Differences between revisions 17 and 18
Deletions are marked like this. Additions are marked like this.
Line 64: Line 64:
    * Processing archive formats may have a long family tree where versions of archiving code have been forked or copied into different projects, which might not have incorporated the fixes for bugs to shared code found in other branches of the family tree.      * Processing archive formats may have a long family tree where versions of archiving code have been forked or copied into different projects, which might not have incorporated the fixes for bugs to shared code found in other branches of the family tree.
Line 74: Line 74:
    * Usage of Anti-virus tools is commonly mandated by organisational policy, contract and other administrative and/or legal requirements. US HIPAA legislation [1] is commonly interpreted to mandate use of anti-virus software.      * Usage of Anti-virus tools is commonly mandated by organisational policy, contract and other administrative and/or legal requirements. US HIPAA legislation [1] is commonly interpreted to mandate use of anti-virus software.
Line 106: Line 106:
   9. Connected palmtop and mobile appliances, which are often embedded devices, may require archival for communications or other functions. Note that the client and server systems depicted in this image may also be such devices.     9. Connected palmtop and mobile appliances, which are often embedded devices, may require archival for communications or other functions. Note that the client and server systems depicted in this image may also be such devices.
Line 158: Line 158:
    * 10 pieces <format>.tar.bz2 packages      * 10 pieces <format>.tar.bz2 packages
Line 165: Line 165:
$ mount -o loop testsuites.iso /cdrom  $ mount -o loop testsuites.iso /cdrom
Line 173: Line 173:
$ bunzip2 < suite.tar.bz2 | tar -xvf -  $ bunzip2 < suite.tar.bz2 | tar -xvf -
Line 188: Line 188:
Release 1:
    * [[attachment:c10-archive-r1.iso||&do=get]], PGP signature [[attachment:c10-archive-r1.iso.asc||&do=get]], MD5 ff45f18ecf36d8484d5dc1cfb6338c45
== Release 1 ==

* [[attachment:c10-archive-r1.iso||&do=get]], PGP signature [[attachment:c10-archive-r1.iso.asc||&do=get]], MD5 ff45f18ecf36d8484d5dc1cfb6338c45
Line 194: Line 195:
Test Result Definitions

In this test suite, the 'failed' status is granted if any of the following criteria are met and a single test case can be identified to be responsible of it:

    * A
process or a child process crashes with fatal signal   If no single test case can be identified but similar effects are observed, the status is 'inconclusive'.

Otherwise, the status is 'passed'.

==
Test Result Definitions ==

 failed::
In this test suite, the '''failed''' status is granted if any of the following criteria are met and a single test case can be identified to be responsible of it: a process or a child process crashes with fatal signal.

 inconclusive::
If no single test case can be identified but similar effects are observed, the status is '''inconclusive'''.

