Vulnerability Name:

CVE-2008-0888 (CCN-21711)

Assigned:2008-03-17
Published:2008-03-17
Updated:2018-10-15
Summary:The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.
CVSS v3 Severity:2.9 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Authentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
1.2 Low (CCN CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:N/A:N)
0.9 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Athentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
Vulnerability Type:CWE-119
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2005-2475

Source: MITRE
Type: CNA
CVE-2008-0888

Source: APPLE
Type: UNKNOWN
APPLE-SA-2010-03-29-1

Source: SUSE
Type: UNKNOWN
SUSE-SR:2008:007

Source: CCN
Type: BugTraq Mailing List, 2005-08-02 22:22:54
Zip 2,31 bad default file-permissions vulnerability

Source: CCN
Type: RHSA-2007-0203
Low: unzip security and bug fix update

Source: CCN
Type: RHSA-2008-0196
Moderate: unzip security update

Source: CCN
Type: SA16309
UnZip File Permissions Change Vulnerability

Source: SECUNIA
Type: Vendor Advisory
29392

Source: SECUNIA
Type: Vendor Advisory
29406

Source: CCN
Type: SA29415
UnZip "inflate_dynamic()" Uninitialized Pointers Vulnerability

Source: SECUNIA
Type: Vendor Advisory
29415

Source: SECUNIA
Type: Vendor Advisory
29427

Source: SECUNIA
Type: Vendor Advisory
29432

Source: SECUNIA
Type: Vendor Advisory
29440

Source: SECUNIA
Type: Vendor Advisory
29495

Source: SECUNIA
Type: Vendor Advisory
29681

Source: CCN
Type: SA30535
VMware ESX Server Multiple Security Updates

Source: SECUNIA
Type: Patch, Vendor Advisory
30535

Source: SECUNIA
Type: Vendor Advisory
31204

Source: CCN
Type: SA40539
Sun Solaris Unzip Two Vulnerabilities

Source: CCN
Type: SA40542
Sun Solaris 10 Unzip Two Vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200804-06

Source: CCN
Type: SECTRACK ID: 1019634
UnZip NEEDBITS Macro Memory Free May Let Remote Users Execute Arbitrary Code

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT4077

Source: CCN
Type: ASA-2007-209
unzip security and bug fix update (RHSA-2007-0203)

Source: CONFIRM
Type: UNKNOWN
http://wiki.rpath.com/Advisories:rPSA-2008-0116

Source: CONFIRM
Type: UNKNOWN
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0116

Source: DEBIAN
Type: UNKNOWN
DSA-1522

Source: DEBIAN
Type: DSA-1522
unzip -- programming error

Source: DEBIAN
Type: DSA-903
unzip -- race condition

Source: CCN
Type: Zip Web site
Info-ZIP's Zip

Source: CONFIRM
Type: UNKNOWN
http://www.ipcop.org/index.php?name=News&file=article&sid=40

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2008:068

Source: CCN
Type: OSVDB ID: 18530
UnZip Race Condition Arbitrary File Permission Modification

Source: REDHAT
Type: Vendor Advisory
RHSA-2008:0196

Source: BUGTRAQ
Type: UNKNOWN
20080321 rPSA-2008-0116-1 unzip

Source: BUGTRAQ
Type: UNKNOWN
20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues

Source: CCN
Type: BID-14450
Info-ZIP UnZip CHMod File Permission Modification Race Condition Weakness

Source: BID
Type: UNKNOWN
28288

Source: CCN
Type: BID-28288
Info-ZIP UnZip 'inflate_dynamic()' Remote Code Execution Vulnerability

Source: SECTRACK
Type: UNKNOWN
1019634

Source: CCN
Type: USN-191-1
unzip vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-589-1

Source: CONFIRM
Type: UNKNOWN
http://www.vmware.com/security/advisories/VMSA-2008-0009.html

Source: VUPEN
Type: Vendor Advisory
ADV-2008-0913

Source: VUPEN
Type: Vendor Advisory
ADV-2008-1744

Source: XF
Type: UNKNOWN
zip-file-permissions(21711)

Source: XF
Type: UNKNOWN
unzip-inflatedynamic-code-execution(41246)

Source: CONFIRM
Type: UNKNOWN
https://issues.rpath.com/browse/RPL-2317

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9733

Vulnerable Configuration:Configuration 1:
  • cpe:/a:info-zip:unzip:*:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:3:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2008-0888 (CCN-41246)

    Assigned:2008-03-17
    Published:2008-03-17
    Updated:2008-03-17
    Summary:The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.
    CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
    6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Athentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    Vulnerability Consequences:Gain Access
    References:Source: MITRE
    Type: CNA
    CVE-2005-2475

