NSFOCUS绿盟科技

安全研究

安全漏洞

bzip2 BZ2_decompress函数整数溢出漏洞

发布日期：2010-09-20
更新日期：2010-09-21

受影响系统：

bzip2 bzip2 1.0.x

不受影响系统：

bzip2 bzip2 1.0.4-1+lenny1

描述：

BUGTRAQ  ID: 43331
CVE ID: CVE-2010-0405

bzip2是一款文件压缩工具，支持unix和Windows平台。

在解压数据时，bzip2的BZ2_decompress函数没有对RLE编码值执行过滤检查，导致整数溢出。能够诱骗解压恶意输入的攻击者可以导致解压程序崩溃。攻击者也可能执行任意代码，但尚未确认。

<*来源：Mikolaj Izdebski

  链接：http://secunia.com/advisories/41452/
        ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-10:08.bzip2.asc
        http://www.debian.org/security/2010/dsa-2112
*>

建议：

厂商补丁：

Debian
------
Debian已经为此发布了一个安全公告（DSA-2112-1）以及相应补丁:
DSA-2112-1：New bzip2 packages fix integer overflow
链接：http://www.debian.org/security/2010/dsa-2112

补丁下载：

Source archives:

http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.5-1+lenny1.diff.gz
Size/MD5 checksum:    74478 9ec5bb67e5f6c99b5b6f352912b3e579
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.5-1+lenny1.dsc
Size/MD5 checksum:     1268 49148e873a1a034bcf7b3f1ab0270d3c
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.5.orig.tar.gz
Size/MD5 checksum:   841402 3c15a0c8d1d3ee1c46a1634d00617b1a

Architecture independent packages:

http://security.debian.org/pool/updates/main/b/bzip2/bzip2-doc_1.0.5-1+lenny1_all.deb
Size/MD5 checksum:   328678 2eb7e29774ee00081f4d7610a8304484

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.5-1+lenny1_alpha.deb
Size/MD5 checksum:    49094 e9ae3d734f06e81953515f60fba0ce8a
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.5-1+lenny1_alpha.deb
Size/MD5 checksum:    51538 deeb65ca6c5d16eae0f25057671a54dc
http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29+b1_alpha.deb
Size/MD5 checksum:   814294 9b64639e393ffde20280d6a48c7dba08
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.5-1+lenny1_alpha.deb
Size/MD5 checksum:    41098 3913d07da04ab37e6561f5746024348e
http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29+b1_alpha.deb
Size/MD5 checksum:  2446208 d1cab263f3346ff47604c4aac1f5d59c

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.5-1+lenny1_amd64.deb
Size/MD5 checksum:    32890 d2c70ba262935a61a4c5951fd40a3c15
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.5-1+lenny1_amd64.deb
Size/MD5 checksum:    47224 66fd25864d902b9d6bb8af141b19548d
http://security.debian.org/pool/updates/main/b/bzip2/lib32bz2-dev_1.0.5-1+lenny1_amd64.deb
Size/MD5 checksum:    29840 0c520207f7e657b6574cf4309f804863
http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29+b1_amd64.deb
Size/MD5 checksum:  2400424 210a4a2ca529b99ab5e131158c402120
http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29+b1_amd64.deb
Size/MD5 checksum:   800290 9c350b1aa1bcafd18ad649b30ef8104f
http://security.debian.org/pool/updates/main/b/bzip2/lib32bz2-1.0_1.0.5-1+lenny1_amd64.deb
Size/MD5 checksum:    39346 0439e6a1dd28630012e5591d52ab4e1c
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.5-1+lenny1_amd64.deb
Size/MD5 checksum:    44760 7eea90824b2614bb7764e416bbc3d1d4

arm architecture (ARM)

http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29+b1_arm.deb
Size/MD5 checksum:   798732 7309855fb75617b3130053b3273a1f8d
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.5-1+lenny1_arm.deb
Size/MD5 checksum:    47126 7b0a40f9e501ee56b456f55834ae9f97
http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29+b1_arm.deb
Size/MD5 checksum:  2364968 4178b286863ce2fdc493a6a08f38ed0a
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.5-1+lenny1_arm.deb
Size/MD5 checksum:    37210 5d5cce29422604e1545810736f44a813
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.5-1+lenny1_arm.deb
Size/MD5 checksum:    49306 5f857695483d509b4cd6c4fe0fdc14c9

armel architecture (ARM EABI)

http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.5-1+lenny1_armel.deb
Size/MD5 checksum:    35564 151e6c92ab7ad53b1aef2fc4a9245bf9
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.5-1+lenny1_armel.deb
Size/MD5 checksum:    49468 37b66c58308384f26b1cf87e2e2606fa
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.5-1+lenny1_armel.deb
Size/MD5 checksum:    47950 2f74c036772104f65c0e797ed8172a97
http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29+b1_armel.deb
Size/MD5 checksum:  2360910 5dbe217dc3632301839cc8be5bed3c2f
http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29+b1_armel.deb
Size/MD5 checksum:   796054 cc19f0a01b88de281a9ca5454d4a754b

