Bug 438146 - (CVE-2008-0992) CVE-2008-0992 pax: code execution via malicous archive
CVE-2008-0992 pax: code execution via malicous archive
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On:
  Show dependency treegraph
Reported: 2008-03-19 08:50 EDT by Tomas Hoger
Modified: 2012-05-19 23:09 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-03-20 06:00:18 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Tomas Hoger 2008-03-19 08:50:35 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-0992 to the following vulnerability:

Array index error in pax in Apple Mac OS X 10.5.2 allows context-dependent attackers to execute arbitrary code via an archive with a crafted length value.

Comment 1 Tomas Hoger 2008-03-19 08:53:50 EDT
Relevant part of Apple security advisory:

pax archive utility
CVE-ID:  CVE-2008-0992
Available for:  Mac OS X v10.5.2, Mac OS X Server v10.5.2
Impact:  Running the pax command on a maliciously crafted archive may
lead to arbitrary code execution
Description:  The pax command line tool does not check a length in
its input before using it as an array index, which may lead to an
unexpected application termination or arbitrary code execution. This
update addresses the issue by checking the index. This issue does not
affect systems prior to Mac OS X v10.5.

No further details available.
Comment 2 Tomas Hoger 2008-03-20 06:00:18 EDT
Apple clarified that this issue is specific to their version of pax as used in
Mac OS X Leopard and does not affect BSD pax version we ship.

Note You need to log in before you can comment on or make changes to this bug.