    Source: MITRE
    Type: CNA
    CVE-2008-0888

    Source: CCN
    Type: RHSA-2007-0203
    Low: unzip security and bug fix update

    Source: CCN
    Type: RHSA-2008-0196
    Moderate: unzip security update

    Source: CCN
    Type: SA16309
    UnZip File Permissions Change Vulnerability

    Source: CCN
    Type: SA29415
    UnZip "inflate_dynamic()" Uninitialized Pointers Vulnerability

    Source: CCN
    Type: SA30535
    VMware ESX Server Multiple Security Updates

    Source: CCN
    Type: SA40542
    Sun Solaris 10 Unzip Two Vulnerabilities

    Source: CCN
    Type: SECTRACK ID: 1019634
    UnZip NEEDBITS Macro Memory Free May Let Remote Users Execute Arbitrary Code

    Source: CCN
    Type: Apple Web site
    About the security content of Security Update 2010-002 / Mac OS X v10.6.3

    Source: CCN
    Type: ASA-2008-149
    unzip security update (RHSA-2008-0196)

    Source: DEBIAN
    Type: DSA-1522
    unzip -- programming error

    Source: CCN
    Type: GLSA-200804-06
    UnZip: User-assisted execution of arbitrary code

    Source: CCN
    Type: Info-ZIP Web site
    Info-ZIP's UnZip

    Source: CCN
    Type: OSVDB ID: 18530
    UnZip Race Condition Arbitrary File Permission Modification

    Source: CCN
    Type: BID-14450
    Info-ZIP UnZip CHMod File Permission Modification Race Condition Weakness

    Source: CCN
    Type: BID-28288
    Info-ZIP UnZip 'inflate_dynamic()' Remote Code Execution Vulnerability

    Source: CCN
    Type: USN-589-1
    unzip vulnerability

    Source: CCN
    Type: VMSA-2008-0009
    Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues

    Source: XF
    Type: UNKNOWN
    unzip-inflatedynamic-code-execution(41246)

    Source: CCN
    Type: RPL-2317
    unzip CVE-2008-0888

    Source: CCN
    Type: SUSE-SR:2008:007
    SUSE Security Summary Report

    Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:3:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:info-zip:unzip:5.52:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06:*:lts:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:x86-64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.04:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.10:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:*
  • OR cpe:/a:vmware:ace:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:server:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:2.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:esx_server:3.5:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:server:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:fusion:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:6.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:6.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:6.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:server:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:server:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:server:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:server:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:fusion:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:fusion:1.1.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20080888
    V
    		CVE-2008-0888
    2015-11-16
    oval:org.mitre.oval:def:17758
    P
    		USN-589-1 -- unzip vulnerability
    2014-06-30
    oval:org.mitre.oval:def:20339
    P
    		DSA-1522-1 unzip - potential code execution
    2014-06-23
    oval:org.mitre.oval:def:8229
    P
    		DSA-1522 unzip -- programming error
    2014-06-23
    oval:org.mitre.oval:def:9733
    V
    		The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.
    2013-04-29
    oval:com.redhat.rhsa:def:20080196
    P
    		RHSA-2008:0196: unzip security update (Moderate)
    2008-03-18
    oval:org.debian:def:1522
    V
    		programming error
    2008-03-17
    BACK
    info-zip unzip *
    info-zip unzip 5.52
    gentoo linux *
    mandrakesoft mandrake linux corporate server 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    mandrakesoft mandrake linux 10.1
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    debian debian linux 3.1
    mandrakesoft mandrake multi network firewall 2.0
    redhat linux advanced workstation 2.1
    mandrakesoft mandrake linux 2006
    canonical ubuntu 6.06
    mandrakesoft mandrake linux 10.1
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    mandrakesoft mandrake linux 2007.1
    mandrakesoft mandrake linux 2008.0
    debian debian linux 4.0
    canonical ubuntu 7.04
    vmware workstation 6.0
    canonical ubuntu 7.10
    mandrakesoft mandrake linux 2008.0
    mandrakesoft mandrake linux 2007.1
    mandrakesoft mandrake linux corporate server 2.1
    vmware ace 2.0
    vmware server 1.0.3
    vmware ace 2.0.3
    vmware ace 2.0.1
    vmware ace 2.0.2
    vmware esx server 3.5
    vmware server 1.0
    vmware fusion 1.0
    vmware workstation 6.0.1
    vmware workstation 6.0.2
    vmware workstation 6.0.3
    vmware server 1.0.1
    vmware server 1.0.2
    vmware server 1.0.4
    vmware server 1.0.5
    vmware fusion 1.1
    vmware fusion 1.1.1
    apple mac os x 10.5.8
    apple mac os x server 10.5.8