CVE-2010-0405
published 2010-09-28CVE-2010-0405: Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of…
PriorityP427medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EPSS
3.30%
87.0th percentile
Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.
Affected
38 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bzip | bzip2 | <= 1.0.5 | — |
| bzip | bzip2 | — | — |
| bzip | bzip2 | — | — |
| bzip | bzip2 | — | — |
| bzip | bzip2 | — | — |
| bzip | bzip2 | — | — |
| bzip | bzip2 | — | — |
| bzip | bzip2 | — | — |
| bzip | bzip2 | — | — |
| bzip | bzip2 | — | — |
| bzip | bzip2 | — | — |
| bzip | bzip2 | — | — |
| bzip | bzip2 | — | — |
| bzip | bzip2 | — | — |
| bzip | bzip2 | — | — |
| bzip | bzip2 | — | — |
| bzip | bzip2 | — | — |
| bzip | bzip2 | — | — |
| bzip | bzip2 | — | — |
| bzip | bzip2 | — | — |
| bzip | bzip2 | — | — |
| bzip | bzip2 | — | — |
| bzip | bzip2 | >= 0 < 1.0.5-6 | 1.0.5-6 |
| bzip | bzip2 | >= 0 < 1.0.5-6 | 1.0.5-6 |
| bzip | bzip2 | >= 0 < 1.0.5-6 | 1.0.5-6 |
CVSS provenance
nvdv2.05.1MEDIUMAV:N/AC:H/Au:N/C:P/I:P/A:P
osv5.1MEDIUM
vendor_debian5.1MEDIUM
vendor_redhat5.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VMware
VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi and ESX address several security issues
vendor_vmware·2012-03-15·CVSS 7.2
CVE-2010-0405 [HIGH] VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi and ESX address several security issues
VMSA-2012-0005: VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi and ESX address several security issues
a. VMware Tools Display Driver Privilege Escalation The VMware XPDM and WDDM display drivers contain buffer overflow vulnerabilities and the XPDM display driver does not properly check for NULL pointers. Exploitation of these issues may lead to local privilege escalation on Windows-based Guest Operating Systems. VMware would like to thank Tarjei Mandt for reporting theses issues to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2012-1509 (XPDM buffer overrun), CVE-2012-1510 (WDDM buffer overrun) and CVE-2012-1508 (XPDM null pointer dereference) to these issues. Note: CVE-2012-1509 do
Ubuntu
dpkg vulnerability
vendor_ubuntu·2010-09-20
CVE-2010-0405 dpkg vulnerability
Title: dpkg vulnerability
Summary: dpkg could be made to run programs as your login if it opened a specially
crafted file.
USN-986-1 fixed vulnerabilities in bzip2. dpkg statically links against libbz2
and needed to be rebuilt to use the updated libbz2.
Original advisory details:
An integer overflow was discovered in bzip2. If a user or automated system
were tricked into decompressing a crafted bz2 file, an attacker could cause
bzip2 or any application linked against libbz2 to crash or possibly execute
code as the user running the program.
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
ClamAV vulnerability
vendor_ubuntu·2010-09-20
CVE-2010-0405 ClamAV vulnerability
Title: ClamAV vulnerability
Summary: ClamAV could be made to run programs as your login if it opened a specially
crafted file.
USN-986-1 fixed a vulnerability in bzip2. This update provides the
corresponding update for ClamAV.
Original advisory details:
An integer overflow was discovered in bzip2. If a user or automated system
were tricked into decompressing a crafted bz2 file, an attacker could cause
bzip2 or any application linked against libbz2 to crash or possibly execute
code as the user running the program.
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
bzip2 vulnerability
vendor_ubuntu·2010-09-20
CVE-2010-0405 bzip2 vulnerability
Title: bzip2 vulnerability
Summary: bzip2 could be made to run programs as your login if it opened a specially
crafted file.
An integer overflow was discovered in bzip2. If a user or automated system
were tricked into decompressing a crafted bz2 file, an attacker could cause
bzip2 or any application linked against libbz2 to crash or possibly execute
code as the user running the program.
Instructions: In general, a standard system update will make all the necessary changes.
BSD
FreeBSD-SA-10:08.bzip2: Integer overflow in bzip2 decompression
bsd_advisories·2010-09-20·CVSS 5.1
CVE-2010-0405 [MEDIUM] FreeBSD-SA-10:08.bzip2: Integer overflow in bzip2 decompression
FreeBSD-SA-10:08.bzip2 Security Advisory
The FreeBSD Project
Topic: Integer overflow in bzip2 decompression
Category: contrib
Module: bzip2
Announced: 2010-09-20
Credits: Mikolaj Izdebski
Affects: All supported versions of FreeBSD.
Corrected: 2010-09-20 14:58:08 UTC (RELENG_8, 8.1-STABLE)
2010-09-20 14:58:08 UTC (RELENG_8_1, 8.1-RELEASE-p1)
2010-09-20 14:58:08 UTC (RELENG_8_0, 8.0-RELEASE-p5)
2010-09-20 14:58:08 UTC (RELENG_7, 7.3-STABLE)
2010-09-20 14:58:08 UTC (RELENG_7_3, 7.3-RELEASE-p3)
2010-09-20 14:58:08 UTC (RELENG_7_1, 7.1-RELEASE-p14)
2010-09-20 14:58:08 UTC (RELENG_6, 6.4-STABLE)
2010-09-20 14:58:08 UTC (RELENG_6_4, 6.4-RELEASE-p11)
CVE Name: CVE-2010-0405
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branch
Red Hat
bzip2: integer overflow flaw in BZ2_decompress
vendor_redhat·2010-09-20·CVSS 5.1
CVE-2010-0405 [MEDIUM] CWE-190 bzip2: integer overflow flaw in BZ2_decompress
bzip2: integer overflow flaw in BZ2_decompress
Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.
Debian
CVE-2010-0405: bzip2 - Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and lib...
vendor_debian·2010·CVSS 5.1
CVE-2010-0405 [MEDIUM] CVE-2010-0405: bzip2 - Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and lib...
Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.
Scope: local
bookworm: resolved (fixed in 1.0.5-6)
bullseye: resolved (fixed in 1.0.5-6)
forky: resolved (fixed in 1.0.5-6)
sid: resolved (fixed in 1.0.5-6)
trixie: resolved (fixed in 1.0.5-6)
GHSA
GHSA-44gv-7gp8-m9mw: Integer overflow in the BZ2_decompress function in decompress
ghsa_unreviewed·2022-05-02
CVE-2010-0405 [MEDIUM] GHSA-44gv-7gp8-m9mw: Integer overflow in the BZ2_decompress function in decompress
Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.
OSV
CVE-2010-0405: Integer overflow in the BZ2_decompress function in decompress
osv·2010-09-28·CVSS 5.1
CVE-2010-0405 [MEDIUM] CVE-2010-0405: Integer overflow in the BZ2_decompress function in decompress
Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.
Suricata
GPL FTP CWD overflow attempt
suricata·2010-09-23
CVE-1999-0219 GPL FTP CWD overflow attempt
GPL FTP CWD overflow attempt
Rule: alert ftp $EXTERNAL_NET any -> $HOME_NET any (msg:"GPL FTP CWD overflow attempt"; flow:established,to_server; content:"CWD"; nocase; isdataat:100,relative; pcre:"/^CWD\s[^\n]{100}/smi"; reference:bugtraq,11069; reference:bugtraq,1227; reference:bugtraq,1690; reference:bugtraq,6869; reference:bugtraq,7251; reference:bugtraq,7950; reference:cve,1999-0219; reference:cve,1999-1058; reference:cve,1999-1510; reference:cve,2000-1035; reference:cve,2000-1194; reference:cve,2001-0781; reference:cve,2002-0126; reference:cve,2002-0405; classtype:attempted-admin; sid:2101919; rev:25; metadata:created_at 2010_09_23, cve CVE_1999_0219, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_08;)
No public exploits indexed.
Bugzilla
Update bzip2 in tree to 1.0.6
bugzilla·2016-06-14·CVSS 5.1
CVE-2010-0405 [MEDIUM] Update bzip2 in tree to 1.0.6
Update bzip2 in tree to 1.0.6
Our in-tree bzip2 library is at the ancient 1.0.4 -- we need to update to the most recent version (from 6 years ago) 1.0.6 which fixes an integer overflow CVE-2010-0405 and a couple of older DOS bugs.
Discussion:
gps: do you know who owns updating this library? last time we updated it it was handled as a "build config" bug.
---
Anybody can likely update bzip2 - hopefully it is just a drop-in replacement given the minor version bump.
What's the priority of this? Can it ride the trains or do you want this shipping ASAP?
---
Note that libbz2 is only used by the updater, and only after the mar signature has been validated. From a (really) quick glance at the code, it seems like the bz2 stream is what is signed, so it should be impossible to tamper with it
Bugzilla
CVE-2010-0405 bzip2: integer overflow flaw in BZ2_decompress
bugzilla·2010-08-27·CVSS 5.1
CVE-2010-0405 [MEDIUM] CVE-2010-0405 bzip2: integer overflow flaw in BZ2_decompress
CVE-2010-0405 bzip2: integer overflow flaw in BZ2_decompress
A bzip2 security issue was reported to Debian security team:
Mikołaj Izdebski has discovered an integer overflow flaw in the
BZ2_decompress function in bzip2/libbz2. An attacker could use a
crafted bz2 file to cause a denial of service (application crash) or
potentially to execute arbitrary code. (CVE-2010-0405)
Discussion:
Created attachment 441451
Proposed patch
---
Created attachment 448401
bzip2 1.0.5 -> 1.0.6 diff
Fix added in bzip2 1.0.6 additional extra sanity checks compared to previously proposed patch.
---
Public now via bzip2 1.0.6 release.
---
CCing clamav maintainers, clamav contains embedded copy of bzip code in libclamav/nsis/bzlib.c .
---
This issue has been addressed in following products:
Red Hat E
http://blogs.sun.com/security/entry/cve_2010_0405_integer_overflowhttp://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96.3http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/051278.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/051366.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.htmlhttp://marc.info/?l=oss-security&m=128506868510655&w=2http://secunia.com/advisories/41452http://secunia.com/advisories/41505http://secunia.com/advisories/42350http://secunia.com/advisories/42404http://secunia.com/advisories/42405http://secunia.com/advisories/42529http://secunia.com/advisories/42530http://secunia.com/advisories/48378http://security.gentoo.org/glsa/glsa-201301-05.xmlhttp://support.apple.com/kb/HT4581http://www.bzip.org/http://www.redhat.com/support/errata/RHSA-2010-0703.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0858.htmlhttp://www.securityfocus.com/archive/1/515055/100/0/threadedhttp://www.ubuntu.com/usn/USN-986-2http://www.ubuntu.com/usn/USN-986-3http://www.ubuntu.com/usn/usn-986-1http://www.vmware.com/security/advisories/VMSA-2010-0019.htmlhttp://www.vupen.com/english/advisories/2010/2455http://www.vupen.com/english/advisories/2010/3043http://www.vupen.com/english/advisories/2010/3052http://www.vupen.com/english/advisories/2010/3073http://www.vupen.com/english/advisories/2010/3126http://www.vupen.com/english/advisories/2010/3127http://xorl.wordpress.com/2010/09/21/cve-2010-0405-bzip2-integer-overflow/https://bugzilla.redhat.com/show_bug.cgi?id=627882https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2230https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2231http://blogs.sun.com/security/entry/cve_2010_0405_integer_overflowhttp://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96.3http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/051278.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/051366.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.htmlhttp://marc.info/?l=oss-security&m=128506868510655&w=2http://secunia.com/advisories/41452http://secunia.com/advisories/41505http://secunia.com/advisories/42350http://secunia.com/advisories/42404http://secunia.com/advisories/42405http://secunia.com/advisories/42529http://secunia.com/advisories/42530http://secunia.com/advisories/48378http://security.gentoo.org/glsa/glsa-201301-05.xmlhttp://support.apple.com/kb/HT4581http://www.bzip.org/http://www.redhat.com/support/errata/RHSA-2010-0703.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0858.htmlhttp://www.securityfocus.com/archive/1/515055/100/0/threadedhttp://www.ubuntu.com/usn/USN-986-2http://www.ubuntu.com/usn/USN-986-3http://www.ubuntu.com/usn/usn-986-1http://www.vmware.com/security/advisories/VMSA-2010-0019.htmlhttp://www.vupen.com/english/advisories/2010/2455http://www.vupen.com/english/advisories/2010/3043http://www.vupen.com/english/advisories/2010/3052http://www.vupen.com/english/advisories/2010/3073http://www.vupen.com/english/advisories/2010/3126http://www.vupen.com/english/advisories/2010/3127http://xorl.wordpress.com/2010/09/21/cve-2010-0405-bzip2-integer-overflow/https://bugzilla.redhat.com/show_bug.cgi?id=627882https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2230https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2231
2010-09-28
Published