CLD-426 Details
Other IDs this deficiency may be known by:
Basic Information:
| Affected Package(s) |
p7zip |
| Deficiency Type |
SECURITY |
| Date Created |
2018-06-10 10:20:51 |
| Date Last Modified |
2018-06-10 10:57:38 |
Version Specific Information:
| Cucumber 1.0 i686 | fixed in p7zip-16.02-i686-4 |
| Cucumber 1.0 x86_64 | fixed in p7zip-16.02-x86_64-4 |
| Cucumber 1.1 i686 |
fixed in p7zip-16.02-i686-4 |
| Cucumber 1.1 x86_64 |
fixed in p7zip-16.02-x86_64-4 |
Details:
=================================== Overview ===================================
Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before
can lead to usage of uninitialized memory, allowing remote attackers to cause a
denial of service (segmentation fault) or execute arbitrary code via a crafted
RAR archive.
================================ Initial Report ================================
From
https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/:
May 1, 2018
7-Zip: From Uninitialized Memory to Remote Code Execution
After my previous post on the 7-Zip bugs CVE-2017-17969 and CVE-2018-5996, I
continued to spend time on analyzing antivirus software. As it happens, I found
a new bug that (as the last two bugs) turned out to affect 7-Zip as well. Since
the antivirus vendor has not yet published a patch, I will add the name of the
affected product in an update to this post as soon as this happens.
UPDATE (2018-06-05): The antivirus vendor I was talking about was F-Secure.
See the full report at
https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/.
================================= Our Analysis =================================
----- Affected Products -----
Versions of p7zip prior to 18.05 that have not had the "patch" from
https://landave.io/files/patch_7zip_CVE-2018-10115.txt applied are vulnerable.
This includes p7zip as originally packaged in Cucumber Linux 1.0 and 1.1.
----- Scope and Impact of this Vulnerability -----
Allows for arbitrary code execution when extracting a maliciously crafted RAR
archive.
----- Fix for this Vulnerability -----
This vulnerability can be fixed by upgrading to p7zip 18.05 or later or by
applying the "patch" from
https://landave.io/files/patch_7zip_CVE-2018-10115.txt. Fortunately, the Arch
Linux project has provided a proper patch at
https://git.archlinux.org/svntogit/packages.git/plain/trunk/CVE-2018-10115.patch?h=packages/p7zip.
================================= Our Solution =================================
We have applied the patch from
https://git.archlinux.org/svntogit/packages.git/plain/trunk/CVE-2018-10115.patch?h=packages/p7zip
and rebuilt p7zip.