(Sun Issues Fix) Bzip2 Bug Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1020868 |
|
SecurityTracker URL: http://securitytracker.com/id/1020868
|
|
CVE Reference:
CVE-2008-1372
(Links to External Site)
|
Date: Sep 15 2008
|
Impact:
Denial of service via network, Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 1.0.5
|
Description:
A vulnerability was reported in Bzip2. A remote user can cause denial of service conditions.
A remote user can create a specially crafted archive that, when processed by the target application using bzip, will trigger a memory access error and cause the application to crash.
The vulnerability was reported by the University of Oulu and CERT-FI in March 2008.
The original advisory is available at:
http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
|
Impact:
A remote user can cause the target application to crash.
|
Solution:
Sun has issued a fix.
SPARC Platform
* Solaris 8 with patch 138441-01 or later
* Solaris 9 with patch 114586-03 or later
* Solaris 10 with patch 126868-02 or later
* OpenSolaris based upon build snv_89 or later
x86 Platform
* Solaris 8 with patch 138442-01 or later
* Solaris 9 with patch 114587-03 or later
* Solaris 10 with patch 126869-03 or later
* OpenSolaris based upon build snv_89 or later
The Sun advisory is available at:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-241786-1
|
Vendor URL: www.bzip.org/ (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
UNIX (Solaris - SunOS)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Sun, 14 Sep 2008 21:40:20 -0400
Subject: http://sunsolve.sun.com/search/document.do?assetkey=1-66-241786-1
|
CVE-2008-1372
|
|
