Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT Security Bulletin
ASB-2016.0056
Cisco Talos has discovered two vulnerabilities in 7-zip
prior to version 16.00
16 May 2016
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: 7-zip
Operating System: Windows
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2016-2335 CVE-2016-2334
Member content until: Wednesday, June 15 2016
OVERVIEW
Cisco Talos has discovered two vulnerabilities in 7-zip prior to
version 16.00. [1]
IMPACT
Cisco Talos has provided the following details regarding the
vulnerabilities:
"TALOS-CAN-0094, Out-of-Bounds Read Vulnerability, [CVE-2016-2335]
An out-of-bounds read vulnerability exists in the way 7-Zip handles
Universal Disk Format (UDF) files. The UDF file system was meant to
replace the ISO-9660 file format, and was eventually adopted as the
official file system for DVD-Video and DVD-Audio." [1]
"TALOS-CAN-0093, Heap Overflow Vulnerability, [CVE-2016-2334] An
exploitable heap overflow vulnerability exists in the
Archive::NHfs::CHandler::ExtractZlibFile method functionality of
7-Zip. In the HFS+ file system, files can be stored in compressed
form using zlib. There are three different ways of keeping data in
that form depending on the size of the data. Data from files whose
compressed size is bigger than 3800 bytes is stored in a resource
fork, split into blocks." [1]
MITIGATION
7-zip has released version 16.00 and Cisco Talos urges 7-zip users to
update to that non-vulnerable version. [1]
REFERENCES
[1] Multiple 7-Zip Vulnerabilities Discovered by Talos
http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVzkmfn6ZAP0PgtI9AQIuVhAArmRzgDeNOem9v4U1y9CSaiuT1BO9WHn9
FeaBFmL1Z2GElg+QJK4xWef7+XFQ1szSyDXUXvbwxRyW7WJPqKrhmpSZsyK1mQfp
4vheu55Xje3rcLiiQMLIrUlHyEWSU3NsXPcxR0OVeh/I5Be7+o7HDQRgyFig7zNw
Z1R025PysQZscMDLWIoRSrmdtkirUKZAF7AJdVD43XphWbthBvqr/YqGNjITJG1j
kgZ5/g5WFP/uxTZZu2l7FkAyxYAFzl/0Ea1hy7hNDZZKWKcoHF9L7T6lOzOSOoEd
L7XCdDCZIif/1rVcN67s1VzkHcEkJN/Fx1MfTcGtChmWKxp4j97OEmHXwSuBXs2L
crT/FH7IDPGwAA94Yu2TH0WEzHFowU/WcLtnVqYnbgfFy9ON+vntYglsXzuoTVmk
TUiQF74Lw0GgHJ1II7ytXZfI8v+noMzS9wiP0FUOtq4LoXD30QcP9gW3pAeufDUi
wd8saUF94yqdms2bCZeNnyeoMVev4CbmyNuLOZnFfceW6/0GrMZiFGPDTT+3ndF3
nvYDLXPhTaQUTQgvkvVmW17IsctZyxofRYidz1UJQB+RVQijbcoMxMNVuPdI54Bq
CpZECDOuODRPFdYKz0h5l4UZ3fKhoksusdFjDuI9kdI92PFZ+pbBKpDrpQoPsYyB
IK0aM/Fedtg=
=vKDA
-----END PGP SIGNATURE-----