Australia's Leading Computer Emergency Response Team

exZIPit A - A malformed archive
Date: 19 March 2008
Original URL: http://www.auscert.org.au/render.html?cid=7066&it=8994


Greetings,

This week brought some very interesting vulnerabilities to light thanks to the
research conducted by the University of Oulu in regards to the handling of
specially crafted archive files. The research found a large number of software
packages did not correctly parse these archive formats and could result in the
execution of arbitrary code or a denial of service. Within sheer hours of the
vulnerability becoming public we saw corrected packages from a number of
vendors:

ESB-2008.0280 - Archive handling vulnerabilities in multiple F-Secure products
ESB-2008.0282 - New unzip packages fix potential code execution (Debian)
ESB-2008.0289 - Moderate: unzip security update (Red Hat)

For a full list of packages tested and corrected please see the article
published by CERT-FI (Finland CERT).

If you are running any sort of archiving application we highly recommend looking
for updated packages or taking countermeasures to protect yourself from these
vulnerabilities. Affected software can include firewall and anti-virus products,
archiving software and even internet browsers.

As always be very cautious when opening attachments containing zip formats. This
vulnerability is publicly known, and we often see exploits surface in the days
after this happens.

Regards,

Paul