf50772fd010cf2d1d91db7
IA-32:
zip-2.3-16.1.i386.rpm 41fec60bfbbca5266e4bbff55f42031a
IA-64:
zip-2.3-16.1.ia64.rpm 0b8464b40ec9d081dd36ab9d699a4c1c
PPC:
zip-2.3-16.1.ppc.rpm 787ad3673b90f4fcb0d47c815ca984f6
s390:
zip-2.3-16.1.s390.rpm 97c709a606b3cec173833833b24c704b
s390x:
zip-2.3-16.1.s390x.rpm 4d1f10e6b1e4247cb037eb42c8fcc796
x86_64:
zip-2.3-16.1.x86_64.rpm 1ed34c119e86a0c739c1c5bb706ffb69
Red Hat Enterprise Linux ES (v. 2.1)
-----------------------------------------------------------------------------
SRPMS:
zip-2.3-10.1.src.rpm b062c345c3d6c56ed1c042145643c8c8
IA-32:
zip-2.3-10.1.i386.rpm a06a150a5652173a8309cca26cc3c70f
Red Hat Enterprise Linux ES (v. 3)
-----------------------------------------------------------------------------
SRPMS:
zip-2.3-16.1.src.rpm aa360ac25cf50772fd010cf2d1d91db7
IA-32:
zip-2.3-16.1.i386.rpm 41fec60bfbbca5266e4bbff55f42031a
IA-64:
zip-2.3-16.1.ia64.rpm 0b8464b40ec9d081dd36ab9d699a4c1c
x86_64:
zip-2.3-16.1.x86_64.rpm 1ed34c119e86a0c739c1c5bb706ffb69
Red Hat Enterprise Linux WS (v. 2.1)
-----------------------------------------------------------------------------
SRPMS:
zip-2.3-10.1.src.rpm b062c345c3d6c56ed1c042145643c8c8
IA-32:
zip-2.3-10.1.i386.rpm a06a150a5652173a8309cca26cc3c70f
Red Hat Enterprise Linux WS (v. 3)
-----------------------------------------------------------------------------
SRPMS:
zip-2.3-16.1.src.rpm aa360ac25cf50772fd010cf2d1d91db7
IA-32:
zip-2.3-16.1.i386.rpm 41fec60bfbbca5266e4bbff55f42031a
IA-64:
zip-2.3-16.1.ia64.rpm 0b8464b40ec9d081dd36ab9d699a4c1c
x86_64:
zip-2.3-16.1.x86_64.rpm 1ed34c119e86a0c739c1c5bb706ffb69
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
-----------------------------------------------------------------------------
SRPMS:
zip-2.3-10.1.src.rpm b062c345c3d6c56ed1c042145643c8c8
IA-64:
zip-2.3-10.1.ia64.rpm 6cab305bdaca789e53e760184050fab9
(The unlinked packages above are only available from the Red Hat Network)
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
Bugs fixed: (see bugzilla for more information)
138228 - CAN-2004-1010 buffer overflow when creating archive containing
very long filenames.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1010
http://lists.netsys.com/pipermail/full-disclosure/2004-November/028379.html
--------------------------------------------------------------------------------
The listed packages are GPG signed by Red Hat, Inc. for security. Our key is
available at:
http://www.redhat.com/solutions/security/news/publickey/#key
You can verify each package and see who signed it with the following command:
rpm --checksig -v filename
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
md5sum filename
The Red Hat security contact is security@redhat.com. More contact details at
http://www.redhat.com/solutions/security/news/contact.html
Copyright © 2002 Red Hat, Inc. All rights reserved.
[***** End Red Hat Advisory: RHSA-2004:634-08 *****]
Voice: +1 866-941-2472 (7 x 24)
E-mail: doecirc@doecirc.energy.gov
World Wide Web: http://www.doecirc.energy.gov/