Bug 438146 (CVE-2008-0992)

Summary: CVE-2008-0992 pax: code execution via malicous archive
Product: [Other] Security Response Reporter: Tomas Hoger <thoger>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: rbrich
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0992
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-03-20 10:00:18 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Tomas Hoger 2008-03-19 12:50:35 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-0992 to the following vulnerability:

Array index error in pax in Apple Mac OS X 10.5.2 allows context-dependent attackers to execute arbitrary code via an archive with a crafted length value.


Comment 1 Tomas Hoger 2008-03-19 12:53:50 UTC
Relevant part of Apple security advisory:

pax archive utility
CVE-ID:  CVE-2008-0992
Available for:  Mac OS X v10.5.2, Mac OS X Server v10.5.2
Impact:  Running the pax command on a maliciously crafted archive may
lead to arbitrary code execution
Description:  The pax command line tool does not check a length in
its input before using it as an array index, which may lead to an
unexpected application termination or arbitrary code execution. This
update addresses the issue by checking the index. This issue does not
affect systems prior to Mac OS X v10.5.

No further details available.

Comment 2 Tomas Hoger 2008-03-20 10:00:18 UTC
Apple clarified that this issue is specific to their version of pax as used in
Mac OS X Leopard and does not affect BSD pax version we ship.