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.5-1+lenny1_hppa.deb
Size/MD5 checksum:    48862 99d2593276f9eb01a88598896e839f2e
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.5-1+lenny1_hppa.deb
Size/MD5 checksum:    46204 195d02c8e354cf9bee097d067f46a4d9
http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29+b1_hppa.deb
Size/MD5 checksum:  2413382 9e8ea016eee008676a4cf53097fac370
http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29+b1_hppa.deb
Size/MD5 checksum:   811616 c5e9d3f53ccaaea8bc3efa18ae99ff96
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.5-1+lenny1_hppa.deb
Size/MD5 checksum:    34344 43f1ae1876c155b2a41fc70e6eb7641d

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/b/bzip2/lib64bz2-dev_1.0.5-1+lenny1_i386.deb
Size/MD5 checksum:    30602 a2040e027027c149969c2ab768f6f876
http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29+b1_i386.deb
Size/MD5 checksum:  2354846 b7499108e6cf6d2a22397751a6dc755c
http://security.debian.org/pool/updates/main/b/bzip2/lib64bz2-1.0_1.0.5-1+lenny1_i386.deb
Size/MD5 checksum:    39186 f41c42d825b96635b13821486ea3b102
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.5-1+lenny1_i386.deb
Size/MD5 checksum:    31864 cbdbbdc542154f8e1409d3be3709fef1
http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29+b1_i386.deb
Size/MD5 checksum:   798254 fb4ad78b55a6b49b96ea1d11379d478c
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.5-1+lenny1_i386.deb
Size/MD5 checksum:    46028 d0447893fc59117c5d9890dcabaa1af8
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.5-1+lenny1_i386.deb
Size/MD5 checksum:    45002 4868e2b861a3892cb643304da3190973

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.5-1+lenny1_ia64.deb
Size/MD5 checksum:    55428 865a5ae63899961560e57641c7ae02bc
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.5-1+lenny1_ia64.deb
Size/MD5 checksum:    60992 6323ccf3e62a27c73df4b95661829e76
http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29+b1_ia64.deb
Size/MD5 checksum:  2606750 4e2900ae1c5eb95173d30a3d9ae42c7d
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.5-1+lenny1_ia64.deb
Size/MD5 checksum:    50216 cbb265211d45c68be3b641e5bce63af4
http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29+b1_ia64.deb
Size/MD5 checksum:   844082 483bfba5089a50f97e3f5e9321295340

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29+b1_mips.deb
Size/MD5 checksum:   810012 bb5316f1da4ef5f47415eefcc858f12f
http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29+b1_mips.deb
Size/MD5 checksum:  2407294 4077524c950efa25aa61c847ce143e31
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.5-1+lenny1_mips.deb
Size/MD5 checksum:    36248 838bd54d3f465563505424e90bfea7bf
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.5-1+lenny1_mips.deb
Size/MD5 checksum:    48258 f46895c762f7a93daa7b98099f5b4c30
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.5-1+lenny1_mips.deb
Size/MD5 checksum:    46698 c05038ff9d9769501036dd84b95522f3

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.5-1+lenny1_mipsel.deb
Size/MD5 checksum:    46852 f66389169e23ed4d0096a6e7e73c6ddf
http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29+b1_mipsel.deb
Size/MD5 checksum:  2404626 4783ca538db34a536ef1db2412b47a90
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.5-1+lenny1_mipsel.deb
Size/MD5 checksum:    47786 7410ad390d009220853ff00d64f0bc83
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.5-1+lenny1_mipsel.deb
Size/MD5 checksum:    36478 203963f8890c0234ee58b52c5af5d6e9
http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29+b1_mipsel.deb
Size/MD5 checksum:   809502 d73e1ba5574c7f8721e6bf294a119fb2

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/b/bzip2/lib64bz2-dev_1.0.5-1+lenny1_powerpc.deb
Size/MD5 checksum:    36046 574333f9a2931436c6874f0cb0190f8f
http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29+b1_powerpc.deb
Size/MD5 checksum:  2397630 3e8bea89624de04701532467455d641c
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.5-1+lenny1_powerpc.deb
Size/MD5 checksum:    51184 b0aa8b37297e06929b233d0c9ffca323
http://security.debian.org/pool/updates/main/b/bzip2/lib64bz2-1.0_1.0.5-1+lenny1_powerpc.deb
Size/MD5 checksum:    44684 3a61f2f1a62357631cf106e93ce3483c
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.5-1+lenny1_powerpc.deb
Size/MD5 checksum:    36188 46e81dff7739bf721a550d9133c2de39
http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29+b1_powerpc.deb
Size/MD5 checksum:   812382 62ae73c4487c8e0df9fd3068c7d80de3
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.5-1+lenny1_powerpc.deb
Size/MD5 checksum:    50172 b3d3ae2f05bdd93bf53e5b0850735489

