{"id": "OPENVAS:1361412562310869032", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for unzip FEDORA-2015-1993", "description": "The remote host is missing an update for the ", "published": "2015-02-25T00:00:00", "modified": "2020-02-10T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869032", "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "references": ["https://lists.fedoraproject.org/pipermail/package-announce/2015-February/150329.html", "2015-1993"], "cvelist": ["CVE-2014-8141", "CVE-2014-8140", "CVE-2014-9636", "CVE-2014-8139"], "lastseen": "2020-02-10T16:42:23", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "f5", "idList": ["SOL16480"]}, {"type": "cve", "idList": ["CVE-2015-1993", "CVE-2014-8141", "CVE-2014-8140", "CVE-2014-9636", "CVE-2014-8139"]}, {"type": "fedora", "idList": ["FEDORA:859C760600E0", "FEDORA:7FEC4604CD60", "FEDORA:F2DEA60C85FC", "FEDORA:6FB5160EDC21"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310882143", "OPENVAS:1361412562310123156", "OPENVAS:1361412562310871338", "OPENVAS:1361412562310882131", "OPENVAS:1361412562310869017", "OPENVAS:1361412562310120373", "OPENVAS:703113", "OPENVAS:703152", "OPENVAS:1361412562310703113", "OPENVAS:1361412562310842068"]}, {"type": "nessus", "idList": ["MANDRIVA_MDVSA-2015-016.NASL", "FEDORA_2015-1993.NASL", "ORACLEVM_OVMSA-2015-0037.NASL", "SL_20150318_UNZIP_ON_SL6_X.NASL", "CENTOS_RHSA-2015-0700.NASL", "ORACLELINUX_ELSA-2015-0700.NASL", "FEDORA_2015-2035.NASL", "GENTOO_GLSA-201611-01.NASL", "ALA_ALAS-2015-504.NASL", "REDHAT-RHSA-2015-0700.NASL"]}, {"type": "amazon", "idList": ["ALAS-2015-504"]}, {"type": "centos", "idList": ["CESA-2015:0700"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-0700"]}, {"type": "redhat", "idList": ["RHSA-2015:0700"]}, {"type": "gentoo", "idList": ["GLSA-201611-01"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:31705", "SECURITYVULNS:VULN:14173", "SECURITYVULNS:VULN:14562", "SECURITYVULNS:DOC:31553", "SECURITYVULNS:DOC:32267"]}, {"type": "freebsd", "idList": ["D9360908-9D52-11E4-87FD-10BF48E1088E", "E543C6F8-ABF2-11E4-8AC7-D050992ECDE8"]}, {"type": "debian", "idList": ["DEBIAN:DLA-150-1:8D190", "DEBIAN:DSA-3152-1:1C202", "DEBIAN:DSA-3113-1:395FC", "DEBIAN:DLA-124-1:6E749"]}, {"type": "archlinux", "idList": ["ASA-201501-3", "ASA-201503-9"]}, {"type": "ubuntu", "idList": ["USN-2489-1", "USN-2472-1"]}, {"type": "slackware", "idList": ["SSA-2019-060-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:3043-1", "OPENSUSE-SU-2018:1914-1"]}], "modified": "2020-02-10T16:42:23", "rev": 2}, "score": {"value": 6.3, "vector": "NONE", "modified": "2020-02-10T16:42:23", "rev": 2}, "vulnersScore": 6.3}, "pluginID": "1361412562310869032", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for unzip FEDORA-2015-1993\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869032\");\n script_version(\"2020-02-10T07:58:04+0000\");\n script_tag(name:\"last_modification\", value:\"2020-02-10 07:58:04 +0000 (Mon, 10 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-02-25 05:41:31 +0100 (Wed, 25 Feb 2015)\");\n script_cve_id(\"CVE-2014-8139\", \"CVE-2014-8140\", \"CVE-2014-8141\", \"CVE-2014-9636\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for unzip FEDORA-2015-1993\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'unzip'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"unzip on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-1993\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-February/150329.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"unzip\", rpm:\"unzip~6.0~17.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "Fedora Local Security Checks"}

{"f5": [{"lastseen": "2016-09-26T17:22:59", "bulletinFamily": "software", "cvelist": ["CVE-2014-8141", "CVE-2014-8140", "CVE-2014-8139"], "edition": 1, "description": "**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\nRecommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability, you should permit management access to F5 products only over a secure network and restrict command line access for affected systems to trusted users. For more information, refer to SOL13309: Restricting access to the Configuration utility by source IP address (11.x) and SOL13092: Overview of securing access to the BIG-IP system.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2015-09-15T00:00:00", "published": "2015-04-21T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/400/sol16480.html", "id": "SOL16480", "title": "SOL16480 - Multiple unzip vulnerabilities CVE-2014-8139, CVE-2014-8140, and CVE-2014-8141", "type": "f5", "cvss": {"score": 3.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:UNKNOWN/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cve": [{"lastseen": "2020-12-09T19:58:28", "description": "Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.", "edition": 7, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-01-31T23:15:00", "title": "CVE-2014-8141", "type": "cve", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8141"], "modified": "2020-02-05T21:26:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server_tus:7.6", "cpe:/o:redhat:enterprise_linux_server_eus:7.4", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.3", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.5", "cpe:/o:redhat:enterprise_linux_server_tus:7.7", "cpe:/a:unzip_project:unzip:6.0", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_server_eus:6.6", "cpe:/o:redhat:enterprise_linux_server_tus:7.3", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.2", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.1", "cpe:/o:redhat:enterprise_linux_server_tus:6.6", "cpe:/o:redhat:enterprise_linux_server_eus:7.6"], "id": "CVE-2014-8141", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8141", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*", "cpe:2.3:a:unzip_project:unzip:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:58:28", "description": "Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.", "edition": 7, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-01-31T22:15:00", "title": "CVE-2014-8140", "type": "cve", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8140"], "modified": "2020-02-05T20:40:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server_tus:7.6", "cpe:/o:redhat:enterprise_linux_server_eus:7.4", "cpe:/o:redhat:enterprise_linux_server_aus:7.3", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.3", "cpe:/o:redhat:enterprise_linux_server_eus:7.7", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.5", "cpe:/o:redhat:enterprise_linux_server_aus:7.4", "cpe:/o:redhat:enterprise_linux_server_aus:7.6", "cpe:/o:redhat:enterprise_linux_server_tus:7.7", "cpe:/a:unzip_project:unzip:6.0", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_server_eus:6.6", "cpe:/o:redhat:enterprise_linux_server_tus:7.3", "cpe:/o:redhat:enterprise_linux_server_aus:7.7", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.2", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.1", "cpe:/o:redhat:enterprise_linux_server_tus:6.6", "cpe:/o:redhat:enterprise_linux_server_aus:6.6", "cpe:/o:redhat:enterprise_linux_server_eus:7.6"], "id": "CVE-2014-8140", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8140", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*", "cpe:2.3:a:unzip_project:unzip:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:58:28", "description": "Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.", "edition": 7, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-01-31T22:15:00", "title": "CVE-2014-8139", "type": "cve", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8139"], "modified": "2020-02-05T20:50:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server_tus:7.6", "cpe:/o:redhat:enterprise_linux_server_eus:7.4", "cpe:/o:redhat:enterprise_linux_server_aus:7.3", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.3", "cpe:/o:redhat:enterprise_linux_server_eus:7.7", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.5", "cpe:/o:redhat:enterprise_linux_server_aus:7.4", "cpe:/o:redhat:enterprise_linux_server_aus:7.6", "cpe:/o:redhat:enterprise_linux_server_tus:7.7", "cpe:/a:unzip_project:unzip:6.0", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_server_eus:6.6", "cpe:/o:redhat:enterprise_linux_server_tus:7.3", "cpe:/o:redhat:enterprise_linux_server_aus:7.7", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.2", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.1", "cpe:/o:redhat:enterprise_linux_server_tus:6.6", "cpe:/o:redhat:enterprise_linux_server_aus:6.6", "cpe:/o:redhat:enterprise_linux_server_eus:7.6"], "id": "CVE-2014-8139", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8139", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*", "cpe:2.3:a:unzip_project:unzip:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:01:24", "description": "unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.", "edition": 4, "cvss3": {}, "published": "2015-02-06T15:59:00", "title": "CVE-2014-9636", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9636"], "modified": "2019-12-16T20:24:00", "cpe": ["cpe:/o:fedoraproject:fedora:21", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:14.10", "cpe:/o:fedoraproject:fedora:20", "cpe:/a:unzip_project:unzip:6.0", "cpe:/o:canonical:ubuntu_linux:10.04", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2014-9636", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9636", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*", "cpe:2.3:a:unzip_project:unzip:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8139", "CVE-2014-8140", "CVE-2014-8141", "CVE-2014-9636"], "description": "The unzip utility is used to list, test, or extract files from a zip archive. Zip archives are commonly found on MS-DOS systems. The zip utility, included in the zip package, creates zip archives. Zip and unzip are both compatible with archives created by PKWARE(R)'s PKZIP for MS-DOS, but the programs' options and default behaviors do differ in some respects. Install the unzip package if you need to list, test or extract files from a zip archive. ", "modified": "2015-02-23T23:25:28", "published": "2015-02-23T23:25:28", "id": "FEDORA:859C760600E0", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: unzip-6.0-17.fc20", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8139", "CVE-2014-8140", "CVE-2014-8141", "CVE-2014-9636"], "description": "The unzip utility is used to list, test, or extract files from a zip archive. Zip archives are commonly found on MS-DOS systems. The zip utility, included in the zip package, creates zip archives. Zip and unzip are both compatible with archives created by PKWARE(R)'s PKZIP for MS-DOS, but the programs' options and default behaviors do differ in some respects. Install the unzip package if you need to list, test or extract files from a zip archive. ", "modified": "2015-02-16T03:25:55", "published": "2015-02-16T03:25:55", "id": "FEDORA:7FEC4604CD60", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: unzip-6.0-20.fc21", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9636"], "description": "The unzip utility is used to list, test, or extract files from a zip archive. Zip archives are commonly found on MS-DOS systems. The zip utility, included in the zip package, creates zip archives. Zip and unzip are both compatible with archives created by PKWARE(R)'s PKZIP for MS-DOS, but the programs' options and default behaviors do differ in some respects. Install the unzip package if you need to list, test or extract files from a zip archive. ", "modified": "2015-01-28T19:58:39", "published": "2015-01-28T19:58:39", "id": "FEDORA:6FB5160EDC21", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: unzip-6.0-18.fc21", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9636"], "description": "The unzip utility is used to list, test, or extract files from a zip archive. Zip archives are commonly found on MS-DOS systems. The zip utility, included in the zip package, creates zip archives. Zip and unzip are both compatible with archives created by PKWARE(R)'s PKZIP for MS-DOS, but the programs' options and default behaviors do differ in some respects. Install the unzip package if you need to list, test or extract files from a zip archive. ", "modified": "2015-01-30T04:35:06", "published": "2015-01-30T04:35:06", "id": "FEDORA:F2DEA60C85FC", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: unzip-6.0-15.fc20", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2020-02-10T16:42:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8141", "CVE-2014-8140", "CVE-2014-9636", "CVE-2014-8139"], "description": "The remote host is missing an update for the ", "modified": "2020-02-10T00:00:00", "published": "2015-02-16T00:00:00", "id": "OPENVAS:1361412562310869017", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869017", "type": "openvas", "title": "Fedora Update for unzip FEDORA-2015-2035", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for unzip FEDORA-2015-2035\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869017\");\n script_version(\"2020-02-10T07:58:04+0000\");\n script_tag(name:\"last_modification\", value:\"2020-02-10 07:58:04 +0000 (Mon, 10 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-02-16 05:44:23 +0100 (Mon, 16 Feb 2015)\");\n script_cve_id(\"CVE-2014-8139\", \"CVE-2014-8140\", \"CVE-2014-8141\", \"CVE-2014-9636\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for unzip FEDORA-2015-2035\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'unzip'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"unzip on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-2035\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-February/150038.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"unzip\", rpm:\"unzip~6.0~20.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-10T16:42:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8141", "CVE-2014-8140", "CVE-2014-9636", "CVE-2014-8139"], "description": "Check the version of unzip", "modified": "2020-02-10T00:00:00", "published": "2015-03-19T00:00:00", "id": "OPENVAS:1361412562310882131", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882131", "type": "openvas", "title": "CentOS Update for unzip CESA-2015:0700 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for unzip CESA-2015:0700 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882131\");\n script_version(\"2020-02-10T07:58:04+0000\");\n script_tag(name:\"last_modification\", value:\"2020-02-10 07:58:04 +0000 (Mon, 10 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-03-19 05:52:16 +0100 (Thu, 19 Mar 2015)\");\n script_cve_id(\"CVE-2014-8139\", \"CVE-2014-8140\", \"CVE-2014-8141\", \"CVE-2014-9636\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for unzip CESA-2015:0700 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of unzip\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The unzip utility is used to list, test, or extract files from a\nzip archive.