Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0888

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-0888
Last Modified 20 Jun 2011 12:00:00
Published 17 Mar 2008 05:44:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-0888

Summary

The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.

Vulnerable Systems

Application

  • Info-zip Unzip


References

SECUNIA - 30535

CONFIRM - https://issues.rpath.com/browse/RPL-2317

XF - unzip-inflatedynamic-code-execution(41246)

VUPEN - ADV-2008-1744

VUPEN - ADV-2008-0913

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2008-0009.html

UBUNTU - USN-589-1

SECTRACK - 1019634

BID - 28288

BUGTRAQ - 20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues

BUGTRAQ - 20080321 rPSA-2008-0116-1 unzip

REDHAT - RHSA-2008:0196

MANDRIVA - MDVSA-2008:068

CONFIRM - http://www.ipcop.org/index.php?name=News&file=article&sid=40

DEBIAN - DSA-1522

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0116

CONFIRM - http://wiki.rpath.com/Advisories:rPSA-2008-0116

CONFIRM - http://support.apple.com/kb/HT4077

GENTOO - GLSA-200804-06

SECUNIA - 31204

SECUNIA - 29681

SECUNIA - 29495

SECUNIA - 29440

SECUNIA - 29432

SECUNIA - 29427

SECUNIA - 29415

SECUNIA - 29406

SECUNIA - 29392

SUSE - SUSE-SR:2008:007

APPLE - APPLE-SA-2010-03-29-1

Related Patches

VMware VMSA 2008-0009.2 VMware Fusion 2.0.1 Update for Mac (Rev 2)


Last Updated: 27 May 2016 10:46:58