Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dangerous 7-Zip Vulnerabilities Flow To Top Security, Software Tools (theregister.co.uk)

Posted by BeauHD on from the access-rights dept.

mask.of.sanity quotes a report from The Register: Some of the world's biggest security and software vendors will be rushing to patch holes in implementations of the popular 7-Zip compression tool to stop attackers gaining full control of customer machines. Marcin Noga, Cisco security researcher, found and reported the holes to the platform, which could allow attackers to compromise updated machines, giving attackers the same access rights as logged-in users. FireEye and MalwareBytes are two of many products that use 7-Zip. "An out-of-bounds read vulnerability exists in the way 7-Zip handles Universal Disk Format files ... [which] can be triggered by any entry that contains a malformed Long Allocation Descriptor," Colleague of The Register Jaeson Schultz said. The flaws were fixed in 7-Zip 16.00, which was released Tuesday.

5 of 109 comments (clear)

  1. Re:Version 16? by Anonymous Coward · · Score: 4, Informative

    "7-Zip uses YEAR.REVISION scheme for version numbers."
    https://sourceforge.net/p/sevenzip/discussion/45797/thread/a8fd6078/#1a6c/4be3/04ce

  2. Re:So how do you open ZIP files these days? by Anonymous Coward · · Score: 2, Informative

    What sucks about 7zip?
    That's what I use exclusively.

  3. Re:Big pile of mess to clean up by TheRaven64 · · Score: 5, Informative

    The astonishing thing is that after 3 decades of stack-crashing causing more security bugs than any other type - there still isn't a native array/hash/list type added to C.

    There is, but the resulting language is called C++. The type system of C doesn't allow you to have container-of-X, where X is some other type, constructs without resorting to macros. A lot of systems (including Windows NT and Linux) use derivatives of the 4BSD headers for this, but they use a container-of pattern that involves casting from a pointer to member to a pointer to the outer structure in a way that depends on explicit casts and makes it easy to accidentally violate type safety.

    --
    I am TheRaven on Soylent News
  4. Re:So, ... was this a responsible disclosure by Mister+Transistor · · Score: 4, Informative

    Um, last line (it's hard to concentrate that long, I know...) of TFA:

    "The flaws were fixed in 7-Zip 16.00, which was released Tuesday."

    --
    -- You are in a maze of little, twisty passages, all different... --
  5. Badly worded by DrYak · · Score: 4, Informative

    7z is a software used to manipulate archives in numerous format (including a few obscure format - one of the most compatible on the market).

    Lots of security software like antivirus need to be able to process archives (e.g.: an antivirus needs to scan all the files packaged into a ZIP archive).
    Some of these security software use 7z as an archive engine.

    7z has a vulnerability when unpacking a specially crafted archive.
    This flaw will extend to security sofware that rely on 7z as a component to help them handle archives.

    Hence "Dangerous 7-Zip Vulnerabilities Flow To Top Security, Software Tools"

    By sending an e-mail with a specially crafted ZIP file attachment, you can b0rk the mail server using an exploit that affects the antivirus in charge of scanning incomming attachments, because that antivirus relied on 7z.

    That means

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]