\n\nA buffer overflow was found in the way unzip uncompressed certain extra\nfields of a file. A specially crafted Zip archive could cause unzip to\ncrash or, possibly, execute arbitrary code when the archive was tested with\nunzip's '-t' option. (CVE-2014-9636)\n\nA buffer overflow flaw was found in the way unzip computed the CRC32\nchecksum of certain extra fields of a file. A specially crafted Zip archive\ncould cause unzip to crash when the archive was tested with unzip's '-t'\noption. (CVE-2014-8139)\n\nAn integer underflow flaw, leading to a buffer overflow, was found in the\nway unzip uncompressed certain extra fields of a file. A specially crafted\nZip archive could cause unzip to crash when the archive was tested with\nunzip's '-t' option. (CVE-2014-8140)\n\nA buffer overflow flaw was found in the way unzip handled Zip64 files.\nA specially crafted Zip archive could possibly cause unzip to crash when\nthe archive was uncompressed. (CVE-2014-8141)\n\nRed Hat would like to thank oCERT for reporting the CVE-2014-8139,\nCVE-2014-8140, and CVE-2014-8141 issues. oCERT acknowledges Michele\nSpagnuolo of the Google Security Team as the original reporter of\nthese issues.\n\nAll unzip users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\");\n script_tag(name:\"affected\", value:\"unzip on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:0700\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-March/020981.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"unzip\", rpm:\"unzip~6.0~2.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T22:59:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8141", "CVE-2014-8140", "CVE-2014-9636", "CVE-2014-8139"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120373", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120373", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2015-504)", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120373\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:24:56 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-504)\");\n script_tag(name:\"insight\", value:\"A buffer overflow was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary code when the archive was tested with unzip's '-t' option. (CVE-2014-9636 )A buffer overflow flaw was found in the way unzip computed the CRC32 checksum of certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash when the archive was tested with unzip's '-t' option. (CVE-2014-8139 )An integer underflow flaw, leading to a buffer overflow, was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash when the archive was tested with unzip's '-t' option. (CVE-2014-8140 )A buffer overflow flaw was found in the way unzip handled Zip64 files. A specially crafted Zip archive could possibly cause unzip to crash when the archive was uncompressed. (CVE-2014-8141 )\");\n script_tag(name:\"solution\", value:\"Run yum update unzip to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-504.html\");\n script_cve_id(\"CVE-2014-8139\", \"CVE-2014-8141\", \"CVE-2014-8140\", \"CVE-2014-9636\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"unzip-debuginfo\", rpm:\"unzip-debuginfo~6.0~2.9.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"unzip\", rpm:\"unzip~6.0~2.9.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-10T16:41:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8141", "CVE-2014-8140", "CVE-2014-9636", "CVE-2014-8139"], "description": "Oracle Linux Local Security Checks ELSA-2015-0700", "modified": "2020-02-10T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123156", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123156", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-0700", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123156\");\n script_version(\"2020-02-10T07:58:04+0000\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:00:03 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-02-10 07:58:04 +0000 (Mon, 10 Feb 2020)\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-0700\");\n script_tag(name:\"insight\", value:\"ELSA-2015-0700 - unzip security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-0700\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-0700.html\");\n script_cve_id(\"CVE-2014-8139\", \"CVE-2014-8140\", \"CVE-2014-8141\", \"CVE-2014-9636\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"unzip\", rpm:\"unzip~6.0~15.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"unzip\", rpm:\"unzip~6.0~2.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-10T16:42:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8141", "CVE-2014-8140", "CVE-2014-9636", "CVE-2014-8139"], "description": "Check the version of unzip", "modified": "2020-02-10T00:00:00", "published": "2015-04-01T00:00:00", "id": "OPENVAS:1361412562310882143", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882143", "type": "openvas", "title": "CentOS Update for unzip CESA-2015:0700 centos7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for unzip CESA-2015:0700 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882143\");\n script_version(\"2020-02-10T07:58:04+0000\");\n script_tag(name:\"last_modification\", value:\"2020-02-10 07:58:04 +0000 (Mon, 10 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-04-01 07:23:28 +0200 (Wed, 01 Apr 2015)\");\n script_cve_id(\"CVE-2014-8139\", \"CVE-2014-8140\", \"CVE-2014-8141\", \"CVE-2014-9636\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for unzip CESA-2015:0700 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of unzip\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The unzip utility is used to list, test, or extract files from a\nzip archive.\n\nA buffer overflow was found in the way unzip uncompressed certain extra\nfields of a file. A specially crafted Zip archive could cause unzip to\ncrash or, possibly, execute arbitrary code when the archive was tested with\nunzip's '-t' option. (CVE-2014-9636)\n\nA buffer overflow flaw was found in the way unzip computed the CRC32\nchecksum of certain extra fields of a file. A specially crafted Zip archive\ncould cause unzip to crash when the archive was tested with unzip's '-t'\noption. (CVE-2014-8139)\n\nAn integer underflow flaw, leading to a buffer overflow, was found in the\nway unzip uncompressed certain extra fields of a file. A specially crafted\nZip archive could cause unzip to crash when the archive was tested with\nunzip's '-t' option. (CVE-2014-8140)\n\nA buffer overflow flaw was found in the way unzip handled Zip64 files.\nA specially crafted Zip archive could possibly cause unzip to crash when\nthe archive was uncompressed. (CVE-2014-8141)\n\nRed Hat would like to thank oCERT for reporting the CVE-2014-8139,\nCVE-2014-8140, and CVE-2014-8141 issues. oCERT acknowledges Michele\nSpagnuolo of the Google Security Team as the original reporter of\nthese issues.\n\nAll unzip users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\");\n script_tag(name:\"affected\", value:\"unzip on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:0700\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-April/021042.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"unzip\", rpm:\"unzip~6.0~15.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-10T16:41:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8141", "CVE-2014-8140", "CVE-2014-9636", "CVE-2014-8139"], "description": "The remote host is missing an update for the ", "modified": "2020-02-10T00:00:00", "published": "2015-03-19T00:00:00", "id": "OPENVAS:1361412562310871338", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871338", "type": "openvas", "title": "RedHat Update for unzip RHSA-2015:0700-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for unzip RHSA-2015:0700-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871338\");\n script_version(\"2020-02-10T07:58:04+0000\");\n script_tag(name:\"last_modification\", value:\"2020-02-10 07:58:04 +0000 (Mon, 10 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-03-19 05:49:49 +0100 (Thu, 19 Mar 2015)\");\n script_cve_id(\"CVE-2014-8139\", \"CVE-2014-8140\", \"CVE-2014-8141\", \"CVE-2014-9636\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for unzip RHSA-2015:0700-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'unzip'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The unzip utility is used to list, test, or extract files from a\nzip archive.\n\nA buffer overflow was found in the way unzip uncompressed certain extra\nfields of a file. A specially crafted Zip archive could cause unzip to\ncrash or, possibly, execute arbitrary code when the archive was tested with\nunzip's '-t' option. (CVE-2014-9636)\n\nA buffer overflow flaw was found in the way unzip computed the CRC32\nchecksum of certain extra fields of a file. A specially crafted Zip archive\ncould cause unzip to crash when the archive was tested with unzip's '-t'\noption. (CVE-2014-8139)\n\nAn integer underflow flaw, leading to a buffer overflow, was found in the\nway unzip uncompressed certain extra fields of a file. A specially crafted\nZip archive could cause unzip to crash when the archive was tested with\nunzip's '-t' option. (CVE-2014-8140)\n\nA buffer overflow flaw was found in the way unzip handled Zip64 files.\nA specially crafted Zip archive could possibly cause unzip to crash when\nthe archive was uncompressed. (CVE-2014-8141)\n\nRed Hat would like to thank oCERT for reporting the CVE-2014-8139,\nCVE-2014-8140, and CVE-2014-8141 issues. oCERT acknowledges Michele\nSpagnuolo of the Google Security Team as the original reporter of\nthese issues.\n\nAll unzip users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\");\n script_tag(name:\"affected\", value:\"unzip on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:0700-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-March/msg00042.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(7|6)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"unzip\", rpm:\"unzip~6.0~15.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"unzip-debuginfo\", rpm:\"unzip-debuginfo~6.0~15.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"unzip\", rpm:\"unzip~6.0~2.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"unzip-debuginfo\", rpm:\"unzip-debuginfo~6.0~2.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-10T16:42:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8141", "CVE-2014-8140", "CVE-2014-8139"], "description": "The remote host is missing an update for the ", "modified": "2020-02-10T00:00:00", "published": "2015-01-23T00:00:00", "id": "OPENVAS:1361412562310842068", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842068", "type": "openvas", "title": "Ubuntu Update for unzip USN-2472-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for unzip USN-2472-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842068\");\n script_version(\"2020-02-10T07:58:04+0000\");\n script_tag(name:\"last_modification\", value:\"2020-02-10 07:58:04 +0000 (Mon, 10 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-01-23 12:59:13 +0100 (Fri, 23 Jan 2015)\");\n script_cve_id(\"CVE-2014-8139\", \"CVE-2014-8140\", \"CVE-2014-8141\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Ubuntu Update for unzip USN-2472-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'unzip'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Wolfgang Ettlinger discovered that unzip\nincorrectly handled certain malformed zip archives. If a user or automated system\nwere tricked into processing a specially crafted zip archive, an attacker could\npossibly execute arbitrary code.\");\n script_tag(name:\"affected\", value:\"unzip on Ubuntu 14.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2472-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2472-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS|12\\.04 LTS|10\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"unzip\", ver:\"6.0-12ubuntu1.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"unzip\", ver:\"6.0-9ubuntu1.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"unzip\", ver:\"6.0-4ubuntu2.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"unzip\", ver:\"6.0-1ubuntu0.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-27T10:49:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8141", "CVE-2014-8140", "CVE-2014-8139"], "description": "Michele Spagnuolo of the Google\nSecurity Team discovered that unzip, an extraction utility for archives\ncompressed in .zip format, is affected by heap-based buffer overflows within\nthe CRC32 verification function (CVE-2014-8139), the test_compr_eb() function\n(CVE-2014-8140) and the getZip64Data() function (CVE-2014-8141), which may lead\nto the execution of arbitrary code.", "modified": "2017-07-12T00:00:00", "published": "2014-12-28T00:00:00", "id": "OPENVAS:703113", "href": "http://plugins.openvas.org/nasl.php?oid=703113", "type": "openvas", "title": "Debian Security Advisory DSA 3113-1 (unzip - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3113.nasl 6692 2017-07-12 09:57:43Z teissa $\n# Auto-generated from advisory DSA 3113-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703113);\n script_version(\"$Revision: 6692 $\");\n script_cve_id(\"CVE-2014-8139\", \"CVE-2014-8140\", \"CVE-2014-8141\");\n script_name(\"Debian Security Advisory DSA 3113-1 (unzip - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-12 11:57:43 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2014-12-28 00:00:00 +0100 (Sun, 28 Dec 2014)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3113.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"unzip on Debian Linux\");\n script_tag(name: \"insight\", value: \"InfoZIP's unzip program. With the\nexception of multi-volume archives (ie, .ZIP files that are split across\nseveral disks using PKZIP's /& option), this can handle any file produced either\nby PKZIP, or the corresponding InfoZIP zip program.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthese problems have been fixed in version 6.0-8+deb7u1.\n\nFor the upcoming stable distribution (jessie), these problems will be\nfixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 6.0-13.\n\nWe recommend that you upgrade your unzip packages.\");\n script_tag(name: \"summary\", value: \"Michele Spagnuolo of the Google\nSecurity Team discovered that unzip, an extraction utility for archives\ncompressed in .zip format, is affected by heap-based buffer overflows within\nthe CRC32 verification function (CVE-2014-8139), the test_compr_eb() function\n(CVE-2014-8140) and the getZip64Data() function (CVE-2014-8141), which may lead\nto the execution of arbitrary code.