 passed:: Otherwise, the status is '''passed'''.
Line 212: Line 212:
Result summary by archive format  Result summary by archive format
Line 226: Line 226:
    * n/a: Software doesn't support the format      * n/a: Software doesn't support the format
Line 240: Line 240:
Unique bugs by archive format Subject   Unique bugs by archive format Subject
Line 250: Line 250:
= Conclusions =  = Conclusions =
Line 432: Line 432:
    * "avast! LHA archive buffer overflow" [167]      * "avast! LHA archive buffer overflow" [167]
Line 441: Line 441:
    * CERT-FI and CPNI Joint Vulnerability Advisory on Archive Formats      * CERT-FI and CPNI Joint Vulnerability Advisory on Archive Formats
Line 446: Line 446:
    "Health Insurance Portability and Accountability Act". http://en.wikipedia.org/wiki/HIPAA.      "Health Insurance Portability and Accountability Act". http://en.wikipedia.org/wiki/HIPAA.
Line 448: Line 448:
    Kaksonen, Rauli. A Functional Method for Assessing Protocol Implementation Security. (2001). VTT Publication series. http://www.vtt.fi/inf/pdf/. ISBN: 951-38-5873-1. Licenciate thesis.      Kaksonen, Rauli. A Functional Method for Assessing Protocol Implementation Security. (2001). VTT Publication series. http://www.vtt.fi/inf/pdf/. ISBN: 951-38-5873-1. Licenciate thesis.
Line 450: Line 450:
    Eronen, Juhani. A collaborative method for assessing the dependencies of critical information infrastructures. http://www.ee.oulu.fi/research/ouspg/protos/sota/matine/method-thesis/.      Eronen, Juhani. A collaborative method for assessing the dependencies of critical information infrastructures. http://www.ee.oulu.fi/research/ouspg/protos/sota/matine/method-thesis/.
Line 452: Line 452:
    Unspecified. (2000). "Buffer overflow in Norton Antivirus for Exchange". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0477.      Unspecified. (2000). "Buffer overflow in Norton Antivirus for Exchange". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0477.
Line 454: Line 454:
    Unspecified. (2001). "DoS in MAILsweeper for SMTP". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0932.      Unspecified. (2001). "DoS in MAILsweeper for SMTP". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0932.
Line 456: Line 456:
    Unspecified. (2002). "BSCW groupware system read or modify arbitrary files". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0973.      Unspecified. (2002). "BSCW groupware system read or modify arbitrary files". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0973.
Line 458: Line 458:
    3APA3A. (2001). "GNU Tar Hostile Destination Path Vulnerability". Securityfocus. http://www.securityfocus.com/bid/3024.      3APA3A. (2001). "GNU Tar Hostile Destination Path Vulnerability". Securityfocus. http://www.securityfocus.com/bid/3024.
Line 460: Line 460:
    Unspecified. (2001). "Multiple vendor file archivers file extraction directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/10224.      Unspecified. (2001). "Multiple vendor file archivers file extraction directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/10224.
Line 462: Line 462:
    Unspecified. (2001). "Multiple vendor file archivers file extraction directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/10224.      Unspecified. (2001). "Multiple vendor file archivers file extraction directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/10224.
Line 464: Line 464:
    Unspecified. (2001). "Multiple vendor file archivers file extraction directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/10224.      Unspecified. (2001). "Multiple vendor file archivers file extraction directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/10224.
Line 466: Line 466:
    Unspecified. (2002). "zlib "double free" memory corruption". ISS. http://xforce.iss.net/xforce/xfdb/8427.      Unspecified. (2002). "zlib "double free" memory corruption". ISS. http://xforce.iss.net/xforce/xfdb/8427.
Line 468: Line 468:
    Unspecified. (2002). "Windows zipped file decompression buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/10251.      Unspecified. (2002). "Windows zipped file decompression buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/10251.
Line 470: Line 470:
    Unspecified. (2001). "Multiple vendor file archivers file extraction directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/10224.      Unspecified. (2001). "Multiple vendor file archivers file extraction directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/10224.
Line 472: Line 472:
    Unspecified. (2002). "AMaViS securetar TAR file denial of service". ISS. http://xforce.iss.net/xforce/xfdb/10056.      Unspecified. (2002). "AMaViS securetar TAR file denial of service". ISS. http://xforce.iss.net/xforce/xfdb/10056.
Line 474: Line 474:
    Unspecified. (2004). "Microsoft Windows Incorrect Target Path for Zipped File Decompression". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1139.      Unspecified. (2004). "Microsoft Windows Incorrect Target Path for Zipped File Decompression". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1139.
Line 476: Line 476:
    Unspecified. (2004). "Internet Explorer Malformed PNG Image File Failure". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1185.      Unspecified. (2004). "Internet Explorer Malformed PNG Image File Failure". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1185.
Line 478: Line 478:
    Unspecified. (2001). "Multiple vendor file archivers file extraction directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/10224.      Unspecified. (2001). "Multiple vendor file archivers file extraction directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/10224.
Line 480: Line 480:
    Unspecified. (2003). "zlib gzprintf buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/11381.      Unspecified. (2003). "zlib gzprintf buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/11381.
Line 482: Line 482:
    Unspecified. (2003). "RealPlayer PNG improper decompression buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/11643.      Unspecified. (2003). "RealPlayer PNG improper decompression buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/11643.
Line 484: Line 484:
    Unspecified. (2003). "GameSpy Arcade GSAPAK.EXE file upload". ISS. http://xforce.iss.net/xforce/xfdb/12775.      Unspecified. (2003). "GameSpy Arcade GSAPAK.EXE file upload". ISS. http://xforce.iss.net/xforce/xfdb/12775.
Line 486: Line 486:
    Unspecified. (2003). "Clearswift MAILsweeper RAR policy bypass". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0928.      Unspecified. (2003). "Clearswift MAILsweeper RAR policy bypass". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0928.
Line 488: Line 488:
    Unspecified. (2003). "Clearswift MAILsweeper ZIP policy bypass". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0929.      Unspecified. (2003). "Clearswift MAILsweeper ZIP policy bypass". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0929.
Line 490: Line 490:
    Unspecified. (2003). "MAILsweeper for SMTP zip archive could allow an attacker to bypass virus protection". ISS. http://xforce.iss.net/xforce/xfdb/13611.      Unspecified. (2003). "MAILsweeper for SMTP zip archive could allow an attacker to bypass virus protection". ISS. http://xforce.iss.net/xforce/xfdb/13611.
Line 492: Line 492:
    Unspecified. (2004). "LHA multiple buffer overflows". ISS. http://xforce.iss.net/xforce/xfdb/16012.      Unspecified. (2004). "LHA multiple buffer overflows". ISS. http://xforce.iss.net/xforce/xfdb/16012.
Line 494: Line 494:
    Unspecified. (2004). "Multiple directory traversal vulnerabilities in LHA". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0235.      Unspecified. (2004). "Multiple directory traversal vulnerabilities in LHA". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0235.
Line 496: Line 496:
    Unspecified. (2004). "Integer overflow in DUNZIP32.DLL for Microsoft Windows". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0575.      Unspecified. (2004). "Integer overflow in DUNZIP32.DLL for Microsoft Windows". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0575.
Line 498: Line 498:
    Unspecified. (2004). "gzip gzexe script creates insecure temporary files". ISS. http://xforce.iss.net/xforce/xfdb/16506.      Unspecified. (2004). "gzip gzexe script creates insecure temporary files". ISS. http://xforce.iss.net/xforce/xfdb/16506.
Line 500: Line 500:
    Unspecified. (2004). "LHA metacharacter command execution". ISS. http://xforce.iss.net/xforce/xfdb/17198.      Unspecified. (2004). "LHA metacharacter command execution". ISS. http://xforce.iss.net/xforce/xfdb/17198.
Line 502: Line 502:
    Unspecified. (2004). "LHA extract_one buffer overflows". ISS. http://xforce.iss.net/xforce/xfdb/16196.      Unspecified. (2004). "LHA extract_one buffer overflows". ISS. http://xforce.iss.net/xforce/xfdb/16196.
Line 504: Line 504:
    Unspecified. (2004). "DGen ROM decompression symlink attack". ISS. http://xforce.iss.net/xforce/xfdb/16884.      Unspecified. (2004). "DGen ROM decompression symlink attack". ISS. http://xforce.iss.net/xforce/xfdb/16884.
Line 506: Line 506:
    Unspecified. (2004). "LHA long pathname buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/16917.      Unspecified. (2004). "LHA long pathname buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/16917.
Line 508: Line 508:
    Unspecified. (2004). "zlib inflate and inflateback denial of service". ISS. http://xforce.iss.net/xforce/xfdb/17119.      Unspecified. (2004). "zlib inflate and inflateback denial of service". ISS. http://xforce.iss.net/xforce/xfdb/17119.
Line 510: Line 510:
    Unspecified. (2004). "Multiple vendor antivirus .zip bypass protection". ISS. http://xforce.iss.net/xforce/xfdb/17761.      Unspecified. (2004). "Multiple vendor antivirus .zip bypass protection". ISS. http://xforce.iss.net/xforce/xfdb/17761.
Line 512: Line 512:
    Unspecified. (2004). "unarj file name buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/18044.      Unspecified. (2004). "unarj file name buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/18044.
Line 514: Line 514:
    Unspecified. (2004). "Info-ZIP zip archive with long names buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/17956.      Unspecified. (2004). "Info-ZIP zip archive with long names buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/17956.
Line 516: Line 516:
    Unspecified. (2004). "unarj file extraction directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/17684.      Unspecified. (2004). "unarj file extraction directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/17684.
Line 518: Line 518:
    Unspecified. (2005). "RealPlayer zipped RJS file buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/23025.      Unspecified. (2005). "RealPlayer zipped RJS file buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/23025.
Line 520: Line 520:
    Unspecified. (2004). "Multiple vendor antivirus .zip bypass protection". ISS. http://xforce.iss.net/xforce/xfdb/17761.      Unspecified. (2004). "Multiple vendor antivirus .zip bypass protection". ISS. http://xforce.iss.net/xforce/xfdb/17761.
Line 522: Line 522:
    Unspecified. (2004). "WinRAR zip file buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/18569.      Unspecified. (2004). "WinRAR zip file buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/18569.
Line 524: Line 524:
    Unspecified. (2004). "Solaris gzip modify privileges of hard linked files". ISS. http://xforce.iss.net/xforce/xfdb/17577.      Unspecified. (2004). "Solaris gzip modify privileges of hard linked files". ISS. http://xforce.iss.net/xforce/xfdb/17577.
Line 526: Line 526:
    Unspecified. (2004). "WinRAR Repair Archive unknown vulnerability". ISS. http://xforce.iss.net/xforce/xfdb/17937.      Unspecified. (2004). "WinRAR Repair Archive unknown vulnerability". ISS. http://xforce.iss.net/xforce/xfdb/17937.
Line 528: Line 528:
    Unspecified. (2004). "Clam AntiVirus RAR archive denial of service". ISS. http://xforce.iss.net/xforce/xfdb/15553.      Unspecified. (2004). "Clam AntiVirus RAR archive denial of service". ISS. http://xforce.iss.net/xforce/xfdb/15553.
Line 530: Line 530:
    Unspecified. (2004). "F-Secure Anti-Virus password protected archive bypass antivirus protection". ISS. http://xforce.iss.net/xforce/xfdb/17944.      Unspecified. (2004). "F-Secure Anti-Virus password protected archive bypass antivirus protection". ISS. http://xforce.iss.net/xforce/xfdb/17944.
Line 532: Line 532:
    Unspecified. (2004). "eTrust Antivirus could allow attacker to bypass file scan". ISS. http://xforce.iss.net/xforce/xfdb/15230.      Unspecified. (2004). "eTrust Antivirus could allow attacker to bypass file scan". ISS. http://xforce.iss.net/xforce/xfdb/15230.
Line 534: Line 534:
    Unspecified. (2004). "MAILsweeper for SMTP RAR denial of service". ISS. http://xforce.iss.net/xforce/xfdb/14979.      Unspecified. (2004). "MAILsweeper for SMTP RAR denial of service". ISS. http://xforce.iss.net/xforce/xfdb/14979.
Line 536: Line 536:
    Unspecified. (2004). "AntiGen for Domino zip file can cause denial of service". ISS. http://xforce.iss.net/xforce/xfdb/15470.      Unspecified. (2004). "AntiGen for Domino zip file can cause denial of service". ISS. http://xforce.iss.net/xforce/xfdb/15470.
Line 538: Line 538:
    Unspecified. (2004). "F-Secure Anti-Virus LHA archive buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/16258.      Unspecified. (2004). "F-Secure Anti-Virus LHA archive buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/16258.
Line 540: Line 540:
    Unspecified. (2004). "F-Secure Anti-Virus ZIP archive bypass scanning". ISS. http://xforce.iss.net/xforce/xfdb/18217.      Unspecified. (2004). "F-Secure Anti-Virus ZIP archive bypass scanning". ISS. http://xforce.iss.net/xforce/xfdb/18217.
Line 542: Line 542:
    Unspecified. (2004). "cabarc "dot dot" directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/17693.      Unspecified. (2004). "cabarc "dot dot" directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/17693.
Line 544: Line 544:
    Unspecified. (2005). "Clam AntiVirus ZIP file denial of service". ISS. http://xforce.iss.net/xforce/xfdb/19181.      Unspecified. (2005). "Clam AntiVirus ZIP file denial of service". ISS. http://xforce.iss.net/xforce/xfdb/19181.
Line 546: Line 546:
    Unspecified. (2005). "UnAce 'Ready for next volume' messages buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/19503.      Unspecified. (2005). "UnAce 'Ready for next volume' messages buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/19503.
Line 548: Line 548:
    Unspecified. (2005). "UnAce "dot dot" directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/19436.      Unspecified. (2005). "UnAce "dot dot" directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/19436.
Line 550: Line 550:
    Unspecified. (2005). "WinHKI ZIP directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/18798.      Unspecified. (2005). "WinHKI ZIP directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/18798.
Line 552: Line 552:
    Unspecified. (2005). "DivX Player directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/19030.      Unspecified. (2005). "DivX Player directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/19030.
Line 554: Line 554:
    Unspecified. (2005). "ZipGenius path disclosure". ISS. http://xforce.iss.net/xforce/xfdb/19203.      Unspecified. (2005). "ZipGenius path disclosure". ISS. http://xforce.iss.net/xforce/xfdb/19203.
Line 556: Line 556:
    Unspecified. (2005). "Winrar dot dot dot directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/20585.      Unspecified. (2005). "Winrar dot dot dot directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/20585.
Line 558: Line 558:
    Unspecified. (2005). "Antivirus ARJ archive buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/19140.      Unspecified. (2005). "Antivirus ARJ archive buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/19140.
Line 560: Line 560:
    Unspecified. (2005). "Antivirus ARJ archive buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/19140.      Unspecified. (2005). "Antivirus ARJ archive buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/19140.
Line 562: Line 562:
    Unspecified. (2005). "McAfee AntiVirus Library stack buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/19433.      Unspecified. (2005). "McAfee AntiVirus Library stack buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/19433.
Line 564: Line 564:
    Unspecified. (2005). "McAfee AntiVirus Library stack buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/19433.      Unspecified. (2005). "McAfee AntiVirus Library stack buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/19433.
Line 566: Line 566:
    Unspecified. (2005). "HTTP Anti Virus Proxy cab and zip files bypass filtering". ISS. http://xforce.iss.net/xforce/xfdb/19868.      Unspecified. (2005). "HTTP Anti Virus Proxy cab and zip files bypass filtering". ISS. http://xforce.iss.net/xforce/xfdb/19868.
Line 568: Line 568:
    Unspecified. (2005). "FileZilla Server zlib compression denial of service". ISS. http://xforce.iss.net/xforce/xfdb/19778.      Unspecified. (2005). "FileZilla Server zlib compression denial of service". ISS. http://xforce.iss.net/xforce/xfdb/19778.
Line 570: Line 570:
    Unspecified. (available). "RHSA-2005:357 updates for gzip not installed". ISS. http://xforce.iss.net/xforce/xfdb/22637.      Unspecified. (available). "RHSA-2005:357 updates for gzip not installed". ISS. http://xforce.iss.net/xforce/xfdb/22637.
Line 572: Line 572:
    Unspecified. (2005). "gzip -N command directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/20199.      Unspecified. (2005). "gzip -N command directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/20199.
Line 574: Line 574:
    Unspecified. (2005). "Multiple Symantec AntiVirus products RAR file detection bypass". ISS. http://xforce.iss.net/xforce/xfdb/20294.      Unspecified. (2005). "Multiple Symantec AntiVirus products RAR file detection bypass". ISS. http://xforce.iss.net/xforce/xfdb/20294.
Line 576: Line 576:
    Unspecified. (2005). "Sophos Anti-Virus BZIP2 denial of service". ISS. http://xforce.iss.net/xforce/xfdb/21373.      Unspecified. (2005). "Sophos Anti-Virus BZIP2 denial of service". ISS. http://xforce.iss.net/xforce/xfdb/21373.
Line 578: Line 578:
    Unspecified. (2005). "MailScanner .zip security bypass". ISS. http://xforce.iss.net/xforce/xfdb/20721.      Unspecified. (2005). "MailScanner .zip security bypass". ISS. http://xforce.iss.net/xforce/xfdb/20721.
Line 580: Line 580:
    Unspecified. (2005). "zlib DoS (inftrees.h)". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1849.      Unspecified. (2005). "zlib DoS (inftrees.h)". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1849.
Line 582: Line 582:
    Unspecified. (2001). "Multiple vendor file archivers file extraction directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/10224.      Unspecified. (2001). "Multiple vendor file archivers file extraction directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/10224.
Line 584: Line 584:
    Unspecified. (2005). "Clam AntiVirus ENSURE_BITS function denial of service". ISS. http://xforce.iss.net/xforce/xfdb/21204.      Unspecified. (2005). "Clam AntiVirus ENSURE_BITS function denial of service". ISS. http://xforce.iss.net/xforce/xfdb/21204.
Line 586: Line 586:
    Unspecified. (2005). "zlib code table denial of service". ISS. http://xforce.iss.net/xforce/xfdb/21456.      Unspecified. (2005). "zlib code table denial of service". ISS. http://xforce.iss.net/xforce/xfdb/21456.
Line 588: Line 588:
    Unspecified. (2006). "BlackBerry Enterprise Server Attachment Service PNG buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/24063.      Unspecified. (2006). "BlackBerry Enterprise Server Attachment Service PNG buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/24063.
Line 590: Line 590:
    Unspecified. (2005). "UnAce "dot dot" directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/19436.      Unspecified. (2005). "UnAce "dot dot" directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/19436.
Line 592: Line 592:
    Unspecified. (2005). "avast! Antivirus ACE archives buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/21464.      Unspecified. (2005). "avast! Antivirus ACE archives buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/21464.
Line 594: Line 594:
    Unspecified. (2005). "Linux Kernel huft_build zlib denial of service". ISS. http://xforce.iss.net/xforce/xfdb/22170.      Unspecified. (2005). "Linux Kernel huft_build zlib denial of service". ISS. http://xforce.iss.net/xforce/xfdb/22170.
Line 596: Line 596:
    Unspecified. (2005). "Linux Kernel huft_build zlib denial of service". ISS. http://xforce.iss.net/xforce/xfdb/22170.      Unspecified. (2005). "Linux Kernel huft_build zlib denial of service". ISS. http://xforce.iss.net/xforce/xfdb/22170.
Line 598: Line 598:
    Unspecified. (2005). "Tar setuid restores owner file permissions". ISS. http://xforce.iss.net/xforce/xfdb/24253.      Unspecified. (2005). "Tar setuid restores owner file permissions". ISS. http://xforce.iss.net/xforce/xfdb/24253.
Line 600: Line 600:
    Unspecified. (2006). "IBM Lotus Notes htmsr.dll HTML speed reader URL link buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/24639.      Unspecified. (2006). "IBM Lotus Notes htmsr.dll HTML speed reader URL link buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/24639.
Line 602: Line 602:
    Unspecified. (2006). "IBM Lotus Notes kvarcve.dll compressed file preview directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/24637.      Unspecified. (2006). "IBM Lotus Notes kvarcve.dll compressed file preview directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/24637.
Line 604: Line 604:
    Unspecified. (2005). "RealPlayer zipped RJS file buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/23025.      Unspecified. (2005). "RealPlayer zipped RJS file buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/23025.
Line 606: Line 606:
    Unspecified. (2005). "HAURI compressed archives directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/21920.      Unspecified. (2005). "HAURI compressed archives directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/21920.
Line 608: Line 608:
    Unspecified. (2005). "HAURI compressed archives directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/21920.      Unspecified. (2005). "HAURI compressed archives directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/21920.
Line 610: Line 610:
    Unspecified. (2005). "HAURI vrAZace.dll library buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/22005.      Unspecified. (2005). "HAURI vrAZace.dll library buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/22005.
Line 612: Line 612:
    Unspecified. (2006). "ZipTV ARJ header buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/28785.      Unspecified. (2006). "ZipTV ARJ header buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/28785.
Line 614: Line 614:
    Unspecified. (2005). "NOD32 ARJ archive buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/22203.      Unspecified. (2005). "NOD32 ARJ archive buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/22203.
Line 616: Line 616:
    Unspecified. (2005). "Avira Desktop for Windows ACE filename buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/24089.      Unspecified. (2005). "Avira Desktop for Windows ACE filename buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/24089.
Line 618: Line 618:
    Unspecified. (2005). "AhnLab V3 Antivirus v3flt2k.sys scan driver allows attacker elevated privileges". ISS. http://xforce.iss.net/xforce/xfdb/22297.      Unspecified. (2005). "AhnLab V3 Antivirus v3flt2k.sys scan driver allows attacker elevated privileges". ISS. http://xforce.iss.net/xforce/xfdb/22297.
Line 620: Line 620:
    Unspecified. (2005). "7-Zip ARJ file buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/22396.      Unspecified. (2005). "7-Zip ARJ file buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/22396.
Line 622: Line 622:
    Unspecified. (2005). "PowerArchiver ACE/ARJ filename buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/22429.      Unspecified. (2005). "PowerArchiver ACE/ARJ filename buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/22429.
Line 624: Line 624:
    Unspecified. (2005). "Kaspersky Antivirus cab heap overflow". ISS. http://xforce.iss.net/xforce/xfdb/22497.      Unspecified. (2005). "Kaspersky Antivirus cab heap overflow". ISS. http://xforce.iss.net/xforce/xfdb/22497.
Line 626: Line 626:
    Unspecified. (2005). "ALZip filename buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/22526.      Unspecified. (2005). "ALZip filename buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/22526.
Line 628: Line 628:
    Unspecified. (2005). "Virus detection bypass in Kaspersky Antivirus". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3210.      Unspecified. (2005). "Virus detection bypass in Kaspersky Antivirus". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3210.
Line 630: Line 630:
    Unspecified. (2005). "Virus detection bypass in BitDefender Antivirus". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3211.      Unspecified. (2005). "Virus detection bypass in BitDefender Antivirus". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3211.
Line 632: Line 632:
    Unspecified. (2005). "Virus detection bypass in F-Prot Antivirus". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3213.      Unspecified. (2005). "Virus detection bypass in F-Prot Antivirus". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3213.
Line 634: Line 634:
    Unspecified. (2005). "Virus detection bypass in Avast Antivirus". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3214.      Unspecified. (2005). "Virus detection bypass in Avast Antivirus". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3214.
Line 636: Line 636:
    Unspecified. (2005). "Virus detection bypass in McAfee Antivirus". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3215.      Unspecified. (2005). "Virus detection bypass in McAfee Antivirus". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3215.
Line 638: Line 638:
    Unspecified. (2005). "Virus detection bypass in Sophos Antivirus". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3216.      Unspecified. (2005). "Virus detection bypass in Sophos Antivirus". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3216.
Line 640: Line 640:
    Unspecified. (2005). "Virus detection bypass in Symantec Antivirus". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3217.      Unspecified. (2005). "Virus detection bypass in Symantec Antivirus". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3217.
Line 642: Line 642:
    Unspecified. (2005). "Virus detection bypass in Dr.Web Antivirus". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3218.      Unspecified. (2005). "Virus detection bypass in Dr.Web Antivirus". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3218.
Line 644: Line 644:
    Unspecified. (2005). "Virus detection bypass in Avira Antivirus". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3219.      Unspecified. (2005). "Virus detection bypass in Avira Antivirus". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3219.
Line 646: Line 646:
    Unspecified. (2005). "Virus detection bypass in Norman Virus Control Antivirus". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3220.      Unspecified. (2005). "Virus detection bypass in Norman Virus Control Antivirus". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3220.
Line 648: Line 648:
    Unspecified. (2005). "Virus detection bypass in Fortinet Antivirus". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3221.      Unspecified. (2005). "Virus detection bypass in Fortinet Antivirus". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3221.
Line 650: Line 650:
    Unspecified. (2005). "Virus detection bypass in VBA32 Antivirus". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3222.      Unspecified. (2005). "Virus detection bypass in VBA32 Antivirus". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3222.
Line 652: Line 652:
    Unspecified. (2005). "Virus detection bypass in Rising Antivirus". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3223.      Unspecified. (2005). "Virus detection bypass in Rising Antivirus". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3223.
Line 654: Line 654:
    Unspecified. (2005). "Virus detection bypass in AntiVir Antivirus". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3224.      Unspecified. (2005). "Virus detection bypass in AntiVir Antivirus". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3224.
Line 656: Line 656:
    Unspecified. (2005). "Virus detection bypass in (1) eTrust-Iris and (2) eTrust-Vet Antivirus". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3225.      Unspecified. (2005). "Virus detection bypass in (1) eTrust-Iris and (2) eTrust-Vet Antivirus". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3225.
Line 658: Line 658:
    Unspecified. (2005). "Virus detection bypass in ArcaVir Antivirus". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3226.      Unspecified. (2005). "Virus detection bypass in ArcaVir Antivirus". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3226.
Line 660: Line 660:
    Unspecified. (2005). "Virus detection bypass in UNA Antivirus". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3227.      Unspecified. (2005). "Virus detection bypass in UNA Antivirus". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3227.
Line 662: Line 662:
    Unspecified. (2005). "Virus detection bypass in Ikarus AntiVirus". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3228.      Unspecified. (2005). "Virus detection bypass in Ikarus AntiVirus". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3228.
Line 664: Line 664:
