Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1372

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-1372
Last Modified 07 Mar 2011 10:06:59
Published 18 Mar 2008 05:44:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1372

Summary

bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.

Vulnerable Systems

Application

  • Bzip2 0.9

  • Bzip2 0.9 A

  • Bzip2 0.9 B

  • Bzip2 0.9 C

  • Bzip2 0.9.5a

  • Bzip2 0.9.5b

  • Bzip2 0.9.5c

  • Bzip2 0.9.5d

  • Bzip2 1.0

  • Bzip2 1.0.1

  • Bzip2 1.0.2

  • Bzip2 1.0.3


References

CERT - TA09-218A

CERT-VN - VU#813451

FEDORA - FEDORA-2008-3037

FEDORA - FEDORA-2008-2970

CONFIRM - https://bugs.gentoo.org/attachment.cgi?id=146488&action=view

XF - bzip2-archives-code-execution(41249)

VUPEN - ADV-2009-2172

VUPEN - ADV-2008-2557

VUPEN - ADV-2008-0915

UBUNTU - USN-590-1

SLACKWARE - SSA:2008-098-02

SECTRACK - 1020867

BID - 28286

BUGTRAQ - 20081203 VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2

BUGTRAQ - 20080321 rPSA-2008-0118-1 bzip2

REDHAT - RHSA-2008:0893

MANDRIVA - MDVSA-2008:075

CONFIRM - http://www.ipcop.org/index.php?name=News&file=article&sid=40

GENTOO - GLSA-200804-02

MISC - http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/

MISC - http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html

CONFIRM - http://www.bzip.org/CHANGES

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0118

CONFIRM - http://support.apple.com/kb/HT3757

SUNALERT - 241786

GENTOO - GLSA-200903-40

SECUNIA - 36096

SECUNIA - 31878

SECUNIA - 31869

SECUNIA - 31204

SECUNIA - 29940

SECUNIA - 29698

SECUNIA - 29677

SECUNIA - 29656

SECUNIA - 29506

SECUNIA - 29497

SECUNIA - 29475

SECUNIA - 29410

SUSE - SUSE-SR:2008:011

APPLE - APPLE-SA-2009-08-05-1

CONFIRM - http://kb.vmware.com/kb/1007504

CONFIRM - http://kb.vmware.com/kb/1007198

CONFIRM - http://kb.vmware.com/kb/1006982

NETBSD - NetBSD-SA2008-004

Related Patches

Apple 2009-08-12 Security Update 2009-003 2009-004 Server (Tiger PPC)

Apple 2009-08-12 Security Update 2009-003 2009-004 (Tiger PPC)

Apple 2009-08-31 Mac OS X Server 10.5.8 v1.1 Update (See Note)

Apple 2009-08-31 Mac OS X Server 10.5.8 v1.1 Combo Update (See Note)

Novell SUSE 2008:5114 bzip2 security update for SLE 10 SP1 i586

Novell SUSE 2008:5295 bzip2 security update for SLE 10 SP2 i586


Last Updated: 27 May 2016 10:47:08