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"unzip\", ver:\"6.0-8+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 3.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:UNKNOWN/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-02-10T16:43:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8141", "CVE-2014-8140", "CVE-2014-8139"], "description": "Michele Spagnuolo of the Google\nSecurity Team discovered that unzip, an extraction utility for archives\ncompressed in .zip format, is affected by heap-based buffer overflows within\nthe CRC32 verification function (CVE-2014-8139), the test_compr_eb() function\n(CVE-2014-8140) and the getZip64Data() function (CVE-2014-8141), which may lead\nto the execution of arbitrary code.", "modified": "2020-02-10T00:00:00", "published": "2014-12-28T00:00:00", "id": "OPENVAS:1361412562310703113", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703113", "type": "openvas", "title": "Debian Security Advisory DSA 3113-1 (unzip - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# Auto-generated from advisory DSA 3113-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703113\");\n script_version(\"2020-02-10T07:58:04+0000\");\n script_cve_id(\"CVE-2014-8139\", \"CVE-2014-8140\", \"CVE-2014-8141\");\n script_name(\"Debian Security Advisory DSA 3113-1 (unzip - security update)\");\n script_tag(name:\"last_modification\", value:\"2020-02-10 07:58:04 +0000 (Mon, 10 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-12-28 00:00:00 +0100 (Sun, 28 Dec 2014)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-3113.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"unzip on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy),\nthese problems have been fixed in version 6.0-8+deb7u1.\n\nFor the upcoming stable distribution (jessie), these problems will be\nfixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 6.0-13.\n\nWe recommend that you upgrade your unzip packages.\");\n script_tag(name:\"summary\", value:\"Michele Spagnuolo of the Google\nSecurity Team discovered that unzip, an extraction utility for archives\ncompressed in .zip format, is affected by heap-based buffer overflows within\nthe CRC32 verification function (CVE-2014-8139), the test_compr_eb() function\n(CVE-2014-8140) and the getZip64Data() function (CVE-2014-8141), which may lead\nto the execution of arbitrary code.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"unzip\", ver:\"6.0-8+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:53:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9636", "CVE-2014-8139"], "description": "A flaw was found in the test_compr_eb()\nfunction allowing out-of-bounds read and write access to memory locations. By\ncarefully crafting a corrupt ZIP archive an attacker can trigger a heap overflow,\nresulting in application crash or possibly having other unspecified impact.", "modified": "2017-07-07T00:00:00", "published": "2015-02-03T00:00:00", "id": "OPENVAS:703152", "href": "http://plugins.openvas.org/nasl.php?oid=703152", "type": "openvas", "title": "Debian Security Advisory DSA 3152-1 (unzip - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3152.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3152-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703152);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2014-8139\", \"CVE-2014-9636\");\n script_name(\"Debian Security Advisory DSA 3152-1 (unzip - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-02-03 00:00:00 +0100 (Tue, 03 Feb 2015)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3152.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"unzip on Debian Linux\");\n script_tag(name: \"insight\", value: \"InfoZIP's unzip program. With the\nexception of multi-volume archives (ie, .ZIP files that are split across several\ndisks using PKZIP's /& option), this can handle any file produced either by PKZIP,\nor the corresponding InfoZIP zip program.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthis problem has been fixed in version 6.0-8+deb7u2. Additionally this update\ncorrects a defective patch applied to address CVE-2014-8139 , which caused a\nregression with executable jar files.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 6.0-15. The defective patch applied to address CVE-2014-8139\nwas corrected in version 6.0-16.\n\nWe recommend that you upgrade your unzip packages.\");\n script_tag(name: \"summary\", value: \"A flaw was found in the test_compr_eb()\nfunction allowing out-of-bounds read and write access to memory locations. By\ncarefully crafting a corrupt ZIP archive an attacker can trigger a heap overflow,\nresulting in application crash or possibly having other unspecified impact.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"unzip\", ver:\"6.0-8+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-06T09:30:05", "description": "Updated unzip packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe unzip utility is used to list, test, or extract files from a zip\narchive.\n\nA buffer overflow was found in the way unzip uncompressed certain\nextra fields of a file. A specially crafted Zip archive could cause\nunzip to crash or, possibly, execute arbitrary code when the archive\nwas tested with unzip's '-t' option. (CVE-2014-9636)\n\nA buffer overflow flaw was found in the way unzip computed the CRC32\nchecksum of certain extra fields of a file. A specially crafted Zip\narchive could cause unzip to crash when the archive was tested with\nunzip's '-t' option. (CVE-2014-8139)\n\nAn integer underflow flaw, leading to a buffer overflow, was found in\nthe way unzip uncompressed certain extra fields of a file. A specially\ncrafted Zip archive could cause unzip to crash when the archive was\ntested with unzip's '-t' option. (CVE-2014-8140)\n\nA buffer overflow flaw was found in the way unzip handled Zip64 files.\nA specially crafted Zip archive could possibly cause unzip to crash\nwhen the archive was uncompressed. (CVE-2014-8141)\n\nRed Hat would like to thank oCERT for reporting the CVE-2014-8139,\nCVE-2014-8140, and CVE-2014-8141 issues. oCERT acknowledges Michele\nSpagnuolo of the Google Security Team as the original reporter of\nthese issues.\n\nAll unzip users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.", "edition": 29, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2015-03-19T00:00:00", "title": "CentOS 6 / 7 : unzip (CESA-2015:0700)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8141", "CVE-2014-8140", "CVE-2014-9636", "CVE-2014-8139"], "modified": "2015-03-19T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:unzip"], "id": "CENTOS_RHSA-2015-0700.NASL", "href": "https://www.tenable.com/plugins/nessus/81925", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0700 and \n# CentOS Errata and Security Advisory 2015:0700 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81925);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-8139\", \"CVE-2014-8140\", \"CVE-2014-8141\", \"CVE-2014-9636\");\n script_bugtraq_id(71790, 71792, 71793, 71825);\n script_xref(name:\"RHSA\", value:\"2015:0700\");\n\n script_name(english:\"CentOS 6 / 7 : unzip (CESA-2015:0700)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated unzip packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe unzip utility is used to list, test, or extract files from a zip\narchive.\n\nA buffer overflow was found in the way unzip uncompressed certain\nextra fields of a file. A specially crafted Zip archive could cause\nunzip to crash or, possibly, execute arbitrary code when the archive\nwas tested with unzip's '-t' option. (CVE-2014-9636)\n\nA buffer overflow flaw was found in the way unzip computed the CRC32\nchecksum of certain extra fields of a file. A specially crafted Zip\narchive could cause unzip to crash when the archive was tested with\nunzip's '-t' option. (CVE-2014-8139)\n\nAn integer underflow flaw, leading to a buffer overflow, was found in\nthe way unzip uncompressed certain extra fields of a file. A specially\ncrafted Zip archive could cause unzip to crash when the archive was\ntested with unzip's '-t' option. (CVE-2014-8140)\n\nA buffer overflow flaw was found in the way unzip handled Zip64 files.\nA specially crafted Zip archive could possibly cause unzip to crash\nwhen the archive was uncompressed. (CVE-2014-8141)\n\nRed Hat would like to thank oCERT for reporting the CVE-2014-8139,\nCVE-2014-8140, and CVE-2014-8141 issues. oCERT acknowledges Michele\nSpagnuolo of the Google Security Team as the original reporter of\nthese issues.\n\nAll unzip users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-April/021042.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6bf32160\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-March/020981.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3ebf8610\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2015-March/001856.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ba5fdb71\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected unzip package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:X/RL:O/RC:X\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-9636\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:unzip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x / 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"unzip-6.0-2.el6_6\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"unzip-6.0-15.el7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unzip\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T05:05:22", "description": "Updated unzip packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe unzip utility is used to list, test, or extract files from a zip\narchive.\n\nA buffer overflow was found in the way unzip uncompressed certain\nextra fields of a file. A specially crafted Zip archive could cause\nunzip to crash or, possibly, execute arbitrary code when the archive\nwas tested with unzip's '-t' option. (CVE-2014-9636)\n\nA buffer overflow flaw was found in the way unzip computed the CRC32\nchecksum of certain extra fields of a file. A specially crafted Zip\narchive could cause unzip to crash when the archive was tested with\nunzip's '-t' option. (CVE-2014-8139)\n\nAn integer underflow flaw, leading to a buffer overflow, was found in\nthe way unzip uncompressed certain extra fields of a file. A specially\ncrafted Zip archive could cause unzip to crash when the archive was\ntested with unzip's '-t' option. (CVE-2014-8140)\n\nA buffer overflow flaw was found in the way unzip handled Zip64 files.\nA specially crafted Zip archive could possibly cause unzip to crash\nwhen the archive was uncompressed. (CVE-2014-8141)\n\nRed Hat would like to thank oCERT for reporting the CVE-2014-8139,\nCVE-2014-8140, and CVE-2014-8141 issues. oCERT acknowledges Michele\nSpagnuolo of the Google Security Team as the original reporter of\nthese issues.\n\nAll unzip users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.", "edition": 29, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2015-03-19T00:00:00", "title": "RHEL 6 / 7 : unzip (RHSA-2015:0700)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8141", "CVE-2014-8140", "CVE-2014-9636", "CVE-2014-8139"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7.4", "p-cpe:/a:redhat:enterprise_linux:unzip", "cpe:/o:redhat:enterprise_linux:7.1", "cpe:/o:redhat:enterprise_linux:7.7", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:6.6", "p-cpe:/a:redhat:enterprise_linux:unzip-debuginfo", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.2", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2015-0700.NASL", "href": "https://www.tenable.com/plugins/nessus/81949", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0700. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81949);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2020/02/06\");\n\n script_cve_id(\"CVE-2014-8139\", \"CVE-2014-8140\", \"CVE-2014-8141\", \"CVE-2014-9636\");\n script_xref(name:\"RHSA\", value:\"2015:0700\");\n\n script_name(english:\"RHEL 6 / 7 : unzip (RHSA-2015:0700)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated unzip packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe unzip utility is used to list, test, or extract files from a zip\narchive.\n\nA buffer overflow was found in the way unzip uncompressed certain\nextra fields of a file. A specially crafted Zip archive could cause\nunzip to crash or, possibly, execute arbitrary code when the archive\nwas tested with unzip's '-t' option. (CVE-2014-9636)\n\nA buffer overflow flaw was found in the way unzip computed the CRC32\nchecksum of certain extra fields of a file. A specially crafted Zip\narchive could cause unzip to crash when the archive was tested with\nunzip's '-t' option. (CVE-2014-8139)\n\nAn integer underflow flaw, leading to a buffer overflow, was found in\nthe way unzip uncompressed certain extra fields of a file. A specially\ncrafted Zip archive could cause unzip to crash when the archive was\ntested with unzip's '-t' option. (CVE-2014-8140)\n\nA buffer overflow flaw was found in the way unzip handled Zip64 files.\nA specially crafted Zip archive could possibly cause unzip to crash\nwhen the archive was uncompressed. (CVE-2014-8141)\n\nRed Hat would like to thank oCERT for reporting the CVE-2014-8139,\nCVE-2014-8140, and CVE-2014-8141 issues. oCERT acknowledges Michele\nSpagnuolo of the Google Security Team as the original reporter of\nthese issues.\n\nAll unzip users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:0700\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-8139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-8141\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-8140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-9636\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unzip and / or unzip-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:unzip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:unzip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:0700\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"unzip-6.0-2.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"unzip-6.0-2.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"unzip-6.0-2.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"unzip-debuginfo-6.0-2.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"unzip-debuginfo-6.0-2.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"unzip-debuginfo-6.0-2.el6_6\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"unzip-6.0-15.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"unzip-6.0-15.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"unzip-debuginfo-6.0-15.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"unzip-debuginfo-6.0-15.