Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2010-0001: integer underflow

Related Vulnerabilities: CVE-2010-0001  

Source

Debian Bug report logs - #566002
CVE-2010-0001: integer underflow

version graph

Package: gzip; Maintainer for gzip is Bdale Garbee <bdale@gag.com>; Source for gzip is src:gzip (PTS, buildd, popcon).

Reported by: Steffen Joeris <steffen.joeris@skolelinux.de>

Date: Wed, 20 Jan 2010 14:57:01 UTC

Severity: grave

Tags: patch, security

Found in version gzip/1.3.12-8

Fixed in version 1.3.12-9

Done: Nick Andrik <nick.andrik@gmail.com>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Bdale Garbee <bdale@gag.com>:
Bug#566002; Package gzip. (Wed, 20 Jan 2010 14:57:04 GMT) (full text, mbox, link).

Acknowledgement sent to Steffen Joeris <steffen.joeris@skolelinux.de>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Bdale Garbee <bdale@gag.com>. (Wed, 20 Jan 2010 14:57:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Steffen Joeris <steffen.joeris@skolelinux.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2010-0001: integer underflow
Date: Wed, 20 Jan 2010 15:52:57 +0100
Package: gzip
Version: 1.3.12-8
Severity: grave
Tags: security patch

Hi Bdale, Carl

Carl, I saw too late that you're a new co-maintainer so I only
forwarded the pre-notification to Bdale (who is probably busy at LCA).
i
the following CVE (Common Vulnerabilities & Exposures) id was
published for gzip and is still open for unstable/testing.

CVE-2010-0001[0] (from the DSA text):
Aki Helin discovered an integer underflow when decompressing files that
are compressed using the LZW algorithm. This could lead to the execution
of arbitrary code when trying to decompress a crafted LZW compressed
gzip archive.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

I am available for NMU/sponsoring, in case you're still busy, just drop
me a line, please.

Cheers
Steffen

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0001
    http://security-tracker.debian.org/tracker/CVE-2010-0001

patch:
--- gzip-1.3.12.orig/unlzw.c
+++ gzip-1.3.12/unlzw.c
@@ -248,7 +248,8 @@
        int  o;

     resetbuf:
-       e = insize-(o = (posbits>>3));
+       o = posbits >> 3;
+       e = o <= insize ? insize - o : 0;

        for (i = 0 ; i < e ; ++i) {
            inbuf[i] = inbuf[i+o];

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#566002; Package gzip. (Wed, 20 Jan 2010 18:36:03 GMT) (full text, mbox, link).

Acknowledgement sent to Bdale Garbee <bdale@gag.com>:
Extra info received and forwarded to list. (Wed, 20 Jan 2010 18:36:03 GMT) (full text, mbox, link).

Message #10 received at 566002@bugs.debian.org (full text, mbox, reply):

From: Bdale Garbee <bdale@gag.com>
To: Steffen Joeris <steffen.joeris@skolelinux.de>, 566002@bugs.debian.org
Subject: Re: Bug#566002: CVE-2010-0001: integer underflow
Date: Thu, 21 Jan 2010 07:33:25 +1300
[Message part 1 (text/plain, inline)]
On Wed, 20 Jan 2010 15:52:57 +0100, Steffen Joeris <steffen.joeris@skolelinux.de> wrote:
> Carl, I saw too late that you're a new co-maintainer so I only
> forwarded the pre-notification to Bdale (who is probably busy at LCA).

Carl and I are both at LCA, I'm done with my talk now and he isn't yet, so
I'm on this and will make an upload shortly.  Thanks!

Bdale

[Message part 2 (application/pgp-signature, inline)]

Reply sent to Nick Andrik <nick.andrik@gmail.com>:
You have taken responsibility. (Sun, 24 Jan 2010 13:06:16 GMT) (full text, mbox, link).

Notification sent to Steffen Joeris <steffen.joeris@skolelinux.de>:
Bug acknowledged by developer. (Sun, 24 Jan 2010 13:06:16 GMT) (full text, mbox, link).

Message #15 received at 566002-done@bugs.debian.org (full text, mbox, reply):

From: Nick Andrik <nick.andrik@gmail.com>
To: 566002-done@bugs.debian.org
Subject: Re: Bug#566002: CVE-2010-0001: integer underflow
Date: Sun, 24 Jan 2010 13:03:39 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Version: 1.3.12-9

This bug was fixed in the package but the bug number was not mentioned
in the changelog.


- --
=Do-
N.AND


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAktcNxsACgkQrdZ2oYS0I7Iu/wCfeMSVZJUP0sCY8RXZWwMbtN8G
yT4AoMGPgaBKRrkcYk5gG9zOZoVRzsYf
=MhuY
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 22 Feb 2010 07:27:29 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 17:52:00 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started