Showing 1 - 5 of 5

CVE-2008-0888

Status Candidate

Overview

The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.

Related Files

VMware Security Advisory 2008-0009: Posted Jun 5, 2008; Authored by VMware | Site vmware.com; VMware Security Advisory - Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues.; tags | advisory; advisories | CVE-2007-5671, CVE-2008-0967, CVE-2008-2097, CVE-2008-2100, CVE-2006-1721, CVE-2008-0553, CVE-2007-5378, CVE-2007-4772, CVE-2008-0888, CVE-2008-0062, CVE-2008-0063, CVE-2008-0948; SHA-256 | f098818652aa3effa44d42e138d658b7a0d4635486d171c6267c1242f5e9088e; Download | Favorite | View

Gentoo Linux Security Advisory 200804-6: Posted Apr 8, 2008; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory GLSA 200804-06 - Tavis Ormandy of the Google Security Team discovered that the NEEDBITS macro in the inflate_dynamic() function in the file inflate.c can be invoked using invalid buffers, which can lead to a double free. Versions less than 5.52-r2 are affected.; tags | advisory; systems | linux, gentoo; advisories | CVE-2008-0888; SHA-256 | 6881255524df5a3daeddd44e4a71ecaf71b57506b3ab8a35bb006adcc273cdbf; Download | Favorite | View

Ubuntu Security Notice 589-1: Posted Mar 20, 2008; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 589-1 - Tavis Ormandy discovered that unzip did not correctly clean up pointers. If a user or automated service was tricked into processing a specially crafted ZIP archive, a remote attacker could execute arbitrary code with user privileges.; tags | advisory, remote, arbitrary; systems | linux, ubuntu; advisories | CVE-2008-0888; SHA-256 | 8cc553b6a816c24515cc31acc6cf6171af40bb0e0c2cd4f80121484f410e4e20; Download | Favorite | View

Mandriva Linux Security Advisory 2008-068: Posted Mar 19, 2008; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory - Tavis Ormandy of Google Security discovered an invalid pointer flaw in unzip that could lead to the execution of arbitrary code with the privileges of the user running unzip.; tags | advisory, arbitrary; systems | linux, mandriva; advisories | CVE-2008-0888; SHA-256 | 6241bf31366b86f9214c0b04b8389979ede508c055d9251b1a4119710eb80ccc; Download | Favorite | View

Debian Linux Security Advisory 1522-1: Posted Mar 17, 2008; Authored by Debian | Site debian.org; Debian Security Advisory 1522-1 - Tavis Ormandy discovered that unzip, when processing specially crafted ZIP archives, could pass invalid pointers to the C library's free routine, potentially leading to arbitrary code execution.; tags | advisory, arbitrary, code execution; systems | linux, debian; advisories | CVE-2008-0888; SHA-256 | 3c5604ace5a4b4adffc09cf7c4be1bbc96a5af52d3a0addfbcb4699152c5d081; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 272 files
Ubuntu 60 files
Debian 19 files
Gentoo 8 files
Apple 5 files
Google Security Research 4 files
Jann Horn 3 files
Spencer McIntyre 3 files
LiquidWorm 3 files
Pierre Kim 2 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,172)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,112)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,459)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,018)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

CVE-2008-0888

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems