Users of bzip2 decompression please be advised of an Integer overflow vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
FreeBSD-SA-10:08.bzip2: Integer overflow in bzip2 decompression
Problem Description
When decompressing data, the run-length encoded values are not adequately
sanity-checked, allowing for an integer overflow.
An attacker who can cause maliciously chosen inputs to be decompressed can
cause the decompressor to crash. It is suspected that such an attacker
can cause arbitrary code to be executed, but this is not known for certain.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/9EpYkt
No comments:
Post a Comment