    Unspecified. (2005). ""Virus detection bypass in ClamAV Antivirus". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3229.      Unspecified. (2005). ""Virus detection bypass in ClamAV Antivirus". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3229.
Line 666: Line 666:
    Unspecified. (2005). "Virus detection bypass in Panda Antivirus". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3230.      Unspecified. (2005). "Virus detection bypass in Panda Antivirus". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3230.
Line 668: Line 668:
    Unspecified. (2005). "Virus detection bypass in CAT Quick Heal". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3231.      Unspecified. (2005). "Virus detection bypass in CAT Quick Heal". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3231.
Line 670: Line 670:
    Unspecified. (2005). "Virus detection bypass in TheHacker". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3232.      Unspecified. (2005). "Virus detection bypass in TheHacker". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3232.
Line 672: Line 672:
    Unspecified. (2005). "Virus detection bypass in Trustix Antivirus". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3233.      Unspecified. (2005). "Virus detection bypass in Trustix Antivirus". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3233.
Line 674: Line 674:
    Unspecified. (2005). "Virus detection bypass in Grisoft AVG Antivirus". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3234.      Unspecified. (2005). "Virus detection bypass in Grisoft AVG Antivirus". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3234.
Line 676: Line 676:
    Unspecified. (2005). "Virus detection bypass in Proland Protector Plus 2000 Antivirus". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3235.      Unspecified. (2005). "Virus detection bypass in Proland Protector Plus 2000 Antivirus". Mitre. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3235.
Line 678: Line 678:
    Unspecified. (2005). "WinRAR unacev2.dll ACE archive buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/23955.      Unspecified. (2005). "WinRAR unacev2.dll ACE archive buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/23955.
Line 680: Line 680:
    Unspecified. (2005). "ZipGenius filename buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/22832.      Unspecified. (2005). "ZipGenius filename buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/22832.
Line 682: Line 682:
    Unspecified. (2005). "F-Prot Antivirus ZIP files can bypass protection". ISS. http://xforce.iss.net/xforce/xfdb/22967.      Unspecified. (2005). "F-Prot Antivirus ZIP files can bypass protection". ISS. http://xforce.iss.net/xforce/xfdb/22967.
Line 684: Line 684:
    Unspecified. (2005). "Clam Antivirus tnef_attachment function denial of service". ISS. http://xforce.iss.net/xforce/xfdb/22964.      Unspecified. (2005). "Clam Antivirus tnef_attachment function denial of service". ISS. http://xforce.iss.net/xforce/xfdb/22964.
Line 686: Line 686:
    Unspecified. (2005). "Clam Antivirus cabd_find function denial of service". ISS. http://xforce.iss.net/xforce/xfdb/22965.      Unspecified. (2005). "Clam Antivirus cabd_find function denial of service". ISS. http://xforce.iss.net/xforce/xfdb/22965.
Line 688: Line 688:
    Unspecified. (2005). "SpeedProject multiple products lstrcat() ZIP file buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/23249.      Unspecified. (2005). "SpeedProject multiple products lstrcat() ZIP file buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/23249.
Line 690: Line 690:
    Unspecified. (2005). "Panda Antivirus library ZOO file buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/23276.      Unspecified. (2005). "Panda Antivirus library ZOO file buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/23276.
Line 692: Line 692:
    Unspecified. (2005). "Symantec AntiVirus Library RAR parsing multiple buffer overflows". ISS. http://xforce.iss.net/xforce/xfdb/23705.      Unspecified. (2005). "Symantec AntiVirus Library RAR parsing multiple buffer overflows". ISS. http://xforce.iss.net/xforce/xfdb/23705.
Line 694: Line 694:
    Unspecified. (2005). "TUGZip ARJ archive buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/23915.      Unspecified. (2005). "TUGZip ARJ archive buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/23915.
Line 696: Line 696:
    Unspecified. (2006). "Sophos Anti-Virus ARJ file scanning detection bypass". ISS. http://xforce.iss.net/xforce/xfdb/24345.      Unspecified. (2006). "Sophos Anti-Virus ARJ file scanning detection bypass". ISS. http://xforce.iss.net/xforce/xfdb/24345.
Line 698: Line 698:
    Unspecified. (2006). "GNU Tar PAX extended headers buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/24855.      Unspecified. (2006). "GNU Tar PAX extended headers buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/24855.
Line 700: Line 700:
    Unspecified. (2006). "F-Secure Anti-Virus ZIP file buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/24198.      Unspecified. (2006). "F-Secure Anti-Virus ZIP file buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/24198.
Line 702: Line 702:
    Unspecified. (2006). "F-Secure Anti-Virus RAR and ZIP file scan detection bypass". ISS. http://xforce.iss.net/xforce/xfdb/24199.      Unspecified. (2006). "F-Secure Anti-Virus RAR and ZIP file scan detection bypass". ISS. http://xforce.iss.net/xforce/xfdb/24199.
Line 704: Line 704:
    Unspecified. (2006). "WinAce ARJ header buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/24872.      Unspecified. (2006). "WinAce ARJ header buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/24872.
Line 706: Line 706:
    Unspecified. (2006). "zoo misc.c fullpath() buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/24904.      Unspecified. (2006). "zoo misc.c fullpath() buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/24904.
Line 708: Line 708:
    Unspecified. (2006). "SpeedProject .ZIP and .JAR archives directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/24909.      Unspecified. (2006). "SpeedProject .ZIP and .JAR archives directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/24909.
Line 710: Line 710:
    Unspecified. (2006). "Stuffit and ZipMagic archive directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/24886.      Unspecified. (2006). "Stuffit and ZipMagic archive directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/24886.
Line 712: Line 712:
    Unspecified. (2006). "PEAR::Archive_Zip dot dot directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/24972.      Unspecified. (2006). "PEAR::Archive_Zip dot dot directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/24972.
Line 714: Line 714:
    Unspecified. (2006). "WinAce .RAR and .TAR directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/24902.      Unspecified. (2006). "WinAce .RAR and .TAR directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/24902.
Line 716: Line 716:
    Unspecified. (2006). "Sophos Anti-Virus CAB file parsing buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/26305.      Unspecified. (2006). "Sophos Anti-Virus CAB file parsing buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/26305.
Line 718: Line 718:
    Unspecified. (2006). "zoo parse.c parse() buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/25264.      Unspecified. (2006). "zoo parse.c parse() buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/25264.
Line 720: Line 720:
    Unspecified. (2006). "WinHKI archive extraction directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/25335.      Unspecified. (2006). "WinHKI archive extraction directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/25335.
Line 722: Line 722:
    Unspecified. (2006). "TUGZip archive directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/25713.      Unspecified. (2006). "TUGZip archive directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/25713.
Line 724: Line 724:
    Unspecified. (2006). "IZArc extract error directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/26039.      Unspecified. (2006). "IZArc extract error directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/26039.
Line 726: Line 726:
    Unspecified. (2006). "SpeedProject multiple products ACE buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/26115.      Unspecified. (2006). "SpeedProject multiple products ACE buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/26115.
Line 728: Line 728:
    Unspecified. (2006). "Abakt ZIP buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/26435.      Unspecified. (2006). "Abakt ZIP buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/26435.
Line 730: Line 730:
    Unspecified. (2006). "VeriSign I-Nav VUpdater.Install ActiveX control code execution". ISS. http://xforce.iss.net/xforce/xfdb/26375.      Unspecified. (2006). "VeriSign I-Nav VUpdater.Install ActiveX control code execution". ISS. http://xforce.iss.net/xforce/xfdb/26375.
Line 732: Line 732:
    Unspecified. (2006). "ZipCentral ZIP archive filename buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/26737.      Unspecified. (2006). "ZipCentral ZIP archive filename buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/26737.
Line 734: Line 734:
    Unspecified. (2006). "ZipTV ARJ header buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/28785.      Unspecified. (2006). "ZipTV ARJ header buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/28785.
Line 736: Line 736:
    Unspecified. (2006). "BitZipper extract directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/26626.      Unspecified. (2006). "BitZipper extract directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/26626.
Line 738: Line 738:
    Unspecified. (2006). "PicoZip zipinfo.dll buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/27096.      Unspecified. (2006). "PicoZip zipinfo.dll buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/27096.
Line 740: Line 740:
    Unspecified. (2006). "Filzip archive directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/27027.      Unspecified. (2006). "Filzip archive directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/27027.
Line 742: Line 742:
    Unspecified. (2006). "QuickZip extract directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/27474.      Unspecified. (2006). "QuickZip extract directory traversal". ISS. http://xforce.iss.net/xforce/xfdb/27474.
Line 744: Line 744:
    Unspecified. (2006). "AutoVue SolidModel Professional archive filename buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/27968.      Unspecified. (2006). "AutoVue SolidModel Professional archive filename buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/27968.
Line 746: Line 746:
    Unspecified. (2006). "Apple Mac OS X BOMArchiveHelper BOMFileClose() .zip archive buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/28138.      Unspecified. (2006). "Apple Mac OS X BOMArchiveHelper BOMFileClose() .zip archive buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/28138.
Line 748: Line 748:
    Unspecified. (2006). "MIMEsweeper for Web RAR archive Web Policy Engine denial of service". ISS. http://xforce.iss.net/xforce/xfdb/27643.      Unspecified. (2006). "MIMEsweeper for Web RAR archive Web Policy Engine denial of service". ISS. http://xforce.iss.net/xforce/xfdb/27643.
Line 750: Line 750:
    Unspecified. (2006). "WinRAR LHA archive buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/27815.      Unspecified. (2006). "WinRAR LHA archive buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/27815.
Line 752: Line 752:
    Unspecified. (2006). "Microsoft Internet Explorer HTTP 1.1 compression long URL buffer overflow variant". ISS. http://xforce.iss.net/xforce/xfdb/28893.      Unspecified. (2006). "Microsoft Internet Explorer HTTP 1.1 compression long URL buffer overflow variant". ISS. http://xforce.iss.net/xforce/xfdb/28893.
Line 754: Line 754:
    Unspecified. (2006). "MailGate Email Firewall LHA extended-header filename buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/27942.      Unspecified. (2006). "MailGate Email Firewall LHA extended-header filename buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/27942.
Line 756: Line 756:
    Unspecified. (2006). "PowerArchiver add buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/27939.      Unspecified. (2006). "PowerArchiver add buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/27939.
Line 758: Line 758:
    Unspecified. (2006). "Lhaplus LZH archive extended header buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/28102.      Unspecified. (2006). "Lhaplus LZH archive extended header buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/28102.
Line 760: Line 760:
    Unspecified. (2006). "Lhaz long LZH filename buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/28282.      Unspecified. (2006). "Lhaz long LZH filename buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/28282.
Line 762: Line 762:
    Unspecified. (2006). "gzip huft_build() code execution". ISS. http://xforce.iss.net/xforce/xfdb/29038.      Unspecified. (2006). "gzip huft_build() code execution". ISS. http://xforce.iss.net/xforce/xfdb/29038.
Line 764: Line 764:
    Unspecified. (2006). "gzip LZH array code execution". ISS. http://xforce.iss.net/xforce/xfdb/29040.      Unspecified. (2006). "gzip LZH array code execution". ISS. http://xforce.iss.net/xforce/xfdb/29040.
Line 766: Line 766:
    Unspecified. (2006). "gzip unpack.c buffer underflow". ISS. http://xforce.iss.net/xforce/xfdb/29042.      Unspecified. (2006). "gzip unpack.c buffer underflow". ISS. http://xforce.iss.net/xforce/xfdb/29042.
Line 768: Line 768:
    Unspecified. (2006). "gzip LZH array code execution". ISS. http://xforce.iss.net/xforce/xfdb/29040.      Unspecified. (2006). "gzip LZH array code execution". ISS. http://xforce.iss.net/xforce/xfdb/29040.
Line 770: Line 770:
    Unspecified. (2006). "gzip LZH array code execution". ISS. http://xforce.iss.net/xforce/xfdb/29040.      Unspecified. (2006). "gzip LZH array code execution". ISS. http://xforce.iss.net/xforce/xfdb/29040.
Line 772: Line 772:
    Unspecified. (2006). "PowerZip filename buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/28534.      Unspecified. (2006). "PowerZip filename buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/28534.
Line 774: Line 774:
    Unspecified. (2006). "Dr. Web LHA archive buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/29069.      Unspecified. (2006). "Dr. Web LHA archive buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/29069.
Line 776: Line 776:
    Unspecified. (2006). "Compression Plus ZOO buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/28693.      Unspecified. (2006). "Compression Plus ZOO buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/28693.
Line 778: Line 778:
    Unspecified. (2006). "avast! LHA archive buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/28824.      Unspecified. (2006). "avast! LHA archive buffer overflow". ISS. http://xforce.iss.net/xforce/xfdb/28824.

