Bug 950110 (CVE-2015-7696) - VUL-1: CVE-2015-7696: unzip: heap overflow triggered by unzipping a file with password
Summary: VUL-1: CVE-2015-7696: unzip: heap overflow triggered by unzipping a file with...
Status: RESOLVED FIXED
Alias: CVE-2015-7696
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Minor
Target Milestone: ---
Deadline: 2016-11-30
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/157608/
Whiteboard: CVSSv2:RedHat:CVE-2015-7697:6.0:(AV:N...
Keywords:
Depends on:
Blocks:
 
Reported: 2015-10-13 09:06 UTC by Andreas Stieger
Modified: 2018-12-16 15:41 UTC (History)
6 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
reproducer zip (720 bytes, application/zip)
2015-10-13 09:06 UTC, Andreas Stieger 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2015-10-13 09:06:00 UTC 
Created attachment 651300 [details]
reproducer zip

via oss-sec: http://seclists.org/oss-sec/2015/q4/63

    * A heap overflow triggered by unzipping a file with password (e.g unzip -p
    -P x sigsegv.zip)


    AddressSanitizer: heap-buffer-overflow on address 0xb5202104 at pc 0x80500c0 bp 0xbfffedb8 sp 0xbfffedac
    READ of size 1


Use CVE-2015-7696 for this buffer over-read issue.


References:
https://bugzilla.redhat.com/show_bug.cgi?id=1260944
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7696
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7696
Comment 1 Swamp Workflow Management 2015-10-13 22:00:15 UTC 
bugbot adjusting priority
Comment 2 Marcus Meissner 2015-11-06 13:28:39 UTC 
unzip -v sigsegv.zip 

triggers fortify

unpacking does not trigger the fortify though, it crashes.
Comment 3 Josef Möllers 2016-10-11 12:56:15 UTC 
Taking over from Philipp.
Comment 4 Josef Möllers 2016-10-12 07:45:49 UTC 
request id 434456
Comment 6 Josef Möllers 2016-10-12 13:38:43 UTC 
SUSE_SLE-12_Update: request ID 122682
SUSE_SLE-11-SP2_Update: request ID 122684
openSUSE_13.2_Update: request ID 434562
Comment 9 Josef Möllers 2016-10-13 09:06:40 UTC 
SUSE_SLE-11-SP1_Update: request id 122727
SUSE_SLE-10-SP3_Update: created request id 122728
Comment 10 Swamp Workflow Management 2016-10-13 18:11:10 UTC 
openSUSE-SU-2016:2529-1: An update that fixes two vulnerabilities is now available.

Category: security (low)
Bug References: 950110,950111
CVE References: CVE-2015-7696,CVE-2015-7697
Sources used:
openSUSE 13.2 (src):    unzip-6.00-26.7.1, unzip-rcc-6.00-26.7.1
Comment 11 Swamp Workflow Management 2016-11-02 08:01:55 UTC 
An update workflow for this issue was started.
This issue was rated as low.
Please submit fixed packages until 2016-11-30.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/63172
Comment 12 Swamp Workflow Management 2017-03-09 08:10:01 UTC 
SUSE-SU-2017:0639-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1013992,1013993,950110,950111
CVE References: CVE-2014-9913,CVE-2015-7696,CVE-2015-7697,CVE-2016-9844
Sources used:
SUSE Linux Enterprise Server 11-SP4 (src):    unzip-6.00-11.17.1
Comment 13 Johannes Segitz 2017-08-15 09:59:17 UTC 
fixed
Comment 15 Swamp Workflow Management 2018-10-02 19:16:46 UTC 
SUSE-SU-2018:2978-1: An update that solves 6 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1013992,1013993,1080074,910683,914442,950110,950111
CVE References: CVE-2014-9636,CVE-2014-9913,CVE-2015-7696,CVE-2015-7697,CVE-2016-9844,CVE-2018-1000035
Sources used:
SUSE Linux Enterprise Server 12-SP3 (src):    unzip-6.00-33.8.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    unzip-6.00-33.8.1
Comment 16 Swamp Workflow Management 2018-10-05 19:19:26 UTC 
openSUSE-SU-2018:3043-1: An update that solves 6 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1013992,1013993,1080074,910683,914442,950110,950111
CVE References: CVE-2014-9636,CVE-2014-9913,CVE-2015-7696,CVE-2015-7697,CVE-2016-9844,CVE-2018-1000035
Sources used:
openSUSE Leap 42.3 (src):    unzip-6.00-31.3.1, unzip-rcc-6.00-31.3.1