FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-1372

This CVE name corresponds to:

Entered Topic
2008-03-20 bzip2 -- crash with certain malformed archive files

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-1372 at cve.mitre.org

Details

Type Candidate
Name CVE-2008-1372
Phase Assigned(20080318)

Description

bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.

References

Source Reference
BUGTRAQ 20081203 VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2
BUGTRAQ 20080321 rPSA-2008-0118-1 bzip2
MISC http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
MISC http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/
CONFIRM https://bugs.gentoo.org/attachment.cgi?id=146488&action=view
CONFIRM http://www.bzip.org/CHANGES
CONFIRM http://www.ipcop.org/index.php?name=News&file=article&sid=40
CONFIRM http://kb.vmware.com/kb/1006982
CONFIRM http://kb.vmware.com/kb/1007198
CONFIRM http://kb.vmware.com/kb/1007504
CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0118
CONFIRM http://support.apple.com/kb/HT3757
APPLE APPLE-SA-2009-08-05-1
FEDORA FEDORA-2008-2970
FEDORA FEDORA-2008-3037
GENTOO GLSA-200804-02
GENTOO GLSA-200903-40
MANDRIVA MDVSA-2008:075
NETBSD NetBSD-SA2008-004
REDHAT RHSA-2008:0893
SLACKWARE SSA:2008-098-02
SUNALERT 241786
SUSE SUSE-SR:2008:011
UBUNTU USN-590-1
CERT TA09-218A
CERT-VN VU#813451
BID 28286
OVAL oval:org.mitre.oval:def:10067
OVAL oval:org.mitre.oval:def:6467
SECUNIA 29497
SECUNIA 36096
VUPEN ADV-2008-0915
VUPEN ADV-2008-2557
SECTRACK 1020867
SECUNIA 29475
SECUNIA 29410
SECUNIA 29506
SECUNIA 29677
SECUNIA 29698
SECUNIA 29656
SECUNIA 29940
SECUNIA 31204
SECUNIA 31869
SECUNIA 31878
VUPEN ADV-2009-2172
XF bzip2-archives-code-execution(41249)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.