PROTOS Genome Test Suite c10-archive

Abstract

Archive formats are used to serialise a set of files and directories into a single byte stream, usually applying a form of compression in the process. The archive files can then be stored or transmitted on various media conveniently and economically, and later extracted. The use of archiving formats is ubiquitous in transmitting files over email and in distribution of software, among other areas.

The present set of archive formats were chosen as the subject protocols for vulnerability assessment through structure inference directed fuzzing and test suite creation.

A list of frequently observed archiving formats was drawn up. Test material was prepared and tests were carried out against a sample set of existing anti-virus programs. Results were gathered and reported.

Most of the implementations available for evaluation failed to perform in a robust manner under test. Some failures had information security implications, and should be considered as vulnerabilities.

In order to achieve a robustness baseline for archival products, this test material should be adopted for their evaluation and development. Anti-virus and other security products employing archive formats should be considered the most important subjects in this respect.

Introduction

This test suite is a byproduct of the [Genome] project, hereby referred as GENOME. The test suite contains a set of fuzzed archive files in different formats, some of which may cause and some are known to cause problems for example in common decompression and anti-virus tools.

This test suite covers a limited set of information security and robustness related implementation errors for subsets of the chosen protocols. The subject protocols, along with their scrutinised subsets, are illustrated in the Analysis section below.

Analysis

The purpose of this test suite is to evaluate implementation level security and robustness of programs handling archive files of different formats. Archive formats were considered a viable topic for a test suite due to the following factors:

  • The complexity involved in parsing different file formats has historically been found to beget vulnerability. Archive formats were thought to be similar in this respect.
  • The use of archive formats encompasses computing. In other words - there are various different implementations and a myriad of installations. As a result, the impact of an archive vulnerability can be significant.
  • The methods developed in the GENOME project facilitate test suite creation so that multiple formats can be covered with relative ease. Thus the scope of the test suite can be extensive.
  • Many archive formats have a long history, which has given their implementations plenty of time to mature and harden with respect to implementation level errors. Evaluating such mature products should provide us useful feedback on the current state of implementation level robustness in general.
  • Processing archive formats may have a long family tree where versions of archiving code have been forked or copied into different projects, which might not have incorporated the fixes for bugs to shared code found in other branches of the family tree.

The field of archive formats was analysed with the methods of OUSPG's MATINE project. The focus of this analysis was on the different formats and their specifications, their different technical and organisational uses and prior security issues affecting them. The analysis methods lay weight on issues regarding the history of code and specifications (inheritance, re-use), historical data on the usage and prevalence of different implementations and expert opinion.

The analysis highlighted anti-virus software as representative, or topical, subject for this test suite. Motivation for producing test material targeted at ensuring robustness of anti-virus tools include:

  • Anti-virus tools by definition process input from potentially malicious sources.
  • Anti-virus tools parse a wide variety of different data formats. Due to their nature, they have to process each file in a system, including archived content.
  • Anti-virus tools run at high privileges, increasing the impact of potential compromise.
  • Anti-virus tools are commonly installed organisation-wide on all able computers, including (or especially) on computers in critical and high-profile roles.
  • Usage of Anti-virus tools is commonly mandated by organisational policy, contract and other administrative and/or legal requirements. US HIPAA legislation [1] is commonly interpreted to mandate use of anti-virus software.

It was noted that anti-virus tools parse many different kinds of data, and this test material, being limited to archive formats only, can only serve as a decent first aid for related vulnerability assessment. A proper security evaluation of anti-virus software would involve scrutinising a much greater set of file formats.

In this test-suite, the focus was set on the certain archive formats, namely ACE, ARJ, BZ2, CAB, GZ, LHA, RAR, TAR, ZIP and ZOO. This set encompasses the most commonly used archive formats.

The specifications for the archive file formats are in some cases available. However, since there are many versions and variants of many of the formats, and there are in many cases no formal easily processable specifications of the contents, basing testing on this knowledge would require too much human time. On the other hand, purely random changes can be applied to sample files, or purely random data can be used, to blindly test the behaviour of programs. This approach generally requires too much computer time. The GENOME approach does not require manual modeling of the tested protocol/file format, unlike the PROTOS Classic[2] approach of test suite development.

Most of the files in the test suite have been built using an intelligently automated combination of the approaches stated above. A set of valid files is first collected. A program is then used to analyse the structure of these files, yielding a rough model of the underlying file format. This model is then used to generate similar files, which often have modifications that would be extremely unlikely to appear, were one to use purely random methods. Because most of the testing and processing involved in building a test set is automatic, we were able to test a fairly large set of file formats.

The test suite can be used as robustness testing material for programs that process corresponding file formats. Usually programs should simply report that the files are invalid and resume operation in a controlled manner. For example program termination, altered behaviour and infinite loops indicate unintentional and in many cases exploitable errors.

Surveys

Subject Survey

Freely available and evaluation versions of some common UNIX-based anti-virus products were selected as test subjects, and the common archive formats processed by the tools were selected for testing.

No sample list of implementations is presented herein. A large number of vendors include anti-virus or archive products in their product portfolios. A list of vendors with anti-virus products or archive products may include at least Alwil, Apple Computer, Avira, Cisco Systems, Comodo, Computer Associates, F-Secure, FRISK Software, Grisoft, Hewlett-Packard, IBM, ?McAfee, ?MicroWorld, Microsoft, Norman, Norton, Novatix, Panda Software, Pkware, Proland Software, RARLAB, Red Hat, Softwin, Sophos, Sun Microsoystems, Symantec, Trend Micro, Winzip, and many others.

The following image gives a faint approximation on the extent to which different archive formats can be used in computer systems. It represents a scenario in which two network peers, commonly a client and a server, communicate over a communication network. Potential archive format implementations involved are highlighted. Illustration on the scope of archive implementations.

Legend:

  1. Network payload compression, implemented in hardware or software. Although compression per se was not targeted in this test suite, some compression might have been encapsulated in archive formats in this context. Note that software payload compression includes the compression used in many cryptographic message formats and the gzip content encoding in the prevalent MIME protocol.
  2. Network content filtering (spam, phishing and other undesired content) and virus scanning may need to handle archived content.
  3. Network caches, proxies and load balancing devices may parse archived payloads.
  4. Network firewalls (especially stateful/application level firewalls), intrusion detection/prevention systems may need to handle archived content.
  5. Client-side (or personal) firewalls, intrusion detection/prevention systems, content filtering, anti-virus, anti-malware, anti-spyware and anti-rootkit software may need to handle archived content.
  6. Different kind of client and server software handles archived content for various purposes. This includes the handling of archived configuration or customisation files (e.g. skins) and media files as some formats include data compression. Note that many programs include add-on plugins or modules that also may employ archive formats.
  7. APIs of operating systems and various libraries enable or involve the handling of archived content. Many environments also include indexing services that study filesystem content at regular intervals, and GUI functions designed for the handling of archives. Many programming languages handle archives containing library files and software packages. Many software packet installation management systems handle archived content.
  8. Connected embedded devices, most notably backup drives, may involve hardware or software archival functions.
  9. Connected palmtop and mobile appliances, which are often embedded devices, may require archival for communications or other functions. Note that the client and server systems depicted in this image may also be such devices.

Prior public vulnerabilities related to archive formats have been evident in most of the implementation categories listed above.

Injection and instrumentation methods

The injection vector survey, or delivery vector survey, analyses the different methods of delivering the test-cases to the implementations under test (IUT). Often, there are several methods of injection and one test-suite cannot cover them all, or might miss some vectors not available in all implementations.

Most anti-virus software focus on inspecting files that reside in a file system. As this test suite is focused on testing anti-virus software, it uses file system as the method of injection. Because all of the tested anti-virus tools and decompression tools could be run from command line, the injection could be handled by simple shell scripts. These scripts fed the test cases to the test subject one by one while monitoring their execution. The used injection scripts are not bundled with the test suite as they are very case-specific and easily reproducible for most subjects.

With instrumentation on the target platform we are able to monitor for undesired behaviour of the subject implementation. Typically this manifests as exceptions or signals such as 'access violation' or 'segmentation fault'. For most of the testing we used isolated Linux installations of the x86/IA32 architecture. In addition, sporadic testing was carried out with Mac OS X and Windows operating systems.

Strace and a kernel patch to report all fatal signals were used to monitor the operation of programs when the fuzzed files were processed. The value of eip register at the time of the fatal signal was used to rule some terminations as probably manifestations of the same error. The used instrumentation is not bundled with the test material as it is freely available via other sources for various platforms.

Production of Test Material

Computer programs usually process input. Often some of the input comes from a file. By using specially crafted files, it is often possible to expose un-handled and potentially exploitable errors in programs.

The test suite consists of modified archive files of corresponding file formats. Some of the files were generated using fairly simple content fuzzing techniques, and some were generated using a model-assisted approach. In both cases the files were generated using a set of sample files.

For each file format, set of valid files were first collected. The contents of the files are for the most part text documents and files of other common document formats. Freely available archival tools with different parameters were then used to create them. The collected files were processed with structure inference tools developed in GENOME to yield simple models of the content. The models were then used to generate similar data.

Fuzzed testing material was generated by applying probabilistic changes to the generated data. The fuzzing thus mostly involved selecting a good set of initial training material, and then finding reasonable parameters to produce suitably fuzzed data. The generated files are usually tested with a program as they are generated, and files causing interesting errors are collected.

This test suite contains both files that are known to cause problems in at least one program, and files that may or may not cause problems in some programs. In many cases files in this test suite expose severe un-handled errors, many of which have direct security implications and should be considered as vulnerabilities.

The structure inference and fuzzer tools used in the production of the test suite were provided by the GENOME project. The described automatic model assisted approach is new to our knowledge, and it has been very effective in producing various test input.

Test Suite Package

The tests are divided into separate test-material packages for each file formats. Each test-material package consists of a certain amount of test-cases, as specified in the table below. Number of test cases by archive format Archive format # cases

ace     91518
arj     255343
bz2     321818
cab     130823
gz      227311
lha     176631
rar     198865
tar     40549
zip     189833
zoo     163595
total   1632691

Package Information

The package is distributed as a cd-rom image containing:

  • the GPL licence
  • very brief usage instructions
  • 10 pieces <format>.tar.bz2 packages

The license allows free use and redistribution of the test material package. If you modify the material, please consider renaming the package.

In most Linux systems the iso image file can be used directly without burning it to a cd-rom, by issuing the following command:

$ mount -o loop testsuites.iso /cdrom

The cd-rom contains the test suites bundled by file format in tar.bz2 archives.