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unzip / unzip-debuginfo\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:54:51", "description": "Updated unzip package fix security vulnerabilities :\n\nThe unzip command line tool is affected by heap-based buffer overflows\nwithin the CRC32 verification (CVE-2014-8139), the test_compr_eb()\n(CVE-2014-8140) and the getZip64Data() (CVE-2014-8141) functions. The\ninput errors may result in in arbitrary code execution. A specially\ncrafted zip file, passed to the command unzip -t, can be used to\ntrigger the vulnerability.\n\nOOB access (both read and write) issues also exist in test_compr_eb()\nthat can result in application crash or other unspecified impact. A\nspecially crafted zip file, passed to the command unzip -t, can be\nused to trigger the issues (CVE-2014-9636).", "edition": 25, "published": "2015-01-09T00:00:00", "title": "Mandriva Linux Security Advisory : unzip (MDVSA-2015:016)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8141", "CVE-2014-8140", "CVE-2014-9636", "CVE-2014-8139"], "modified": "2015-01-09T00:00:00", "cpe": ["cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:unzip"], "id": "MANDRIVA_MDVSA-2015-016.NASL", "href": "https://www.tenable.com/plugins/nessus/80435", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:016. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80435);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-8139\", \"CVE-2014-8140\", \"CVE-2014-8141\", \"CVE-2014-9636\");\n script_bugtraq_id(71790, 71792, 71793);\n script_xref(name:\"MDVSA\", value:\"2015:016\");\n\n script_name(english:\"Mandriva Linux Security Advisory : unzip (MDVSA-2015:016)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated unzip package fix security vulnerabilities :\n\nThe unzip command line tool is affected by heap-based buffer overflows\nwithin the CRC32 verification (CVE-2014-8139), the test_compr_eb()\n(CVE-2014-8140) and the getZip64Data() (CVE-2014-8141) functions. The\ninput errors may result in in arbitrary code execution. A specially\ncrafted zip file, passed to the command unzip -t, can be used to\ntrigger the vulnerability.\n\nOOB access (both read and write) issues also exist in test_compr_eb()\nthat can result in application crash or other unspecified impact. A\nspecially crafted zip file, passed to the command unzip -t, can be\nused to trigger the issues (CVE-2014-9636).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0562.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected unzip package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:unzip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"unzip-6.0-5.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T12:49:50", "description": "From Red Hat Security Advisory 2015:0700 :\n\nUpdated unzip packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe unzip utility is used to list, test, or extract files from a zip\narchive.\n\nA buffer overflow was found in the way unzip uncompressed certain\nextra fields of a file. A specially crafted Zip archive could cause\nunzip to crash or, possibly, execute arbitrary code when the archive\nwas tested with unzip's '-t' option. (CVE-2014-9636)\n\nA buffer overflow flaw was found in the way unzip computed the CRC32\nchecksum of certain extra fields of a file. A specially crafted Zip\narchive could cause unzip to crash when the archive was tested with\nunzip's '-t' option. (CVE-2014-8139)\n\nAn integer underflow flaw, leading to a buffer overflow, was found in\nthe way unzip uncompressed certain extra fields of a file. A specially\ncrafted Zip archive could cause unzip to crash when the archive was\ntested with unzip's '-t' option. (CVE-2014-8140)\n\nA buffer overflow flaw was found in the way unzip handled Zip64 files.\nA specially crafted Zip archive could possibly cause unzip to crash\nwhen the archive was uncompressed. (CVE-2014-8141)\n\nRed Hat would like to thank oCERT for reporting the CVE-2014-8139,\nCVE-2014-8140, and CVE-2014-8141 issues. oCERT acknowledges Michele\nSpagnuolo of the Google Security Team as the original reporter of\nthese issues.\n\nAll unzip users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.", "edition": 26, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2015-03-19T00:00:00", "title": "Oracle Linux 6 / 7 : unzip (ELSA-2015-0700)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8141", "CVE-2014-8140", "CVE-2014-9636", "CVE-2014-8139"], "modified": "2015-03-19T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:unzip", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2015-0700.NASL", "href": "https://www.tenable.com/plugins/nessus/81947", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:0700 and \n# Oracle Linux Security Advisory ELSA-2015-0700 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81947);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-8139\", \"CVE-2014-8140\", \"CVE-2014-8141\", \"CVE-2014-9636\");\n script_xref(name:\"RHSA\", value:\"2015:0700\");\n\n script_name(english:\"Oracle Linux 6 / 7 : unzip (ELSA-2015-0700)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:0700 :\n\nUpdated unzip packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe unzip utility is used to list, test, or extract files from a zip\narchive.\n\nA buffer overflow was found in the way unzip uncompressed certain\nextra fields of a file. A specially crafted Zip archive could cause\nunzip to crash or, possibly, execute arbitrary code when the archive\nwas tested with unzip's '-t' option. (CVE-2014-9636)\n\nA buffer overflow flaw was found in the way unzip computed the CRC32\nchecksum of certain extra fields of a file. A specially crafted Zip\narchive could cause unzip to crash when the archive was tested with\nunzip's '-t' option. (CVE-2014-8139)\n\nAn integer underflow flaw, leading to a buffer overflow, was found in\nthe way unzip uncompressed certain extra fields of a file. A specially\ncrafted Zip archive could cause unzip to crash when the archive was\ntested with unzip's '-t' option. (CVE-2014-8140)\n\nA buffer overflow flaw was found in the way unzip handled Zip64 files.\nA specially crafted Zip archive could possibly cause unzip to crash\nwhen the archive was uncompressed. (CVE-2014-8141)\n\nRed Hat would like to thank oCERT for reporting the CVE-2014-8139,\nCVE-2014-8140, and CVE-2014-8141 issues. oCERT acknowledges Michele\nSpagnuolo of the Google Security Team as the original reporter of\nthese issues.\n\nAll unzip users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-March/004911.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-March/004912.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected unzip package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:unzip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"unzip-6.0-2.el6_6\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"unzip-6.0-15.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unzip\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T01:19:03", "description": "A buffer overflow was found in the way unzip uncompressed certain\nextra fields of a file. A specially crafted Zip archive could cause\nunzip to crash or, possibly, execute arbitrary code when the archive\nwas tested with unzip's '-t' option. (CVE-2014-9636)\n\nA buffer overflow flaw was found in the way unzip computed the CRC32\nchecksum of certain extra fields of a file. A specially crafted Zip\narchive could cause unzip to crash when the archive was tested with\nunzip's '-t' option. (CVE-2014-8139)\n\nAn integer underflow flaw, leading to a buffer overflow, was found in\nthe way unzip uncompressed certain extra fields of a file. A specially\ncrafted Zip archive could cause unzip to crash when the archive was\ntested with unzip's '-t' option. (CVE-2014-8140)\n\nA buffer overflow flaw was found in the way unzip handled Zip64 files.\nA specially crafted Zip archive could possibly cause unzip to crash\nwhen the archive was uncompressed. (CVE-2014-8141)", "edition": 26, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2015-04-17T00:00:00", "title": "Amazon Linux AMI : unzip (ALAS-2015-504)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8141", "CVE-2014-8140", "CVE-2014-9636", "CVE-2014-8139"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:unzip-debuginfo", "p-cpe:/a:amazon:linux:unzip", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2015-504.NASL", "href": "https://www.tenable.com/plugins/nessus/82832", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-504.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82832);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/02/06\");\n\n script_cve_id(\"CVE-2014-8139\", \"CVE-2014-8140\", \"CVE-2014-8141\", \"CVE-2014-9636\");\n script_xref(name:\"ALAS\", value:\"2015-504\");\n script_xref(name:\"RHSA\", value:\"2015:0700\");\n\n script_name(english:\"Amazon Linux AMI : unzip (ALAS-2015-504)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow was found in the way unzip uncompressed certain\nextra fields of a file. A specially crafted Zip archive could cause\nunzip to crash or, possibly, execute arbitrary code when the archive\nwas tested with unzip's '-t' option. (CVE-2014-9636)\n\nA buffer overflow flaw was found in the way unzip computed the CRC32\nchecksum of certain extra fields of a file. A specially crafted Zip\narchive could cause unzip to crash when the archive was tested with\nunzip's '-t' option. (CVE-2014-8139)\n\nAn integer underflow flaw, leading to a buffer overflow, was found in\nthe way unzip uncompressed certain extra fields of a file. A specially\ncrafted Zip archive could cause unzip to crash when the archive was\ntested with unzip's '-t' option. (CVE-2014-8140)\n\nA buffer overflow flaw was found in the way unzip handled Zip64 files.\nA specially crafted Zip archive could possibly cause unzip to crash\nwhen the archive was uncompressed. (CVE-2014-8141)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-504.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update unzip' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:unzip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:unzip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"unzip-6.0-2.9.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"unzip-debuginfo-6.0-2.9.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unzip / unzip-debuginfo\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T13:23:27", "description": "The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - Fix CVE-2014-9636 CVE-2014-8139 CVE-2014-8140\n (CVE-2014-8141) Resolves: #1196132 #1196120 #1196124\n #1196128", "edition": 28, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2015-03-20T00:00:00", "title": "OracleVM 3.3 : unzip (OVMSA-2015-0037)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8141", "CVE-2014-8140", "CVE-2014-9636", "CVE-2014-8139"], "modified": "2015-03-20T00:00:00", "cpe": ["cpe:/o:oracle:vm_server:3.3", "p-cpe:/a:oracle:vm:unzip"], "id": "ORACLEVM_OVMSA-2015-0037.NASL", "href": "https://www.tenable.com/plugins/nessus/81968", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2015-0037.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81968);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-8139\", \"CVE-2014-8140\", \"CVE-2014-8141\", \"CVE-2014-9636\");\n script_bugtraq_id(71790, 71792, 71793, 71825);\n\n script_name(english:\"OracleVM 3.3 : unzip (OVMSA-2015-0037)\");\n script_summary(english:\"Checks the RPM output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - Fix CVE-2014-9636 CVE-2014-8139 CVE-2014-8140\n (CVE-2014-8141) Resolves: #1196132 #1196120 #1196124\n #1196128\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2015-March/000289.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fafdff2e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected unzip package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:unzip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"unzip-6.0-2.el6_6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unzip\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:13:25", "description": " - Fix CVE-2014-8139 - CRC32 verification heap-based buffer\n overread (#1174844)\n\n - Fix CVE-2014-8140 - out-of-bounds write issue in\n test_compr_eb() (#1174851)\n\n - Fix CVE-2014-8141 - getZip64Data() out-of-bounds read\n issues (#1174856)\n\n - Fix buffer overflow on long file sizes (#1191136)\n\n - CVE-2014-9636 unzip: out-of-bounds read/write in\n test_compr_eb() in extract.c - re-fix (see\n https://bugzilla.redhat.com/show_bug.cgi?id=1184985#c7)\n\n - Fix CVE-2014-8139 - CRC32 verification heap-based\n buffer overread (#1174844)\n\n - Fix CVE-2014-8140 - out-of-bounds write issue in\n test_compr_eb() (#1174851)\n\n - Fix CVE-2014-8141 - getZip64Data() out-of-bounds read\n issues (#1174856)\n\n - Fix buffer overflow on long file sizes (#1191136)\n\n - Fix CVE-2014-8139 - CRC32 verification heap-based buffer\n overread (#1174844)\n\n - Fix CVE-2014-8140 - out-of-bounds write issue in\n test_compr_eb() (#1174851)\n\n - Fix CVE-2014-8141 - getZip64Data() out-of-bounds read\n issues (#1174856)\n\n - Fix buffer overflow on long file sizes (#1191136)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 18, "published": "2015-02-24T00:00:00", "title": "Fedora 20 : unzip-6.0-17.fc20 (2015-1993)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8141", "CVE-2014-8140", "CVE-2014-9636", "CVE-2014-8139"], "modified": "2015-02-24T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:unzip", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2015-1993.NASL", "href": "https://www.tenable.com/plugins/nessus/81454", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-1993.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81454);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-8139\", \"CVE-2014-8140\", \"CVE-2014-8141\", \"CVE-2014-9636\");\n script_xref(name:\"FEDORA\", value:\"2015-1993\");\n\n script_name(english:\"Fedora 20 : unzip-6.0-17.fc20 (2015-1993)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fix CVE-2014-8139 - CRC32 verification heap-based buffer\n overread (#1174844)\n\n - Fix CVE-2014-8140 - out-of-bounds write issue in\n test_compr_eb() (#1174851)\n\n - Fix CVE-2014-8141 - getZip64Data() out-of-bounds read\n issues (#1174856)\n\n - Fix buffer overflow on long file sizes (#1191136)\n\n - CVE-2014-9636 unzip: out-of-bounds read/write in\n test_compr_eb() in extract.c - re-fix (see\n https://bugzilla.redhat.com/show_bug.cgi?id=1184985#c7)\n\n - Fix CVE-2014-8139 - CRC32 verification heap-based\n buffer overread (#1174844)\n\n - Fix CVE-2014-8140 - out-of-bounds write issue in\n test_compr_eb() (#1174851)\n\n - Fix CVE-2014-8141 - getZip64Data() out-of-bounds read\n issues (#1174856)\n\n - Fix buffer overflow on long file sizes (#1191136)\n\n - Fix CVE-2014-8139 - CRC32 verification heap-based buffer\n overread (#1174844)\n\n - Fix CVE-2014-8140 - out-of-bounds write issue in\n test_compr_eb() (#1174851)\n\n - Fix CVE-2014-8141 - getZip64Data() out-of-bounds read\n issues (#1174856)\n\n - Fix buffer overflow on long file sizes (#1191136)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1174844\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1174851\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1174856\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1184985\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1184985#c7\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-February/150329.