Veracode Vulnerability DatabaseVERACODE:24188Arbitrary Code Execution
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
bzip2 is vulnerable to arbitrary code execution. The vulnerability exists as an integer overflow flaw was discovered in the bzip2 decompression routine. This issue could, when decompressing malformed archives, cause bzip2, or an application linked against the libbz2 library, to crash or, potentially, execute arbitrary code.
| CPE | Name | Operator | Version |
|---|---|---|---|
| bzip2 | eq | 1.0.3__4.el5_2 | |
| bzip2 | eq | 1.0.2__14.el4_7 | |
| bzip2 | eq | 1.0.5__6.1.el6 | |
| bzip2 | eq | 1.0.3__4.el5_2 | |
| bzip2 | eq | 1.0.2__14.el4_7 | |
| bzip2 | eq | 1.0.5__6.1.el6 |
References
blogs.sun.com/security/entry/cve_2010_0405_integer_overflow
git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.96.3
lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
lists.fedoraproject.org/pipermail/package-announce/2010-November/051278.html
lists.fedoraproject.org/pipermail/package-announce/2010-November/051366.html
lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html
marc.info/?l=oss-security&m=128506868510655&w=2
secunia.com/advisories/41452
secunia.com/advisories/41505
secunia.com/advisories/42350
secunia.com/advisories/42404
secunia.com/advisories/42405
secunia.com/advisories/42529
secunia.com/advisories/42530
secunia.com/advisories/48378
security.gentoo.org/glsa/glsa-201301-05.xml
support.apple.com/kb/HT4581
www.bzip.org/
www.redhat.com/security/updates/classification/#important
www.redhat.com/support/errata/RHSA-2010-0703.html
www.redhat.com/support/errata/RHSA-2010-0858.html
www.securityfocus.com/archive/1/515055/100/0/threaded
www.ubuntu.com/usn/usn-986-1
www.ubuntu.com/usn/USN-986-2
www.ubuntu.com/usn/USN-986-3
www.vmware.com/security/advisories/VMSA-2010-0019.html
www.vupen.com/english/advisories/2010/2455
www.vupen.com/english/advisories/2010/3043
www.vupen.com/english/advisories/2010/3052
www.vupen.com/english/advisories/2010/3073
www.vupen.com/english/advisories/2010/3126
www.vupen.com/english/advisories/2010/3127
xorl.wordpress.com/2010/09/21/cve-2010-0405-bzip2-integer-overflow/
access.redhat.com/errata/RHSA-2010:0703
bugzilla.redhat.com/show_bug.cgi?id=627882
wwws.clamav.net/bugzilla/show_bug.cgi?id=2230
wwws.clamav.net/bugzilla/show_bug.cgi?id=2231
Related
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P