OpenPKG Security Advisory
OpenPKG-SA-2005.010
Publisher Name: OpenPKG GmbH Publisher Home: http://openpkg.com/ Advisory Id (public): OpenPKG-SA-2005.010 Advisory Type: OpenPKG Security Advisory (SA) Advisory Directory: http://openpkg.com/go/OpenPKG-SA Advisory Document: http://openpkg.com/go/OpenPKG-SA-2005.010 Advisory Published: 2008-08-07 21:55 UTC Issue Id (internal): OpenPKG-SI-20050610.04 Issue First Created: 2005-06-10 Issue Last Modified: 2006-11-28 Issue Revision: 06
Subject Name: OpenPKG Subject Summary: OpenPKG Bootstrap Subject Home: http://www.openpkg.org/ Subject Versions: * <= 20050609 Vulnerability Id: CVE-2005-1228, CVE-2005-0953, CVE-2005-1260 Vulnerability Scope: global (not OpenPKG specific) Attack Feasibility: run-time Attack Vector: Attack Impact: manipulation of data Description: The vulnerabilities described by this text affect the OpenPKG bootstrap package's GZip and BZip2 embedded software. Similar advisories [0][1] describe the same vulnerabilities, although in context of the particular vendor software. According to a Debian bug report [2], Ulf Harnhammar discovered an input validation error in the GZip data compressor [3]. Because gzip(1) fails to properly validate file paths during decompression with the "-N" argument, a remote attacker using a malicious archive could corrupt arbitrary files with the privileges of the user that is running gzip(1). CVE-2005-1228 According to a BugTraq posting [5], Imran Ghory discovered a time of check time of use (TOCTOU) file mode vulnerability in the BZip2 data compressor [6]. Because bzip2(1) does not safely restore the mode of a file undergoing compression or decompression, a malicious user can potentially change the mode of any file belonging to the user running bzip2(1). CVE-2005-0953 In a unrelated BZip2 problem, a denial of service vulnerability was found in both the bzip2(1) program and its associated library libbz2(3). Specially crafted BZip2 archives lead to an infinite loop in the decompressor which results in an indefinitively large output file. This could be exploited to cause disk space exhaustion. CVE-2005-1260 References: [0] http://www.openpkg.org/security/OpenPKG-SA-2005.008-bzip2.html [1] http://www.openpkg.org/security/OpenPKG-SA-2005.009-gzip.html [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=305255 [3] http://www.gzip.org/ [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1228 [5] http://marc.theaimsgroup.com/?l=bugtraq&m=111229375217633 [6] http://sources.redhat.com/bzip2/ [7] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0953 [8] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1260 [9] http://www.openpkg.org/tutorial.html#regular-source [10] http://www.openpkg.org/tutorial.html#regular-binary [11] ftp://ftp.openpkg.org/release/2.3/UPD/openpkg-2.3.2-2.3.2.src.rpm [12] ftp://ftp.openpkg.org/release/2.2/UPD/openpkg-2.2.3-2.2.3.src.rpm [13] ftp://ftp.openpkg.org/release/2.3/UPD/ [14] ftp://ftp.openpkg.org/release/2.2/UPD/ [15] http://www.openpkg.org/security.html#signature
Primary Package Name: openpkg Primary Package Home: http://openpkg.org/go/package/openpkg Affected Distribution: Affected Branch: Affected Package: OpenPKG Community 2.2-SOLID openpkg-2.2.2-2.2.2 OpenPKG Community 2.3-SOLID openpkg-2.3.1-2.3.1 OpenPKG Community CURRENT openpkg-20050609-20050609 Corrected Distribution: Corrected Branch: Corrected Package: OpenPKG Community 2.2-SOLID openpkg-2.2.3-2.2.3 OpenPKG Community 2.3-SOLID openpkg-2.3.2-2.3.2 OpenPKG Community CURRENT openpkg-20050610-20050610
