Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9636

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2014-9636
Last Modified 09 Feb 2015 10:53:36
Published 06 Feb 2015 10:59:06
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-9636

Summary

unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.

Vulnerable Systems

Operating System

  • Canonical Ubuntu Linux 10.04

  • Canonical Ubuntu Linux 12.04

  • Canonical Ubuntu Linux 14.04

  • Canonical Ubuntu Linux 14.10

  • Debian Linux 7.0

  • Fedoraproject Fedora 20

  • Fedoraproject Fedora 21

Application

  • Info-zip Unzip 6.0


References

UBUNTU - USN-2489-1

BID - 71825

CONFIRM - http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450

DEBIAN - DSA-3152

SECUNIA - 62751

SECUNIA - 62738

MLIST - [oss-security] 20141222 CVE Request: Info-ZIP unzip 6.0

MLIST - [oss-security] 20141103 Re: unzip -t crasher

MLIST - [oss-security] 20141102 unzip -t crasher

MLIST - [oss-security] 20141222 Re: CVE Request: Info-ZIP unzip 6.0

FEDORA - FEDORA-2015-1267

FEDORA - FEDORA-2015-1189

Related Patches

SUN119254-92 Solaris 10 SPARC: Install and Patch Utilities Patch

SUN119255-92 Solaris 10 x86: Install and Patch Utilities Patch


Last Updated: 27 May 2016 11:07:43