SCF Portal Stats

Members
  • Total Members: 14176
  • Latest: toxxxa
Stats
  • Total Posts: 42951
  • Total Topics: 16150
  • Online Today: 4549
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)

« previous next »
Pages: [1]

Author Topic: 7-Zip under attack !!!  (Read 2626 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7528
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
7-Zip under attack !!!
« on: 14. May 2016., 20:07:12 »


Two vulnerabilities recently patched in 7-Zip could put at risk of compromise many software products and devices that bundle the open-source file archiving library.

The flaws, an out-of-bounds read vulnerability and a heap overflow, were discovered by researchers from Cisco's Talos security team. They were fixed in 7-Zip 16.00, released Tuesday.

The 7-Zip software can pack and unpack files using a large number of archive formats, including its own 7z format, which is more efficient than ZIP. Its versatility and open-source nature make it an attractive library to include in other software projects that need to process and deal with archived files.

Previous research has shown that most developers do a poor job of keeping track of vulnerabilities in the third-party code they use and that they rarely update the libraries included in their projects.

"7-Zip is supported on all major platforms, and is one of the most popular archive utilities in-use today," the Cisco Talos researchers said in a blog post. "Users may be surprised to discover just how many products and appliances are affected": http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html

A search on Google reveals that 7-Zip is used in many software projects, including in security devices and antivirus products. Many custom enterprise applications also likely use it: https://www.google.com/search?q=%227-Zip+Copyright%22&sourceid=ie7&rls=com.microsoft:en-US:%7Breferrer:source%7D&ie=UTF-8&oe=&gws_rd=cr&ei=-Is0V87AIYisswGb8qBA#safe=off&q=%227-Zip+Copyright%22

The out-of-bounds read vulnerability, tracked as CVE-2016-2335, stems from 7-Zip's handling of Universal Disk Format (UDF) files, while the heap overflow condition, CVE-2016-2334, can occur when handling zlib compressed files.

To exploit the flaws, attackers can craft specially crafted files in those formats and deliver them in a way that would cause the vulnerable 7-Zip code to process them.

(PCW)
Logged

Samker's Computer Forum - SCforum.info

7-Zip under attack !!!
« on: 14. May 2016., 20:07:12 »

Fintech

  • SCF VIP Member
  • *****
  • Posts: 367
  • KARMA: 49
  • Gender: Male
Re: 7-Zip under attack !!!
« Reply #1 on: 16. May 2016., 13:50:47 »
Where this world is going. Anywhere no longer can trusts!  :-\
So sad but still true.
Logged

Samker's Computer Forum - SCforum.info

Re: 7-Zip under attack !!!
« Reply #1 on: 16. May 2016., 13:50:47 »
Pages: [1]
« previous next »
 

+ Quick Reply

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:
Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising