Bug 438146 (CVE-2008-0992) - CVE-2008-0992 pax: code execution via malicous archive
Summary: CVE-2008-0992 pax: code execution via malicous archive
Alias: CVE-2008-0992
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: http://nvd.nist.gov/nvd.cfm?cvename=C...
Depends On:
TreeView+ depends on / blocked
Reported: 2008-03-19 12:50 UTC by Tomas Hoger
Modified: 2019-09-29 12:24 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2008-03-20 10:00:18 UTC

Attachments (Terms of Use)

Description Tomas Hoger 2008-03-19 12:50:35 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-0992 to the following vulnerability:

Array index error in pax in Apple Mac OS X 10.5.2 allows context-dependent attackers to execute arbitrary code via an archive with a crafted length value.


Comment 1 Tomas Hoger 2008-03-19 12:53:50 UTC
Relevant part of Apple security advisory:

pax archive utility
CVE-ID:  CVE-2008-0992
Available for:  Mac OS X v10.5.2, Mac OS X Server v10.5.2
Impact:  Running the pax command on a maliciously crafted archive may
lead to arbitrary code execution
Description:  The pax command line tool does not check a length in
its input before using it as an array index, which may lead to an
unexpected application termination or arbitrary code execution. This
update addresses the issue by checking the index. This issue does not
affect systems prior to Mac OS X v10.5.

No further details available.

Comment 2 Tomas Hoger 2008-03-20 10:00:18 UTC
Apple clarified that this issue is specific to their version of pax as used in
Mac OS X Leopard and does not affect BSD pax version we ship.

Note You need to log in before you can comment on or make changes to this bug.