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?db3e9802\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected unzip package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:unzip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"unzip-6.0-17.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unzip\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:13:26", "description": " - Fix CVE-2014-8139 - CRC32 verification heap-based buffer\n overread (#1174844)\n\n - Fix CVE-2014-8140 - out-of-bounds write issue in\n test_compr_eb() (#1174851)\n\n - Fix CVE-2014-8141 - getZip64Data() out-of-bounds read\n issues (#1174856)\n\n - Fix buffer overflow on long file sizes (#1191136)\n\n - CVE-2014-9636 unzip: out-of-bounds read/write in\n test_compr_eb() in extract.c - re-fix (see\n https://bugzilla.redhat.com/show_bug.cgi?id=1184985#c7)\n\n - Fix CVE-2014-8139 - CRC32 verification heap-based\n buffer overread (#1174844)\n\n - Fix CVE-2014-8140 - out-of-bounds write issue in\n test_compr_eb() (#1174851)\n\n - Fix CVE-2014-8141 - getZip64Data() out-of-bounds read\n issues (#1174856)\n\n - Fix buffer overflow on long file sizes (#1191136)\n\n - Fix CVE-2014-8139 - CRC32 verification heap-based buffer\n overread (#1174844)\n\n - Fix CVE-2014-8140 - out-of-bounds write issue in\n test_compr_eb() (#1174851)\n\n - Fix CVE-2014-8141 - getZip64Data() out-of-bounds read\n issues (#1174856)\n\n - Fix buffer overflow on long file sizes (#1191136)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 18, "published": "2015-02-16T00:00:00", "title": "Fedora 21 : unzip-6.0-20.fc21 (2015-2035)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8141", "CVE-2014-8140", "CVE-2014-9636", "CVE-2014-8139"], "modified": "2015-02-16T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:21", "p-cpe:/a:fedoraproject:fedora:unzip"], "id": "FEDORA_2015-2035.NASL", "href": "https://www.tenable.com/plugins/nessus/81367", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-2035.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81367);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-8139\", \"CVE-2014-8140\", \"CVE-2014-8141\", \"CVE-2014-9636\");\n script_xref(name:\"FEDORA\", value:\"2015-2035\");\n\n script_name(english:\"Fedora 21 : unzip-6.0-20.fc21 (2015-2035)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fix CVE-2014-8139 - CRC32 verification heap-based buffer\n overread (#1174844)\n\n - Fix CVE-2014-8140 - out-of-bounds write issue in\n test_compr_eb() (#1174851)\n\n - Fix CVE-2014-8141 - getZip64Data() out-of-bounds read\n issues (#1174856)\n\n - Fix buffer overflow on long file sizes (#1191136)\n\n - CVE-2014-9636 unzip: out-of-bounds read/write in\n test_compr_eb() in extract.c - re-fix (see\n https://bugzilla.redhat.com/show_bug.cgi?id=1184985#c7)\n\n - Fix CVE-2014-8139 - CRC32 verification heap-based\n buffer overread (#1174844)\n\n - Fix CVE-2014-8140 - out-of-bounds write issue in\n test_compr_eb() (#1174851)\n\n - Fix CVE-2014-8141 - getZip64Data() out-of-bounds read\n issues (#1174856)\n\n - Fix buffer overflow on long file sizes (#1191136)\n\n - Fix CVE-2014-8139 - CRC32 verification heap-based buffer\n overread (#1174844)\n\n - Fix CVE-2014-8140 - out-of-bounds write issue in\n test_compr_eb() (#1174851)\n\n - Fix CVE-2014-8141 - getZip64Data() out-of-bounds read\n issues (#1174856)\n\n - Fix buffer overflow on long file sizes (#1191136)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1174844\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1174851\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1174856\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1184985\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1184985#c7\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-February/150038.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fd03360b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected unzip package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:unzip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"unzip-6.0-20.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unzip\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T13:48:43", "description": "A buffer overflow was found in the way unzip uncompressed certain\nextra fields of a file. A specially crafted Zip archive could cause\nunzip to crash or, possibly, execute arbitrary code when the archive\nwas tested with unzip's '-t' option. (CVE-2014-9636)\n\nA buffer overflow flaw was found in the way unzip computed the CRC32\nchecksum of certain extra fields of a file. A specially crafted Zip\narchive could cause unzip to crash when the archive was tested with\nunzip's '-t' option. (CVE-2014-8139)\n\nAn integer underflow flaw, leading to a buffer overflow, was found in\nthe way unzip uncompressed certain extra fields of a file. A specially\ncrafted Zip archive could cause unzip to crash when the archive was\ntested with unzip's '-t' option. (CVE-2014-8140)\n\nA buffer overflow flaw was found in the way unzip handled Zip64 files.\nA specially crafted Zip archive could possibly cause unzip to crash\nwhen the archive was uncompressed. (CVE-2014-8141)", "edition": 17, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2015-03-26T00:00:00", "title": "Scientific Linux Security Update : unzip on SL6.x, SL7.x i386/x86_64 (20150318)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8141", "CVE-2014-8140", "CVE-2014-9636", "CVE-2014-8139"], "modified": "2015-03-26T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:unzip-debuginfo", "p-cpe:/a:fermilab:scientific_linux:unzip", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20150318_UNZIP_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/82263", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82263);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-8139\", \"CVE-2014-8140\", \"CVE-2014-8141\", \"CVE-2014-9636\");\n\n script_name(english:\"Scientific Linux Security Update : unzip on SL6.x, SL7.x i386/x86_64 (20150318)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow was found in the way unzip uncompressed certain\nextra fields of a file. A specially crafted Zip archive could cause\nunzip to crash or, possibly, execute arbitrary code when the archive\nwas tested with unzip's '-t' option. (CVE-2014-9636)\n\nA buffer overflow flaw was found in the way unzip computed the CRC32\nchecksum of certain extra fields of a file. A specially crafted Zip\narchive could cause unzip to crash when the archive was tested with\nunzip's '-t' option. (CVE-2014-8139)\n\nAn integer underflow flaw, leading to a buffer overflow, was found in\nthe way unzip uncompressed certain extra fields of a file. A specially\ncrafted Zip archive could cause unzip to crash when the archive was\ntested with unzip's '-t' option. (CVE-2014-8140)\n\nA buffer overflow flaw was found in the way unzip handled Zip64 files.\nA specially crafted Zip archive could possibly cause unzip to crash\nwhen the archive was uncompressed. (CVE-2014-8141)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1503&L=scientific-linux-errata&T=0&P=1514\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8745c042\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unzip and / or unzip-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:unzip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:unzip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"unzip-6.0-2.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"unzip-debuginfo-6.0-2.el6_6\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"unzip-6.0-15.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"unzip-debuginfo-6.0-15.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unzip / unzip-debuginfo\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T11:05:19", "description": "The remote host is affected by the vulnerability described in GLSA-201611-01\n(UnZip: Multiple vulnerabilities)\n\n Multiple vulnerabilities were found in UnZip. Please review the\n referenced CVE&rsquo;s for additional information.\n \nImpact :\n\n Remote attackers could execute arbitrary code or cause Denial of\n Service.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 25, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-11-02T00:00:00", "title": "GLSA-201611-01 : UnZip: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8141", "CVE-2014-8140", "CVE-2014-9636", "CVE-2014-8139"], "modified": "2016-11-02T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:unzip", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201611-01.NASL", "href": "https://www.tenable.com/plugins/nessus/94460", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201611-01.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94460);\n script_version(\"2.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-8139\", \"CVE-2014-8140\", \"CVE-2014-8141\", \"CVE-2014-9636\");\n script_xref(name:\"GLSA\", value:\"201611-01\");\n\n script_name(english:\"GLSA-201611-01 : UnZip: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201611-01\n(UnZip: Multiple vulnerabilities)\n\n Multiple vulnerabilities were found in UnZip. Please review the\n referenced CVE&rsquo;s for additional information.\n \nImpact :\n\n Remote attackers could execute arbitrary code or cause Denial of\n Service.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201611-01\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All UnZip users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-arch/unzip-6.0_p20'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:unzip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-arch/unzip\", unaffected:make_list(\"ge 6.0_p20\"), vulnerable:make_list(\"lt 6.0_p20\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"UnZip\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:36:42", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8141", "CVE-2014-8140", "CVE-2014-9636", "CVE-2014-8139"], "description": "**Issue Overview:**\n\nA buffer overflow was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary code when the archive was tested with unzip's '-t' option. ([CVE-2014-9636 __](<https://access.redhat.com/security/cve/CVE-2014-9636>))\n\nA buffer overflow flaw was found in the way unzip computed the CRC32 checksum of certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash when the archive was tested with unzip's '-t' option. ([CVE-2014-8139 __](<https://access.redhat.com/security/cve/CVE-2014-8139>))\n\nAn integer underflow flaw, leading to a buffer overflow, was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash when the archive was tested with unzip's '-t' option. ([CVE-2014-8140 __](<https://access.redhat.com/security/cve/CVE-2014-8140>))\n\nA buffer overflow flaw was found in the way unzip handled Zip64 files. A specially crafted Zip archive could possibly cause unzip to crash when the archive was uncompressed. ([CVE-2014-8141 __](<https://access.redhat.com/security/cve/CVE-2014-8141>))\n\n \n**Affected Packages:** \n\n\nunzip\n\n \n**Issue Correction:** \nRun _yum update unzip_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n unzip-debuginfo-6.0-2.9.amzn1.i686 \n unzip-6.0-2.9.amzn1.i686 \n \n src: \n unzip-6.0-2.9.amzn1.src \n \n x86_64: \n unzip-debuginfo-6.0-2.9.amzn1.x86_64 \n unzip-6.0-2.9.amzn1.x86_64 \n \n \n", "edition": 5, "modified": "2015-04-15T21:48:00", "published": "2015-04-15T21:48:00", "id": "ALAS-2015-504", "href": "https://alas.aws.amazon.com/ALAS-2015-504.html", "title": "Medium: unzip", "type": "amazon", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2020-10-30T13:24:59", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8141", "CVE-2014-8140", "CVE-2014-9636", "CVE-2014-8139"], "description": "**CentOS Errata and Security Advisory** CESA-2015:0700\n\n\nThe unzip utility is used to list, test, or extract files from a\nzip archive.\n\nA buffer overflow was found in the way unzip uncompressed certain extra\nfields of a file. A specially crafted Zip archive could cause unzip to\ncrash or, possibly, execute arbitrary code when the archive was tested with\nunzip's '-t' option. (CVE-2014-9636)\n\nA buffer overflow flaw was found in the way unzip computed the CRC32\nchecksum of certain extra fields of a file. A specially crafted Zip archive\ncould cause unzip to crash when the archive was tested with unzip's '-t'\noption. (CVE-2014-8139)\n\nAn integer underflow flaw, leading to a buffer overflow, was found in the\nway unzip uncompressed certain extra fields of a file. A specially crafted\nZip archive could cause unzip to crash when the archive was tested with\nunzip's '-t' option. (CVE-2014-8140)\n\nA buffer overflow flaw was found in the way unzip handled Zip64 files.\nA specially crafted Zip archive could possibly cause unzip to crash when\nthe archive was uncompressed. (CVE-2014-8141)\n\nRed Hat would like to thank oCERT for reporting the CVE-2014-8139,\nCVE-2014-8140, and CVE-2014-8141 issues. oCERT acknowledges Michele\nSpagnuolo of the Google Security Team as the original reporter of\nthese issues.\n\nAll unzip users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-April/033080.html\nhttp://lists.centos.org/pipermail/centos-announce/2015-March/033019.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2015-March/008056.html\n\n**Affected packages:**\nunzip\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0700.html", "edition": 11, "modified": "2015-04-01T03:34:46", "published": "2015-03-18T18:53:06", "href": "http://lists.centos.org/pipermail/centos-announce/2015-March/033019.html", "id": "CESA-2015:0700", "title": "unzip security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2020-02-06T14:37:14", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8141", "CVE-2014-8140", "CVE-2014-9636", "CVE-2014-8139"], "description": "[6.0-2]\n- Fix CVE-2014-9636 CVE-2014-8139 CVE-2014-8140 CVE-2014-8141\n Resolves: #1196132 #1196120 #1196124 #1196128", "edition": 5, "modified": "2015-03-18T00:00:00", "published": "2015-03-18T00:00:00", "id": "ELSA-2015-0700", "href": "http://linux.oracle.com/errata/ELSA-2015-0700.html", "title": "unzip security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2020-02-06T11:32:59", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8139", "CVE-2014-8140", "CVE-2014-8141", "CVE-2014-9636"], "description": "The unzip utility is used to list, test, or extract files from a\nzip archive.\n\nA buffer overflow was found in the way unzip uncompressed certain extra\nfields of a file. A specially crafted Zip archive could cause unzip to\ncrash or, possibly, execute arbitrary code when the archive was tested with\nunzip's '-t' option. (CVE-2014-9636)\n\nA buffer overflow flaw was found in the way unzip computed the CRC32\nchecksum of certain extra fields of a file. A specially crafted Zip archive\ncould cause unzip to crash when the archive was tested with unzip's '-t'\noption. (CVE-2014-8139)\n\nAn integer underflow flaw, leading to a buffer overflow, was found in the\nway unzip uncompressed certain extra fields of a file. A specially crafted\nZip archive could cause unzip to crash when the archive was tested with\nunzip's '-t' option. (CVE-2014-8140)\n\nA buffer overflow flaw was found in the way unzip handled Zip64 files.\nA specially crafted Zip archive could possibly cause unzip to crash when\nthe archive was uncompressed. (CVE-2014-8141)\n\nRed Hat would like to thank oCERT for reporting the CVE-2014-8139,\nCVE-2014-8140, and CVE-2014-8141 issues. oCERT acknowledges Michele\nSpagnuolo of the Google Security Team as the original reporter of\nthese issues.\n\nAll unzip users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n", "modified": "2018-06-06T20:24:27", "published": "2015-03-18T04:00:00", "id": "RHSA-2015:0700", "href": "https://access.redhat.com/errata/RHSA-2015:0700", "type": "redhat", "title": "(RHSA-2015:0700) Moderate: unzip security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-11-01T16:42:15", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8141", "CVE-2014-8140", "CVE-2014-9636", "CVE-2014-8139"], "edition": 1, "description": "### Background\n\nInfo-ZIP\u2019s UnZip is a tool to list and extract files inside PKZIP compressed files. \n\n### Description\n\nMultiple vulnerabilities were found in UnZip. Please review the referenced CVE\u2019s for additional information. \n\n### Impact\n\nRemote attackers could execute arbitrary code or cause Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll UnZip users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-arch/unzip-6.0_p20\"", "modified": "2016-11-01T00:00:00", "published": "2016-11-01T00:00:00", "href": "https://security.gentoo.org/glsa/201611-01", "id": "GLSA-201611-01", "type": "gentoo", "title": "UnZip: Multiple vulnerabilities", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:58", "bulletinFamily": "software", "cvelist": ["CVE-2014-8141", "CVE-2014-8140", "CVE-2014-9636", "CVE-2015-1315", "CVE-2014-8139"], "description": "Few buffer overflows.", "edition": 1, "modified": "2015-02-22T00:00:00", "published": "2015-02-22T00:00:00", "id": "SECURITYVULNS:VULN:14173", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14173", "title": "UnZip multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:56", "bulletinFamily": "software", "cvelist": ["CVE-2014-8141", "CVE-2014-8140", "CVE-2014-8139"], "description": "\r\n\r\n\r\n#2014-011 UnZip input sanitization errors\r\n\r\nDescription:\r\n\r\nThe UnZip tool is an open source extraction utility for archives compressed in\r\nthe zip format.\r\n\r\nThe unzip command line tool is affected by heap-based buffer overflows within\r\nthe CRC32 verification, the test_compr_eb&#40;&#41; and the getZip64Data&#40;&#41; functions.\r\nThe input errors may result in in arbitrary code execution.\r\n\r\nA specially crafted zip file, passed to unzip -t, can be used to trigger the\r\nvulnerability.\r\n\r\nAffected version:\r\n\r\nUnZip &lt;= 6.0\r\n\r\nFixed version:\r\n\r\nUnZip, N/A\r\n\r\nCredit: vulnerability report received from the Google Security Team.\r\n\r\nCVE: CVE-2014-8139 &#40;CRC32 heap overflow&#41;, CVE-2014-8140 &#40;test_compr_eb&#41;,\r\n CVE-2014-8141 &#40;getZip64Data&#41;\r\n\r\nTimeline:\r\n\r\n2014-12-03: vulnerability report received\r\n2014-12-03: contacted maintainer\r\n2014-12-03: first patch provided by maintainer\r\n2014-12-04: report provides additional reproducers\r\n2014-12-03: second patch provided by maintainer\r\n2014-12-04: reporter confirms patch\r\n2014-12-10: contacted affected vendors\r\n2014-12-12: assigned CVEs\r\n2014-12-22: advisory release\r\n\r\nReferences:\r\nhttp://www.info-zip.org/UnZip.html\r\n\r\nPermalink:\r\nhttp://www.ocert.org/advisories/ocert-2014-011.html\r\n\r\n-- Andrea Barisani | Founder &amp; Project Coordinator oCERT | OSS Computer Security Incident Response Team &lt;lcars@ocert.org&gt; http://www.ocert.org 0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E &quot;Pluralitas non est ponenda sine necessitate&quot;\r\n\r\n", "edition": 1, "modified": "2014-12-23T00:00:00", "published": "2014-12-23T00:00:00", "id": "SECURITYVULNS:DOC:31553", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31553", "title": "[oCERT-2014-011] UnZip input sanitization errors", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-31T11:10:57", "bulletinFamily": "software", "cvelist": ["CVE-2014-9636", "CVE-2014-8139"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-3152-1 security@debian.org\r\nhttp://www.debian.org/security/ Salvatore Bonaccorso\r\nFebruary 03, 2015 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : unzip\r\nCVE ID : CVE-2014-9636\r\nDebian Bug : 776589\r\n\r\nA flaw was found in the test_compr_eb&#40;&#41; function allowing out-of-bounds\r\nread and write access to memory locations. By carefully crafting a\r\ncorrupt ZIP archive an attacker can trigger a heap overflow, resulting\r\nin application crash or possibly having other unspecified impact.\r\n\r\nFor the stable distribution &#40;wheezy&#41;, this problem has been fixed in\r\nversion 6.0-8+deb7u2. Additionally this update corrects a defective\r\npatch applied to address CVE-2014-8139, which caused a regression with\r\nexecutable jar files.\r\n\r\nFor the unstable distribution &#40;sid&#41;, this problem has been fixed in\r\nversion 6.0-15. The defective patch applied to address CVE-2014-8139 was\r\ncorrected in version 6.0-16.\r\n\r\nWe recommend that you upgrade your unzip packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: https://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQIcBAEBCgAGBQJU0OMCAAoJEAVMuPMTQ89Eal0P/2E2h2at+DLB3Xn4+p6Hh2uD\r\nO4Lrhw8iN77KY2Jo/EmsVd22MiL8fqQgKTj0FA7ruydABYlkdB9R6aoRQJZf4ifm\r\nW2ojedQzC2UHKzhlW0OuzQn9GjoeuCQ9Mj3K3xu0DDfrEkIrxWKwqWgWNOTxDnPW\r\nr5RoyA6rKX70rd9aLWd7jI77S/e6lq0jHM2Fc8tG5kQ58pkzViV5bKU1yhPazQBr\r\nmN3leJUrM+K55+IcxbuXYIP/F4cr3WrQntmj0oaLSJWKpmWsJ6z40ViMitREKMA4\r\nOZoAAsctkBLfeEyHPHwBz3KfsmhMMWXf8o4nikHzzkC/9jYZ5+5R+PVC/IJb6lnG\r\nSYOD07fjFMrwO39SSbf6oGW7ivuS62zPTqvEGUnloYe04ezKa7JzXMtNBfsWr7Ax\r\ngcnF63u8vEC6/TvliStIL7vSXHm5XX/4HllUoZcvpnXkQMBZG/Ol5Pju/lo5PGIi\r\n6UTBAjlqYJMq2RSrVcmdS3Bksh3rznVwDkLB6b6t8B8dT065mjxFsYFTQY049xBU\r\nrFK8rbWtjHttmO/LJxbQYj0GtKl5IccmNcrw02S2wSFtmz+e/L5Fevhwd7NHWTRg\r\nOfgEZdKGtTEhkJ5sI3j7fk5XyFVG9hgz0LPts+OWIvIcavj64T403R4bb8XFh/OH\r\n1nMrjOl6pdw+qr12h8vK\r\n=0h2b\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2015-02-11T00:00:00", "published": "2015-02-11T00:00:00", "id": "SECURITYVULNS:DOC:31705", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31705", "title": "[SECURITY] [DSA 3152-1] unzip security update", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:59", "bulletinFamily": "software", "cvelist": ["CVE-2015-4000", "CVE-2015-3699", "CVE-2015-3693", "CVE-2015-1157", "CVE-2015-0235", "CVE-2015-3666", "CVE-2015-3686", "CVE-2015-3697", "CVE-2015-3672", "CVE-2015-3716", "CVE-2015-3711", "CVE-2015-3712", "CVE-2015-3717", "CVE-2015-3688", "CVE-2015-3691", "CVE-2015-3706", "CVE-2015-0286", "CVE-2015-3682", "CVE-2015-3720", "CVE-2015-3677", "CVE-2014-8127", "CVE-2015-3702", "CVE-2015-3694", "CVE-2015-3687", "CVE-2014-8141", "CVE-2015-0288", "CVE-2015-1799", "CVE-2015-3721", "CVE-2015-3707", "CVE-2015-0273", "CVE-2015-3675", "CVE-2015-3689", "CVE-2015-3704", "CVE-2015-3680", "CVE-2013-1741", "CVE-2014-8140", "CVE-2015-3676", "CVE-2015-3696", "CVE-2015-3698", "CVE-2015-3692", "CVE-2015-3690", "CVE-2015-3673", "CVE-2014-8130", "CVE-2015-0293", "CVE-2015-3700", "CVE-2015-3703", "CVE-2015-3681", "CVE-2015-0209", "CVE-2015-3662", "CVE-2015-3719", "CVE-2015-3714", "CVE-2015-3667", "CVE-2015-3668", "CVE-2015-3709", "CVE-2015-3661", "CVE-2015-3683", "CVE-2014-8128", "CVE-2015-3663", "CVE-2014-8129", "CVE-2015-0287", "CVE-2015-1798", "CVE-2015-0289", "CVE-2015-3674", "CVE-2015-3710", "CVE-2015-3713", "CVE-2015-3701", "CVE-2015-3705", "CVE-2015-3678", "CVE-2015-3718", "CVE-2014-8139", "CVE-2015-3695", "CVE-2015-3685", "CVE-2015-3671", "CVE-2015-3684", "CVE-2015-3679", "CVE-2015-3708", "CVE-2015-3715"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA256\r\n\r\nAPPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update\r\n2015-005\r\n\r\nOS X Yosemite v10.10.4 and Security Update 2015-005 are now available\r\nand address the following:\r\n\r\nAdmin Framework\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: A process may gain admin privileges without proper\r\nauthentication\r\nDescription: An issue existed when checking XPC entitlements. This\r\nissue was addressed through improved entitlement checking.\r\nCVE-ID\r\nCVE-2015-3671 : Emil Kvarnhammar at TrueSec\r\n\r\nAdmin Framework\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: A non-admin user may obtain admin rights\r\nDescription: An issue existed in the handling of user\r\nauthentication. This issue was addressed through improved error\r\nchecking.\r\nCVE-ID\r\nCVE-2015-3672 : Emil Kvarnhammar at TrueSec\r\n\r\nAdmin Framework\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: An attacker may abuse Directory Utility to gain root\r\nprivileges\r\nDescription: Directory Utility was able to be moved and modified to\r\nachieve code execution within an entitled process. This issue was\r\naddressed by limiting the disk location that writeconfig clients may\r\nbe executed from.\r\nCVE-ID\r\nCVE-2015-3673 : Patrick Wardle of Synack, Emil Kvarnhammar at TrueSec\r\n\r\nafpserver\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: A remote attacker may be able to cause unexpected\r\napplication termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the AFP server.\r\nThis issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3674 : Dean Jerkovich of NCC Group\r\n\r\napache\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: An attacker may be able to access directories that are\r\nprotected with HTTP authentication without knowing the correct\r\ncredentials\r\nDescription: The default Apache configuration did not include\r\nmod_hfs_apple. If Apache was manually enabled and the configuration\r\nwas not changed, some files that should not be accessible might have\r\nbeen accessible using a specially crafted URL. This issue was\r\naddressed by enabling mod_hfs_apple.\r\nCVE-ID\r\nCVE-2015-3675 : Apple\r\n\r\napache\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: Multiple vulnerabilities exist in PHP, the most serious of\r\nwhich may lead to arbitrary code execution\r\nDescription: Multiple vulnerabilities existed in PHP versions prior\r\nto 5.5.24 and 5.4.40. These were addressed by updating PHP to\r\nversions 5.5.24 and 5.4.40.\r\nCVE-ID\r\nCVE-2015-0235\r\nCVE-2015-0273\r\n\r\nAppleGraphicsControl\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: An issue existed in AppleGraphicsControl which could\r\nhave led to the disclosure of kernel memory layout. This issue was\r\naddressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2015-3676 : Chen Liang of KEEN Team\r\n\r\nAppleFSCompression\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: An issue existed in LZVN compression that could have\r\nled to the disclosure of kernel memory content. This issue was\r\naddressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3677 : an anonymous researcher working with HP&#39;s Zero Day\r\nInitiative\r\n\r\nAppleThunderboltEDMService\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in the handling of\r\ncertain Thunderbolt commands from local processes. This issue was\r\naddressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3678 : Apple\r\n\r\nATS\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in handling\r\nof certain fonts. These issues were addressed through improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-3679 : Pawel Wylecial working with HP&#39;s Zero Day Initiative\r\nCVE-2015-3680 : Pawel Wylecial working with HP&#39;s Zero Day Initiative\r\nCVE-2015-3681 : John Villamil &#40;@day6reak&#41;, Yahoo Pentest Team\r\nCVE-2015-3682 : Nuode Wei\r\n\r\nBluetooth\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in the Bluetooth HCI\r\ninterface. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3683 : Roberto Paleari and Aristide Fattori of Emaze\r\nNetworks\r\n\r\nCertificate Trust Policy\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: An attacker with a privileged network position may be able\r\nto intercept network traffic\r\nDescription: An intermediate certificate was incorrectly issued by\r\nthe certificate authority CNNIC. This issue was addressed through the\r\naddition of a mechanism to trust only a subset of certificates issued\r\nprior to the mis-issuance of the intermediate. Further details are\r\navailable at https://support.apple.com/en-us/HT204938\r\n\r\nCertificate Trust Policy\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nDescription: The certificate trust policy was updated. The complete\r\nlist of certificates may be viewed at https://support.apple.com/en-\r\nus/HT202858.\r\n\r\nCFNetwork HTTPAuthentication\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: Following a maliciously crafted URL may lead to arbitrary\r\ncode execution\r\nDescription: A memory corruption issue existed in handling of\r\ncertain URL credentials. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-3684 : Apple\r\n\r\nCoreText\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: Processing a maliciously crafted text file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in the\r\nprocessing of text files. These issues were addressed through\r\nimproved bounds checking.\r\nCVE-ID\r\nCVE-2015-1157\r\nCVE-2015-3685 : Apple\r\nCVE-2015-3686 : John Villamil &#40;@day6reak&#41;, Yahoo Pentest Team\r\nCVE-2015-3687 : John Villamil &#40;@day6reak&#41;, Yahoo Pentest Team\r\nCVE-2015-3688 : John Villamil &#40;@day6reak&#41;, Yahoo Pentest Team\r\nCVE-2015-3689 : Apple\r\n\r\ncoreTLS\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: An attacker with a privileged network position may intercept\r\nSSL/TLS connections\r\nDescription: coreTLS accepted short ephemeral Diffie-Hellman &#40;DH&#41;\r\nkeys, as used in export-strength ephemeral DH cipher suites. This\r\nissue, also known as Logjam, allowed an attacker with a privileged\r\nnetwork position to downgrade security to 512-bit DH if the server\r\nsupported an export-strength ephemeral DH cipher suite. The issue was\r\naddressed by increasing the default minimum size allowed for DH\r\nephemeral keys to 768 bits.\r\nCVE-ID\r\nCVE-2015-4000 : The weakdh team at weakdh.org, Hanno Boeck\r\n\r\nDiskImages\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: An information disclosure issue existed in the\r\nprocessing of disk images. This issue was addressed through improved\r\nmemory management.\r\nCVE-ID\r\nCVE-2015-3690 : Peter Rutenbar working with HP&#39;s Zero Day Initiative\r\n\r\nDisplay Drivers\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: An issue existed in the Monitor Control Command Set\r\nkernel extension by which a userland process could control the value\r\nof a function pointer within the kernel. The issue was addressed by\r\nremoving the affected interface.\r\nCVE-ID\r\nCVE-2015-3691 : Roberto Paleari and Aristide Fattori of Emaze\r\nNetworks\r\n\r\nEFI\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application with root privileges may be able to\r\nmodify EFI flash memory\r\nDescription: An insufficient locking issue existed with EFI flash\r\nwhen resuming from sleep states. This issue was addressed through\r\nimproved locking.\r\nCVE-ID\r\nCVE-2015-3692 : Trammell Hudson of Two Sigma Investments, Xeno Kovah\r\nand Corey Kallenberg of LegbaCore LLC, Pedro Vilaca\r\n\r\nEFI\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application may induce memory corruption to\r\nescalate privileges\r\nDescription: A disturbance error, also known as Rowhammer, exists\r\nwith some DDR3 RAM that could have led to memory corruption. This\r\nissue was mitigated by increasing memory refresh rates.\r\nCVE-ID\r\nCVE-2015-3693 : Mark Seaborn and Thomas Dullien of Google, working\r\nfrom original research by Yoongu Kim et al &#40;2014&#41;\r\n\r\nFontParser\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-3694 : John Villamil &#40;@day6reak&#41;, Yahoo Pentest Team\r\n\r\nGraphics Driver\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: An out of bounds write issue existed in NVIDIA graphics\r\ndriver. This issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2015-3712 : Ian Beer of Google Project Zero\r\n\r\nIntel Graphics Driver\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: Multiple buffer overflow issues exist in the Intel graphics\r\ndriver, the most serious of which may lead to arbitrary code\r\nexecution with system privileges\r\nDescription: Multiple buffer overflow issues existed in the Intel\r\ngraphics driver. These were addressed through additional bounds\r\nchecks.\r\nCVE-ID\r\nCVE-2015-3695 : Ian Beer of Google Project Zero\r\nCVE-2015-3696 : Ian Beer of Google Project Zero\r\nCVE-2015-3697 : Ian Beer of Google Project Zero\r\nCVE-2015-3698 : Ian Beer of Google Project Zero\r\nCVE-2015-3699 : Ian Beer of Google Project Zero\r\nCVE-2015-3700 : Ian Beer of Google Project Zero\r\nCVE-2015-3701 : Ian Beer of Google Project Zero\r\nCVE-2015-3702 : KEEN Team\r\n\r\nImageIO\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: Multiple vulnerabilities existed in libtiff, the most\r\nserious of which may lead to arbitrary code execution\r\nDescription: Multiple vulnerabilities existed in libtiff versions\r\nprior to 4.0.4. They were addressed by updating libtiff to version\r\n4.0.4.\r\nCVE-ID\r\nCVE-2014-8127\r\nCVE-2014-8128\r\nCVE-2014-8129\r\nCVE-2014-8130\r\n\r\nImageIO\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: Processing a maliciously crafted .tiff file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\n.tiff files. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2015-3703 : Apple\r\n\r\nInstall Framework Legacy\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: Several issues existed in how Install.framework&#39;s\r\n&#39;runner&#39; setuid binary dropped privileges. This was addressed by\r\nproperly dropping privileges.\r\nCVE-ID\r\nCVE-2015-3704 : Ian Beer of Google Project Zero\r\n\r\nIOAcceleratorFamily\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: Multiple memory corruption issues existed in\r\nIOAcceleratorFamily. These issues were addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-3705 : KEEN Team\r\nCVE-2015-3706 : KEEN Team\r\n\r\nIOFireWireFamily\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: Multiple null pointer dereference issues existed in the\r\nFireWire driver. These issues were addressed through improved error\r\nchecking.\r\nCVE-ID\r\nCVE-2015-3707 : Roberto Paleari and Aristide Fattori of Emaze\r\nNetworks\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: A memory management issue existed in the handling of\r\nAPIs related to kernel extensions which could have led to the\r\ndisclosure of kernel memory layout. This issue was addressed through\r\nimproved memory management.\r\nCVE-ID\r\nCVE-2015-3720 : Stefan Esser\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: A memory management issue existed in the handling of\r\nHFS parameters which could have led to the disclosure of kernel\r\nmemory layout. This issue was addressed through improved memory\r\nmanagement.\r\nCVE-ID\r\nCVE-2015-3721 : Ian Beer of Google Project Zero\r\n\r\nkext tools\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application may be able to overwrite arbitrary\r\nfiles\r\nDescription: kextd followed symbolic links while creating a new\r\nfile. This issue was addressed through improved handling of symbolic\r\nlinks.\r\nCVE-ID\r\nCVE-2015-3708 : Ian Beer of Google Project Zero\r\n\r\nkext tools\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: A local user may be able to load unsigned kernel extensions\r\nDescription: A time-of-check time-of-use &#40;TOCTOU&#41; race condition\r\ncondition existed while validating the paths of kernel extensions.\r\nThis issue was addressed through improved checks to validate the path\r\nof the kernel extensions.\r\nCVE-ID\r\nCVE-2015-3709 : Ian Beer of Google Project Zero\r\n\r\nMail\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: A maliciously crafted email can replace the message content\r\nwith an arbitrary webpage when the message is viewed\r\nDescription: An issue existed in the support for HTML email which\r\nallowed message content to be refreshed with an arbitrary webpage.\r\nThe issue was addressed through restricted support for HTML content.\r\nCVE-ID\r\nCVE-2015-3710 : Aaron Sigel of vtty.com, Jan Soucek\r\n\r\nntfs\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: An issue existed in NTFS that could have led to the\r\ndisclosure of kernel memory content. This issue was addressed through\r\nimproved memory handling.\r\nCVE-ID\r\nCVE-2015-3711 : Peter Rutenbar working with HP&#39;s Zero Day Initiative\r\n\r\nntp\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: An attacker in a privileged position may be able to perform\r\na denial of service attack against two ntp clients\r\nDescription: Multiple issues existed in the authentication of ntp\r\npackets being received by configured end-points. These issues were\r\naddressed through improved connection state management.\r\nCVE-ID\r\nCVE-2015-1798\r\nCVE-2015-1799\r\n\r\nOpenSSL\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: Multiple issues exist in OpenSSL, including one that may\r\nallow an attacker to intercept connections to a server that supports\r\nexport-grade ciphers\r\nDescription: Multiple issues existed in OpenSSL 0.9.8zd which were\r\naddressed by updating OpenSSL to version 0.9.8zf.\r\nCVE-ID\r\nCVE-2015-0209\r\nCVE-2015-0286\r\nCVE-2015-0287\r\nCVE-2015-0288\r\nCVE-2015-0289\r\nCVE-2015-0293\r\n\r\nQuickTime\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: Processing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in QuickTime.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3661 : G. Geshev working with HP&#39;s Zero Day Initiative\r\nCVE-2015-3662 : kdot working with HP&#39;s Zero Day Initiative\r\nCVE-2015-3663 : kdot working with HP&#39;s Zero Day Initiative\r\nCVE-2015-3666 : Steven Seeley of Source Incite working with HP&#39;s Zero\r\nDay Initiative\r\nCVE-2015-3667 : Ryan Pentney, Richard Johnson of Cisco Talos and Kai\r\nLu of Fortinet&#39;s FortiGuard Labs, Ryan Pentney, and Richard Johnson\r\nof Cisco Talos and Kai Lu of Fortinet&#39;s FortiGuard Labs\r\nCVE-2015-3668 : Kai Lu of Fortinet&#39;s FortiGuard Labs\r\nCVE-2015-3713 : Apple\r\n\r\nSecurity\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: A remote attacker may cause an unexpected application\r\ntermination or arbitrary code execution\r\nDescription: An integer overflow existed in the Security framework\r\ncode for parsing S/MIME e-mail and some other signed or encrypted\r\nobjects. This issue was addressed through improved validity checking.\r\nCVE-ID\r\nCVE-2013-1741\r\n\r\nSecurity\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: Tampered applications may not be prevented from launching\r\nDescription: Apps using custom resource rules may have been\r\nsusceptible to tampering that would not have invalidated the\r\nsignature. This issue was addressed with improved resource\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-3714 : Joshua Pitts of Leviathan Security Group\r\n\r\nSecurity\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application may be able to bypass code signing\r\nchecks\r\nDescription: An issue existed where code signing did not verify\r\nlibraries loaded outside the application bundle. This issue was\r\naddressed with improved bundle verification.\r\nCVE-ID\r\nCVE-2015-3715 : Patrick Wardle of Synack\r\n\r\nSpotlight\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: Searching for a malicious file with Spotlight may lead to\r\ncommand injection\r\nDescription: A command injection vulnerability existed in the\r\nhandling of filenames of photos added to the local photo library.\r\nThis issue was addressed through improved input validation.\r\nCVE-ID\r\nCVE-2015-3716 : Apple\r\n\r\nSQLite\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: A remote attacker may cause an unexpected application\r\ntermination or arbitrary code execution\r\nDescription: Multiple buffer overflows existed in SQLite&#39;s printf\r\nimplementation. These issues were addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2015-3717 : Peter Rutenbar working with HP&#39;s Zero Day Initiative\r\n\r\nSystem Stats\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious app may be able to compromise systemstatsd\r\nDescription: A type confusion issue existed in systemstatsd&#39;s\r\nhandling of interprocess communication. By sending a maliciously\r\nformatted message to systemstatsd, it may have been possible to\r\nexecute arbitrary code as the systemstatsd process. The issue was\r\naddressed through additional type checking.\r\nCVE-ID\r\nCVE-2015-3718 : Roberto Paleari and Aristide Fattori of Emaze\r\nNetworks\r\n\r\nTrueTypeScaler\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-3719 : John Villamil &#40;@day6reak&#41;, Yahoo Pentest Team\r\n\r\nzip\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: Extracting a maliciously crafted zip file using the unzip\r\ntool may lead to an unexpected application termination or arbitrary\r\ncode execution\r\nDescription: Multiple memory corruption issues existed in the\r\nhandling of zip files. These issues were addressed through improved\r\nmemory handling.\r\nCVE-ID\r\n\r\nCVE-2014-8139\r\nCVE-2014-8140\r\nCVE-2014-8141\r\n\r\n\r\nOS X Yosemite 10.10.4 includes the security content of Safari 8.0.7.\r\nhttps://support.apple.com/en-us/HT204950\r\n\r\nOS X Yosemite 10.10.4 and Security Update 2015-005 may be obtained\r\nfrom the Mac App Store or Apple&#39;s Software Downloads web site:\r\nhttp://www.apple.com/support/downloads/\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple&#39;s Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIcBAEBCAAGBQJVksFmAAoJEBcWfLTuOo7tV1AQAIYpkOMpHp181b+70sgyZ/Ue\r\nmFM527FFGDfLLuIW6LTcBsEFe9cfZxumB8eOFPirTNRK7krsVMo1W+faHXyWOnx7\r\nkbWylHdhaoxnX+A6Gj0vP71V6TNNsTi9+2dmdmHUnwxZ7Ws5QCNKebumUG3MMXXo\r\nEKxE5SNSNKyMSSYmliS26cdl8fWrmg9qTxiZQnxjOCrg/CNAolgVIRRfdMUL7i4w\r\naGAyrlJXOxFOuNkqdHX2luccuHFV7aW/dIXQ4MyjiRNl/bWrBQmQlneLLpPdFZlH\r\ncMfGa2/baaNaCbU/GqhNKbO4fKYVaqQWzfUrtqX0+bRv2wmOq33ARy9KE23bYTvL\r\nU4E9x9z87LsLXGAdjUi6MDe5g87DcmwIEigfF6/EHbDYa/2VvSdIa74XRv/JCN1+\r\naftHLotin76h4qV/dCAPf5J/Fr/1KFCM0IphhG7p+7fVTfyy7YDXNBiKCEZzLf8U\r\nTUWLUCgQhobtakqwzQJ5qyF8u63xzVXj8oeTOw6iiY/BLlj9def5LMm/z6ZKGTyC\r\n3c4+Sy5XvBHZoeiwdcndTVpnFbmmjZRdeqtdW/zX5mHnxXPa3lZiGoBDhHQgIg6J\r\n1tTVtnO1JSLXVYDR6Evx1EH10Vgkt2wAGTLjljSLwtckoEqc78qMAT1G5U4nFffI\r\n+gGm5FbAxjxElgA/gbaq\r\n=KLda\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2015-07-05T00:00:00", "published": "2015-07-05T00:00:00", "id": "SECURITYVULNS:DOC:32267", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32267", "title": "APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:01", "bulletinFamily": "software", "cvelist": ["CVE-2015-4000", "CVE-2015-3699", "CVE-2015-3693", "CVE-2015-1157", "CVE-2015-0235", "CVE-2015-3666", "CVE-2015-3686", "CVE-2015-3697", "CVE-2015-3672", "CVE-2015-3716", "CVE-2015-3711", "CVE-2015-3712", "CVE-2015-3717", "CVE-2015-3688", "CVE-2015-3691", "CVE-2015-3706", "CVE-2015-0286", "CVE-2015-3682", "CVE-2015-3720", "CVE-2015-3677", "CVE-2014-8127", "CVE-2015-3702", "CVE-2015-3694", "CVE-2015-3687", "CVE-2014-8141", "CVE-2015-0288", "CVE-2015-1799", "CVE-2015-3721", "CVE-2015-3707", "CVE-2015-0273", "CVE-2015-3675", "CVE-2015-3689", "CVE-2015-3704", "CVE-2015-3680", "CVE-2013-1741", "CVE-2014-8140", "CVE-2015-3676", "CVE-2015-3696", "CVE-2015-3698", "CVE-2015-3692", "CVE-2015-3690", "CVE-2015-3673", "CVE-2014-8130", "CVE-2015-0293", "CVE-2015-3700", "CVE-2015-3703", "CVE-2015-3681", "CVE-2015-0209", "CVE-2015-3662", "CVE-2015-3719", "CVE-2015-3714", "CVE-2015-3667", "CVE-2015-3668", "CVE-2015-3709", "CVE-2015-3661", "CVE-2015-3683", "CVE-2014-8128", "CVE-2015-3663", "CVE-2014-8129", "CVE-2015-0287", "CVE-2015-1798", "CVE-2015-0289", "CVE-2015-3674", "CVE-2015-3710", "CVE-2015-3713", "CVE-2015-3701", "CVE-2015-3705", "CVE-2015-3678", "CVE-2015-3718", "CVE-2014-8139", "CVE-2015-3695", "CVE-2015-3685", "CVE-2015-3671", "CVE-2015-3684", "CVE-2015-3679", "CVE-2015-3708", "CVE-2015-3715"], "description": "Privilege escalation, information disclosure, multiple memory corruptions.", "edition": 1, "modified": "2015-07-05T00:00:00", "published": "2015-07-05T00:00:00", "id": "SECURITYVULNS:VULN:14562", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14562", "title": "Apple Mac OS X / EFI multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2020-02-06T14:58:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8141", "CVE-2014-8140", "CVE-2014-8139"], "description": "\noCERT reports:\n\nThe UnZip tool is an open source extraction utility for archives\n\t compressed in the zip format.\nThe unzip command line tool is affected by heap-based buffer\n\t overflows within the CRC32 verification, the test_compr_eb() and\n\t the getZip64Data() functions. The input errors may result in\n\t arbitrary code execution.\nA specially crafted zip file, passed to unzip -t, can be used to\n\t trigger the vulnerability.\n\n", "edition": 5, "modified": "2014-12-03T00:00:00", "published": "2014-12-03T00:00:00", "id": "D9360908-9D52-11E4-87FD-10BF48E1088E", "href": "https://vuxml.freebsd.org/freebsd/d9360908-9d52-11e4-87fd-10bf48e1088e.html", "title": "unzip -- input sanitization errors", "type": "freebsd", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:20", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9636"], "description": "\nUbuntu Security Notice USN-2489-1 reports:\n\nMichal Zalewski discovered that unzip incorrectly handled\n\t certain malformed zip archives. If a user or automated system\n\t were tricked into processing a specially crafted zip archive,\n\t an attacker could possibly execute arbitrary code.\n\n", "edition": 4, "modified": "2014-11-02T00:00:00", "published": "2014-11-02T00:00:00", "id": "E543C6F8-ABF2-11E4-8AC7-D050992ECDE8", "href": "https://vuxml.freebsd.org/freebsd/e543c6f8-abf2-11e4-8ac7-d050992ecde8.html", "title": "unzip -- out of boundary access issues in test_compr_eb", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2020-02-06T14:48:13", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8141", "CVE-2014-8140", "CVE-2014-8139"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3113-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nDecember 28, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : unzip\nCVE ID : CVE-2014-8139 CVE-2014-8140 CVE-2014-8141\nDebian Bug : 773722\n\nMichele Spagnuolo of the Google Security Team discovered that unzip, an\nextraction utility for archives compressed in .zip format, is affected\nby heap-based buffer overflows within the CRC32 verification function\n(CVE-2014-8139), the test_compr_eb() function (CVE-2014-8140) and the\ngetZip64Data() function (CVE-2014-8141), which may lead to the execution\nof arbitrary code.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 6.0-8+deb7u1.\n\nFor the upcoming stable distribution (jessie), these problems will be\nfixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 6.0-13.\n\nWe recommend that you upgrade your unzip packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2014-12-28T08:06:02", "published": "2014-12-28T08:06:02", "id": "DEBIAN:DSA-3113-1:395FC", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00304.html", "title": "[SECURITY] [DSA 3113-1] unzip security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-12T00:58:18", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8141", "CVE-2014-8140", "CVE-2014-8139"], "description": "Package : unzip\nVersion : 6.0-4+deb6u1\nCVE ID : CVE-2014-8139 CVE-2014-8140 CVE-2014-8141\nDebian Bug : 773722\n\nMichele Spagnuolo of the Google Security Team discovered that unzip, an\nextraction utility for archives compressed in .zip format, is affected\nby heap-based buffer overflows within the CRC32 verification function\n(CVE-2014-8139), the test_compr_eb() function (CVE-2014-8140) and the\ngetZip64Data() function (CVE-2014-8141), which may lead to the execution\nof arbitrary code.\n", "edition": 7, "modified": "2014-12-28T19:15:35", "published": "2014-12-28T19:15:35", "id": "DEBIAN:DLA-124-1:6E749", "href": "https://lists.debian.org/debian-lts-announce/2014/debian-lts-announce-201412/msg00026.html", "title": "[SECURITY] [DLA 124-1] unzip security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-06T14:32:21", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9636", "CVE-2014-8139"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3152-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nFebruary 03, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : unzip\nCVE ID : CVE-2014-9636\nDebian Bug : 776589\n\nA flaw was found in the test_compr_eb() function allowing out-of-bounds\nread and write access to memory locations. By carefully crafting a\ncorrupt ZIP archive an attacker can trigger a heap overflow, resulting\nin application crash or possibly having other unspecified impact.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 6.0-8+deb7u2. Additionally this update corrects a defective\npatch applied to address CVE-2014-8139, which caused a regression with\nexecutable jar files.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 6.0-15. The defective patch applied to address CVE-2014-8139 was\ncorrected in version 6.0-16.\n\nWe recommend that you upgrade your unzip packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2015-02-03T15:04:56", "published": "2015-02-03T15:04:56", "id": "DEBIAN:DSA-3152-1:1C202", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00035.html", "title": "[SECURITY] [DSA 3152-1] unzip security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-12T01:00:44", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9636", "CVE-2014-8139"], "description": "Package : unzip\nVersion : 6.0-4+deb6u2\nCVE ID : CVE-2014-8139 CVE-2014-9636\nDebian Bug : 775640 776589\n\nA flaw was found in the test_compr_eb() function allowing out-of-bounds\nread and write access to memory locations. By carefully crafting a\ncorrupt ZIP archive an attacker can trigger a heap overflow, resulting\nin application crash or possibly having other unspecified impact.\n\nAdditionally this update corrects a defective patch applied to address \nCVE-2014-8139, which caused a regression with executable jar files.\n\n", "edition": 9, "modified": "2015-02-07T14:00:36", "published": "2015-02-07T14:00:36", "id": "DEBIAN:DLA-150-1:8D190", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201502/msg00003.html", "title": "[SECURITY] [DLA 150-1] unzip security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:38", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8141", "CVE-2014-8140", "CVE-2014-8139"], "description": "- CVE-2014-8139 (heap buffer overflow)\nA heap-based buffer overflow exists in the CRC32 verification that\nallows attackers to potentially execute arbitrary code or cause a denial\nof service (memory corruption).\n\n- CVE-2014-8140 (out-of-bounds read/write)\nOut-of-bounds access (both read and write) issues exist in\ntest_compr_eb() that can result in application crash or arbitrary code\nexecution.\n\n- CVE-2014-8141 (out-of-bounds read)\nTwo out-of-bounds read issues exist in getZip64Data() that allows\nattackers to cause a denial of service.", "modified": "2015-01-10T00:00:00", "published": "2015-01-10T00:00:00", "id": "ASA-201501-3", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-January/000199.html", "type": "archlinux", "title": "unzip: arbitrary code execution", "cvss": {"score": 3.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:UNKNOWN/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-02T18:44:38", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9636"], "description": "A buffer overflow (out-of-bounds read or write) in test_compr_eb() in\nextract.c was found in the way unzip handled an extra field with an\nuncompressed size smaller than the compressed field size in a zip\narchive that advertises STORED method compression. A specially crafted\nZip archive could cause unzip to crash or, possibly, execute arbitrary code.", "modified": "2015-03-15T00:00:00", "published": "2015-03-15T00:00:00", "id": "ASA-201503-9", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-March/000250.html", "type": "archlinux", "title": "unzip: arbitrary code execution", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2020-07-02T11:40:24", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8141", "CVE-2014-8140", "CVE-2014-8139"], "description": "Wolfgang Ettlinger discovered that unzip incorrectly handled certain \nmalformed zip archives. If a user or automated system were tricked into \nprocessing a specially crafted zip archive, an attacker could possibly \nexecute arbitrary code.", "edition": 6, "modified": "2015-01-14T00:00:00", "published": "2015-01-14T00:00:00", "id": "USN-2472-1", "href": "https://ubuntu.com/security/notices/USN-2472-1", "title": "unzip vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-02T11:45:19", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9636"], "description": "Michal Zalewski discovered that unzip incorrectly handled certain \nmalformed zip archives. If a user or automated system were tricked into \nprocessing a specially crafted zip archive, an attacker could possibly \nexecute arbitrary code.", "edition": 5, "modified": "2015-02-03T00:00:00", "published": "2015-02-03T00:00:00", "id": "USN-2489-1", "href": "https://ubuntu.com/security/notices/USN-2489-1", "title": "unzip vulnerability", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "slackware": [{"lastseen": "2020-10-25T16:36:17", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8139", "CVE-2014-8140", "CVE-2014-8141", "CVE-2016-9844", "CVE-2018-1000035", "CVE-2018-18384"], "description": "New infozip packages are available for Slackware 14.0, 14.1, 14.2, and -current\nto fix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/infozip-6.0-i586-4_slack14.2.txz: Rebuilt.\n Added some patches that should fix extracting archives with non-latin\n characters in the filenames. Thanks to saahriktu.\n This update also fixes various security issues in zip and unzip.\n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8139\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8140\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8141\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9844\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18384\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000035\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/infozip-6.0-i486-2_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/infozip-6.0-x86_64-2_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/infozip-6.0-i486-4_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/infozip-6.0-x86_64-4_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/infozip-6.0-i586-4_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/infozip-6.0-x86_64-4_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/infozip-6.0-i586-5.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/infozip-6.0-x86_64-5.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\n004d16da6ecb62eeae7d68313abac08c infozip-6.0-i486-2_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n3985ddc5de60621e481121d33871e093 infozip-6.0-x86_64-2_slack14.0.txz\n\nSlackware 14.1 package:\n0185f2a6c53317e58040a05a84b2f4cc infozip-6.0-i486-4_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n37c2682c08bf1ed5390ac31d02e97d98 infozip-6.0-x86_64-4_slack14.1.txz\n\nSlackware 14.2 package:\nb71c38eb5a09dee8c0e51bbc0e4b6d85 infozip-6.0-i586-4_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n0d7239ab3d27aab1935ce6e16583ecfd infozip-6.0-x86_64-4_slack14.2.txz\n\nSlackware -current package:\n72e1c36d80be26a77fc1938b17f59538 a/infozip-6.0-i586-5.txz\n\nSlackware x86_64 -current package:\n4111b0985a0909907d2a13e99abb5ccd a/infozip-6.0-x86_64-5.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg infozip-6.0-i586-4_slack14.2.txz", "modified": "2019-03-01T20:58:06", "published": "2019-03-01T20:58:06", "id": "SSA-2019-060-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.453326", "type": "slackware", "title": "[slackware-security] infozip", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2018-07-07T05:24:42", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000035", "CVE-2014-9636"], "description": "This update for unzip fixes the following issues:\n\n - CVE-2014-9636: Prevent denial of service (out-of-bounds read or write\n and crash) via an extra field with an uncompressed size smaller than the\n compressed field size in a zip archive that advertises STORED method\n compression (bsc#914442)\n - CVE-2018-1000035: Prevent heap-based buffer overflow in the processing\n of password-protected archives that allowed an attacker to perform a\n denial of service or to possibly achieve code execution (bsc#1080074)\n\n This non-security issue was fixed:\n\n +- Allow processing of Windows zip64 archives (Windows archivers set\n total_disks field to 0 but per standard, valid values are 1 and higher)\n (bnc#910683)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2018-07-07T03:08:17", "published": "2018-07-07T03:08:17", "id": "OPENSUSE-SU-2018:1914-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00013.html", "title": "Security update for unzip (moderate)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-05T22:29:19", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000035", "CVE-2014-9913", "CVE-2016-9844", "CVE-2014-9636", "CVE-2015-7696", "CVE-2015-7697"], "description": "This update for unzip fixes the following security issues:\n\n - CVE-2014-9913: Specially crafted zip files could trigger invalid memory\n writes possibly resulting in DoS or corruption (bsc#1013993)\n - CVE-2015-7696: Specially crafted zip files with password protection\n could trigger a crash and lead to denial of service (bsc#950110)\n - CVE-2015-7697: Specially crafted zip files could trigger an endless loop\n and lead to denial of service (bsc#950111)\n - CVE-2016-9844: Specially crafted zip files could trigger invalid memory\n writes possibly resulting in DoS or corruption (bsc#1013992)\n - CVE-2018-1000035: Prevent heap-based buffer overflow in the processing\n of password-protected archives that allowed an attacker to perform a\n denial of service or to possibly achieve code execution (bsc#1080074).\n - CVE-2014-9636: Prevent denial of service (out-of-bounds read or write\n and crash) via an extra field with an uncompressed size smaller than the\n compressed field size in a zip archive that advertises STORED method\n compression (bsc#914442).\n\n This non-security issue was fixed:\n\n - Allow processing of Windows zip64 archives (Windows archivers set\n total_disks field to 0 but per standard, valid values are 1 and higher)\n (bnc#910683)\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "edition": 1, "modified": "2018-10-05T21:18:21", "published": "2018-10-05T21:18:21", "id": "OPENSUSE-SU-2018:3043-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00013.html", "title": "Security update for unzip (moderate)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}