The archives can be decompressed with any decompression software supporting BZIP2 archives and having no limit for the number of files in one archive. In UNIX systems this can be done by issuing the following commands:

$ bunzip2 < suite.tar.bz2 | tar -xvf -

One suitable tool for Windows environment is ICEOWS, available at no cost. Note that each x.tar.bz2 package is first decompressed to a x.tar file, which is then similarly decompressed into a directory x containing the files. Note that OUSPG neither endorses any decompressor in particular, nor guarantee that they will not have issues with the test suite.

The decompression will take anything from a few minutes to several hours, depending on the computer. After decompression, the complete test suite contains 5.22GB of data, which on a typical Windows system occupies a bit over 10GB of physical space. Note that when using Windows, the test suite directories can be removed faster from the command line.

Testing with the test suite is carried out by feeding the files in the test suite to the desired subjects. Often this process can be automated to some degree, for example by scripts or batch processing. While testing, the test subject should be monitored for any unorderly behaviour, such as crashes, hangs or the overt consumption of system resources. This document does not cover the details of instrumentation, and we leave it up to users of the test material to come up with techniques to monitor whether test subjects handle the test cases in a satisfactory manner.

We recommend some additional guidelines for testing, although these are not imposed by the test material licence. These guidelines can be found from the Test suite releases in Theory and Practice document.

Download

Use of latest release (highest number) is recommended. Older releases are provided for completeness and reproduction.

Release 1

Results from the Test Runs

Test-runs were conducted against the chosen set of sample implementations. The test material consisted of the fit test cases selected during the production of the test suite.

Test Result Definitions

failed

In this test suite, the failed status is granted if any of the following criteria are met and a single test case can be identified to be responsible of it: a process or a child process crashes with fatal signal.

inconclusive

If no single test case can be identified but similar effects are observed, the status is inconclusive.

passed

Otherwise, the status is passed.

Each failed test case represents at minimum a denial of service type chance of exploiting the found vulnerability. In most cases, they represent memory corruption, stack corruption or other fatal error conditions. Some of these may lead to exposure to typical exploits, allowing running of arbitrary code or modification of the target system (eg. buffer overflows).

Test Results by Archive Format

A limited subset of the test material was used in test runs against some anti-virus products. Tables below represent the observations from feeding the test-material against the chosen subject software. Product names of the actual subjects are omitted to protect the innocent.

These tables illustrate how different archive formats were handled in the test runs. A test group is marked failed if any single case or combination of cases cause the subject to fail. The results therefore represent a lower bound on implementation problems uncovered in tested software using the test material.

Result summary by archive format

Subject ace arj bz2 cab gz lha rar tar zip zoo
1 x x x x - x - - x x
2 - x n/a x - x x - - n/a
3 - x x x - x x - - -
4 - x - - - x x - x -
5 n/a n/a n/a - - n/a n/a - - n/a

Legend:

  • x: Verdict is failed
  • -: Verdict is passed
  • ?: Verdict is inconclusive
  • n/a: Software doesn't support the format

Following table shows total number of failing cases found per format.

Subject ace arj bz2 cab gz lha rar tar zip zoo
1 283 8 7 2 - 44 - - 94 31
2 - 11 - 3552 - 10406 39 - - -
3 - 40 8 1 - 5 38 - - -
4 - 11 - - - 6 1603 - 2 -
5 - - - - - - - - - -

Following table shows number of unique bugs found per format. Value of EIP at the moment of crash was used to determine whether bug is unique or not. Unique bugs by archive format Subject

Subject ace arj bz2 cab gz lha rar tar zip zoo
1 3 2 1 1 - 3 - - 3 1
2 - 5 - 12 - 2 1 - - -
3 - 5 2 1 - 3 2 - - -
4 - 1 - - - 1 1 - 1 -
5 - - - - - - - - - -

Conclusions

Parser implementations are intricate pieces of code that are prone to implementation level faults, and archive file format parsers are no exception in this manner. Almost all of the tested tools seemed to be easy to crash using our relatively simple automated techniques. Some of the observed failures had information security implications, and should be considered as vulnerabilities. This is alarming considering the tested products were advertised as security products.

Acknowledgments

We are grateful to NISCC and CERT-FI for their help and advice during the vulnerability process.

Prior Public Vulnerabilities

At the outset of of this test suite, past implementation security issues regarding archive formats were investigated. This work included tracking archive format implementations, products, vulnerabilities, among other data. This data was gathered with the methods developed in project MATINE and visualised with Graphingwiki [3]. An example graph of CVE entries related to the RAR archive format is included below.

Graph of RAR-related CVE entries rar.png

Note that the above graph is in no way related to vulnerabilities possibly uncovered using this test material, it's just an automatically generated graph from CVE data.

Prior vulnerabilities, as reported in the CVE database, regarding the archive formats in this test suite, include but are not limited to the following:

  • "Buffer overflow in Norton Antivirus for Exchange" [4]
  • "DoS in MAILsweeper for SMTP" [5]
  • "BSCW groupware system read or modify arbitrary files" [6]
  • "GNU Tar Hostile Destination Path Vulnerability" [7]
  • "Multiple vendor file archivers file extraction directory traversal" [8]
  • "Multiple vendor file archivers file extraction directory traversal" [9]
  • "Multiple vendor file archivers file extraction directory traversal" [10]
  • "zlib "double free" memory corruption" [11]
  • "Windows zipped file decompression buffer overflow" [12]
  • "Multiple vendor file archivers file extraction directory traversal" [13]
  • "AMaViS securetar TAR file denial of service" [14]
  • "Microsoft Windows Incorrect Target Path for Zipped File Decompression." [15]
  • "Internet Explorer Malformed PNG Image File Failure" [16]
  • "Multiple vendor file archivers file extraction directory traversal" [17]
  • "zlib gzprintf buffer overflow" [18]
  • "?RealPlayer PNG improper decompression buffer overflow" [19]

  • "?GameSpy Arcade GSAPAK.EXE file upload" [20]

  • "Clearswift MAILsweeper RAR policy bypass" [21]
  • "Clearswift MAILsweeper ZIP policy bypass" [22]
  • "MAILsweeper for SMTP zip archive could allow an attacker to bypass virus protection" [23]
  • "LHA multiple buffer overflows" [24]
  • "Multiple directory traversal vulnerabilities in LHA" [25]
  • "Integer overflow in DUNZIP32.DLL for Microsoft Windows" [26]
  • "gzip gzexe script creates insecure temporary files" [27]
  • "LHA metacharacter command execution" [28]
  • "LHA extract_one buffer overflows" [29]
  • "DGen ROM decompression symlink attack" [30]
  • "LHA long pathname buffer overflow" [31]
  • "zlib inflate and inflateback denial of service" [32]
  • "Multiple vendor antivirus .zip bypass protection" [33]
  • "unarj file name buffer overflow" [34]
  • "Info-ZIP zip archive with long names buffer overflow" [35]
  • "unarj file extraction directory traversal" [36]
  • "?RealPlayer zipped RJS file buffer overflow" [37]

  • "Multiple vendor antivirus .zip bypass protection" [38]
  • "WinRAR zip file buffer overflow" [39]
  • "Solaris gzip modify privileges of hard linked files" [40]
  • "WinRAR Repair Archive unknown vulnerability" [41]
  • "Clam ?AntiVirus RAR archive denial of service" [42]

  • "F-Secure Anti-Virus password protected archive bypass antivirus protection" [43]
  • "eTrust Antivirus could allow attacker to bypass file scan" [44]
  • "MAILsweeper for SMTP RAR denial of service" [45]
  • "?AntiGen for Domino zip file can cause denial of service" [46]

  • "F-Secure Anti-Virus LHA archive buffer overflow" [47]
  • "F-Secure Anti-Virus ZIP archive bypass scanning" [48]
  • "cabarc "dot dot" directory traversal" [49]
  • "Clam ?AntiVirus ZIP file denial of service" [50]

  • "?UnAce 'Ready for next volume' messages buffer overflow" [51]

  • "?UnAce "dot dot" directory traversal" [52]

  • "WinHKI ZIP directory traversal" [53]
  • "DivX Player directory traversal" [54]
  • "?ZipGenius path disclosure" [55]

  • "Winrar dot dot dot directory traversal" [56]
  • "Antivirus ARJ archive buffer overflow" [57]
  • "Antivirus ARJ archive buffer overflow" [58]
  • "?McAfee ?AntiVirus Library stack buffer overflow" [59]

  • "?McAfee ?AntiVirus Library stack buffer overflow" [60]

  • "HTTP Anti Virus Proxy cab and zip files bypass filtering" [61]
  • "?FileZilla Server zlib compression denial of service" [62]

  • "RHSA-2005:357 updates for gzip not installed" [63]
  • "gzip -N command directory traversal" [64]
  • "Multiple Symantec ?AntiVirus products RAR file detection bypass" [65]

  • "Sophos Anti-Virus BZIP2 denial of service" [66]
  • "?MailScanner .zip security bypass" [67]

  • "zlib DoS (inftrees.h)" [68]
  • "Multiple vendor file archivers file extraction directory traversal" [69]
  • "Clam ?AntiVirus ENSURE_BITS function denial of service" [70]

