[Info-vax] [OT] Software wears out, was: Re: VMS Software Inc. OpenVMS

Paul Sture nospam at sture.ch
Mon Mar 30 04:09:11 EDT 2015 

On 2015-03-23, Bob Koehler <koehler at eisner.nospam.decuserve.org> wrote:
> In article <mei35b$j0n$1 at dont-email.me>,
> Simon Clubley <clubley at remove_me.eisner.decus.org-Earth.UFP> writes:
>> On 2015-03-20, Bob Koehler <koehler at eisner.nospam.decuserve.org> wrote:
>>> In article <mehmek$q9o$1 at dont-email.me>, Simon Clubley
>>> <clubley at remove_me.eisner.decus.org-Earth.UFP> writes:
>>>> 
>>>> If you only have binary images which are no longer supported, then how
>>>> do you get the vulnerability fixed so you can resume normal production
>>>> operations ?
>>>
>>>    Can you write Hello World in such a way that it has vulnerabilities?
>>>
>> 
>> Yes:
>> 
>
>    IMHO, what you have written is above and beyond Hello Word.
>
>    OK, I'll make it my challenge clear:  an output-only application.  No
>    prompting.

Not strictly an output-only application, but this little lot appeared in
the text of an update for unzip on Scientific Linux the other day:

-----------------------------------------------------------------------
This notification was issued on 2015-03-25.

A buffer overflow was found in the way unzip uncompressed certain extra
fields of a file. A specially crafted Zip archive could cause unzip to
crash or, possibly, execute arbitrary code when the archive was tested
with unzip's '-t' option. (CVE-2014-9636)

A buffer overflow flaw was found in the way unzip computed the CRC32
checksum of certain extra fields of a file. A specially crafted Zip
archive could cause unzip to crash when the archive was tested with
unzip's '-t' option. (CVE-2014-8139)

An integer underflow flaw, leading to a buffer overflow, was found in
the way unzip uncompressed certain extra fields of a file. A specially
crafted Zip archive could cause unzip to crash when the archive was
tested with unzip's '-t' option. (CVE-2014-8140)

A buffer overflow flaw was found in the way unzip handled Zip64 files. A
specially crafted Zip archive could possibly cause unzip to crash when
the archive was uncompressed. (CVE-2014-8141)
-----------------------------------------------------------------------



-- 
If you think it's simple, then you have misunderstood the problem 
                                            -- Bjarne Stroustrup

More information about the Info-vax mailing list