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/b/bzip2/lib64bz2-dev_1.0.5-1+lenny1_s390.deb
Size/MD5 checksum:    35404 04fb2fe8b357930ab6cb38f51cabfd0f
http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29+b1_s390.deb
Size/MD5 checksum:  2409644 eba0c0416fe5ddda3e03cfe0c5c2d72b
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.5-1+lenny1_s390.deb
Size/MD5 checksum:    48172 08a50f7e58888d590e51fdf71e6c040c
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.5-1+lenny1_s390.deb
Size/MD5 checksum:    48648 03d396df1463edff019cf5c2bf7d4c2b
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.5-1+lenny1_s390.deb
Size/MD5 checksum:    35620 f72dd31f28792e390cfd1e82d8f7802c
http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29+b1_s390.deb
Size/MD5 checksum:   800532 bfe7c38d2a0b2e77d0c53d26d3057587
http://security.debian.org/pool/updates/main/b/bzip2/lib64bz2-1.0_1.0.5-1+lenny1_s390.deb
Size/MD5 checksum:    43594 f15ec4139196e3daf36a1df94beb6311

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.5-1+lenny1_sparc.deb
Size/MD5 checksum:    45034 f47d8f6e63e19e706b1983651764f7bf
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.5-1+lenny1_sparc.deb
Size/MD5 checksum:    47902 c5dc170438180221e2fd384f940332bb
http://security.debian.org/pool/updates/main/b/bzip2/lib64bz2-1.0_1.0.5-1+lenny1_sparc.deb
Size/MD5 checksum:    42218 3608ea1892886904ae349ad405ad41de
http://security.debian.org/pool/updates/main/b/bzip2/lib64bz2-dev_1.0.5-1+lenny1_sparc.deb
Size/MD5 checksum:    33776 8a426afb10a509a6b8990d02ae9e70c9
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.5-1+lenny1_sparc.deb
Size/MD5 checksum:    32878 ad44388e0626512710191b1c4b63a88b
http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29+b1_sparc.deb
Size/MD5 checksum:   797888 19c252a229cdb522235ee512d1a8efea
http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29+b1_sparc.deb
Size/MD5 checksum:  2358062 f802b16a2d0425c1fee4d1ff9b0bc013

补丁安装方法：

1. 手工安装补丁包：

  首先，使用下面的命令来下载补丁软件：
  # wget url  (url是补丁下载链接地址)

  然后，使用下面的命令来安装补丁：
  # dpkg -i file.deb (file是相应的补丁名)

2. 使用apt-get自动安装补丁包：

   首先，使用下面的命令更新内部数据库：
   # apt-get update

   然后，使用下面的命令安装更新软件包：
   # apt-get upgrade

FreeBSD
-------
FreeBSD已经为此发布了一个安全公告（FreeBSD-SA-10:08）以及相应补丁:
FreeBSD-SA-10:08：Integer overflow in bzip2 decompression
链接：ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-10:08.bzip2.asc

补丁下载：

执行以下步骤之一;

1) 将有漏洞的系统升级到6-STABLE、7-STABLE或8-STABLE，或修改日期之后的RELENG_8_1、RELENG_8_0、RELENG_7_3、RELENG_7_1或RELENG_6_4 安全版本。

2) 如果要通过源码路径升级有漏洞的系统：

以下补丁确认可应用于6.4、7.1、7.3、8.0和8.1系统。

a) 从以下位置下载相关补丁，并使用PGP工具验证附带的PGP签名。

# fetch http://security.FreeBSD.org/patches/SA-10:08/bzip2.patch
# fetch http://security.FreeBSD.org/patches/SA-10:08/bzip2.patch.asc

b) 以root执行以下命令：

# cd /usr/src
# patch < /path/to/patch
# cd /usr/src/lib/libopie
# make obj && make depend && make && make install

注释：在amd64平台上，上述步骤不会更新lib32（i386兼容）库。在使用了i386兼容库的amd64系统上，应如下重新编译操作系统：
<URL:http://www.FreeBSD.org/handbook/makeworld.html>

3) 如果要通过二进制补丁升级有漏洞的系统：

可通过freebsd-update(8)工具升级i386或amd64平台上运行6.4-RELEASE、7.1-RELEASE、7.3-RELEASE、8.0-RELEASE或8.1-RELEASE的系统：

# freebsd-update fetch
# freebsd-update install

浏览次数：4650
严重程度：0（网友投票）

本安全漏洞由绿盟科技翻译整理，版权所有，未经许可，不得转载
绿盟科技给您安全的保障

关于我们: 公司介绍; 公司荣誉; 公司新闻

联系我们: 公司总部; 分支机构; 海外机构

快速链接: 绿盟云; 绿盟威胁情报中心NTI; 技术博客