  • "zlib code table denial of service" [71]
  • "?BlackBerry Enterprise Server Attachment Service PNG buffer overflow" [72]

  • "?UnAce "dot dot" directory traversal" [73]

  • "avast! Antivirus ACE archives buffer overflow" [74]
  • "Linux Kernel huft_build zlib denial of service" [75]
  • "Linux Kernel huft_build zlib denial of service" [76]
  • "Tar setuid restores owner file permissions" [77]
  • "IBM Lotus Notes htmsr.dll HTML speed reader URL link buffer overflow" [78]
  • "IBM Lotus Notes kvarcve.dll compressed file preview directory traversal" [79]
  • "?RealPlayer zipped RJS file buffer overflow" [80]

  • "HAURI compressed archives directory traversal" [81]
  • "HAURI compressed archives directory traversal" [82]
  • "HAURI vrAZace.dll library buffer overflow" [83]
  • "ZipTV ARJ header buffer overflow" [84]
  • "NOD32 ARJ archive buffer overflow" [85]
  • "Avira Desktop for Windows ACE filename buffer overflow" [86]
  • "?AhnLab V3 Antivirus v3flt2k.sys scan driver allows attacker elevated privileges" [87]

  • "7-Zip ARJ file buffer overflow" [88]
  • "?PowerArchiver ACE/ARJ filename buffer overflow" [89]

  • "Kaspersky Antivirus cab heap overflow" [90]
  • "ALZip filename buffer overflow" [91]
  • "Virus detection bypass in Kaspersky Antivirus" [92]
  • "Virus detection bypass in ?BitDefender Antivirus" [93]

  • "Virus detection bypass in F-Prot Antivirus" [94]
  • "Virus detection bypass in Avast Antivirus" [95]
  • "Virus detection bypass in ?McAfee Antivirus" [96]

  • "Virus detection bypass in Sophos Antivirus" [97]
  • "Virus detection bypass in Symantec Antivirus" [98]
  • "Virus detection bypass in Dr.Web Antivirus" [99]
  • "Virus detection bypass in Avira Antivirus" [100]
  • "Virus detection bypass in Norman Virus Control Antivirus" [101]
  • "Virus detection bypass in Fortinet Antivirus" [102]
  • "Virus detection bypass in VBA32 Antivirus" [103]
  • "Virus detection bypass in Rising Antivirus" [104]
  • "Virus detection bypass in ?AntiVir Antivirus" [105]

  • "Virus detection bypass in (1) eTrust-Iris and (2) eTrust-Vet Antivirus" [106]
  • "Virus detection bypass in ?ArcaVir Antivirus" [107]

  • "Virus detection bypass in UNA Antivirus" [108]
  • "Virus detection bypass in Ikarus ?AntiVirus" [109]

  • "Virus detection bypass in ClamAV Antivirus" [110]
  • "Virus detection bypass in Panda Antivirus" [111]
  • "Virus detection bypass in CAT Quick Heal" [112]
  • "Virus detection bypass in ?TheHacker" [113]

  • "Virus detection bypass in Trustix Antivirus" [114]
  • "Virus detection bypass in Grisoft AVG Antivirus" [115]
  • "Virus detection bypass in Proland Protector Plus 2000 Antivirus" [116]
  • "WinRAR unacev2.dll ACE archive buffer overflow" [117]
  • "?ZipGenius filename buffer overflow" [118]

  • "F-Prot Antivirus ZIP files can bypass protection" [119]
  • "Clam Antivirus tnef_attachment function denial of service" [120]
  • "Clam Antivirus cabd_find function denial of service" [121]
  • "?SpeedProject multiple products lstrcat() ZIP file buffer overflow" [122]

  • "Panda Antivirus library ZOO file buffer overflow" [123]
  • "Symantec ?AntiVirus Library RAR parsing multiple buffer overflows" [124]

  • "TUGZip ARJ archive buffer overflow" [125]
  • "Sophos Anti-Virus ARJ file scanning detection bypass" [126]
  • "GNU Tar PAX extended headers buffer overflow" [127]
  • "F-Secure Anti-Virus ZIP file buffer overflow" [128]
  • "F-Secure Anti-Virus RAR and ZIP file scan detection bypass" [129]
  • "?WinAce ARJ header buffer overflow" [130]

  • "zoo misc.c fullpath() buffer overflow" [131]
  • "?SpeedProject .ZIP and .JAR archives directory traversal" [132]

  • "Stuffit and ?ZipMagic archive directory traversal" [133]

  • "PEAR::Archive_Zip dot dot directory traversal" [134]
  • "?WinAce .RAR and .TAR directory traversal" [135]

  • "Sophos Anti-Virus CAB file parsing buffer overflow" [136]
  • "zoo parse.c parse() buffer overflow" [137]
  • "WinHKI archive extraction directory traversal" [138]
  • "TUGZip archive directory traversal" [139]
  • "IZArc extract error directory traversal" [140]
  • "?SpeedProject multiple products ACE buffer overflow" [141]

  • "Abakt ZIP buffer overflow" [142]
  • "?VeriSign I-Nav VUpdater.Install ActiveX control code execution" [143]

  • "?ZipCentral ZIP archive filename buffer overflow" [144]

  • "ZipTV ARJ header buffer overflow" [145]
  • "?BitZipper extract directory traversal" [146]

  • "?PicoZip zipinfo.dll buffer overflow" [147]

  • "Filzip archive directory traversal" [148]
  • "?QuickZip extract directory traversal" [149]

  • "?AutoVue ?SolidModel Professional archive filename buffer overflow" [150]

  • "Apple Mac OS X BOMArchiveHelper BOMFileClose() .zip archive buffer overflow" [151]
  • "MIMEsweeper for Web RAR archive Web Policy Engine denial of service" [152]
  • "WinRAR LHA archive buffer overflow" [153]
  • "Microsoft Internet Explorer HTTP 1.1 compression long URL buffer overflow variant" [154]
  • "?MailGate Email Firewall LHA extended-header filename buffer overflow" [155]

  • "?PowerArchiver add buffer overflow" [156]

  • "Lhaplus LZH archive extended header buffer overflow" [157]
  • "Lhaz long LZH filename buffer overflow" [158]
  • "gzip huft_build() code execution" [159]
  • "gzip LZH array code execution" [160]
  • "gzip unpack.c buffer underflow" [161]
  • "gzip LZH array code execution" [162]
  • "gzip LZH array code execution" [163]
  • "?PowerZip filename buffer overflow" [164]

  • "Dr. Web LHA archive buffer overflow" [165]
  • "Compression Plus ZOO buffer overflow" [166]
  • "avast! LHA archive buffer overflow" [167]

The Vulnerability Process

During the prerelease phase all verified vulnerabilities were reported to the respective vendors through this test material. The vulnerability reports were tracked by CERT-FI and NISCC in the role of independent coordinators and advisors. An attempt was made to seek a channel to distribute the test material to vendors whose products we were not able to obtain for testing. Advisories and Vendor Statements

Vendor statements or security advisories issued in order to address the vulnerabilities uncovered by this test suite are collected. Advisories that we are aware of are listed here-in:

  • CERT-FI and CPNI Joint Vulnerability Advisory on Archive Formats

References

[1]

[2]

  • Kaksonen, Rauli. A Functional Method for Assessing Protocol Implementation Security. (2001). VTT Publication series. http://www.vtt.fi/inf/pdf/. ISBN: 951-38-5873-1. Licenciate thesis.

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

[16]

[17]

[18]

[19]

[20]

[21]

[22]

[23]

[24]

[25]

[26]

[27]

[28]

[29]

[30]

[31]

[32]

[33]

[34]

[35]

[36]

[37]

[38]

[39]

[40]

[41]

[42]

[43]

[44]

[45]

[46]

[47]

[48]

[49]

[50]

[51]

[52]

[53]

[54]

[55]

[56]

[57]

[58]

[59]

[60]

[61]

[62]

[63]

[64]

[65]

[66]

[67]

[68]

[69]

[70]

[71]

[72]

[73]

[74]

[75]

[76]

[77]

[78]

[79]

[80]

[81]

[82]

[83]

[84]

[85]

[86]

[87]

[88]

[89]

[90]

[91]

[92]

[93]

[94]

[95]

[96]

[97]

[98]

[99]

[100]

[101]

[102]

[103]

[104]

[105]

[106]

[107]

[108]

[109]

[110]

[111]

[112]

[113]

[114]

[115]

[116]

[117]

[118]

[119]

[120]

[121]

[122]

[123]

[124]

[125]

[126]

[127]

[128]

[129]

[130]

[131]

[132]

[133]

[134]

[135]

[136]

[137]

[138]

[139]

[140]

[141]

[142]

[143]

[144]

[145]

[146]

[147]

[148]

[149]

[150]

[151]

[152]

[153]

[154]

[155]

[156]

[157]

[158]

[159]

[160]

[161]

[162]

[163]

[164]

[165]

[166]

[167]

[http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/]