CVE-2010-0405

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.

References

http://blogs.sun.com/security/entry/cve_2010_0405_integer_overflow

http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.96.3

http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051278.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051366.html

http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html

http://marc.info/?l=oss-security&m=128506868510655&w=2

http://secunia.com/advisories/41452

http://secunia.com/advisories/41505

http://secunia.com/advisories/42350

http://secunia.com/advisories/42404

http://secunia.com/advisories/42405

http://secunia.com/advisories/42529

http://secunia.com/advisories/42530

http://secunia.com/advisories/48378

http://security.gentoo.org/glsa/glsa-201301-05.xml

http://support.apple.com/kb/HT4581

http://www.bzip.org/

http://www.redhat.com/support/errata/RHSA-2010-0703.html

http://www.redhat.com/support/errata/RHSA-2010-0858.html

http://www.securityfocus.com/archive/1/515055/100/0/threaded

http://www.ubuntu.com/usn/usn-986-1

http://www.ubuntu.com/usn/USN-986-2

http://www.ubuntu.com/usn/USN-986-3

http://www.vmware.com/security/advisories/VMSA-2010-0019.html

http://www.vupen.com/english/advisories/2010/2455

http://www.vupen.com/english/advisories/2010/3043

http://www.vupen.com/english/advisories/2010/3052

http://www.vupen.com/english/advisories/2010/3073

http://www.vupen.com/english/advisories/2010/3126

http://www.vupen.com/english/advisories/2010/3127

http://xorl.wordpress.com/2010/09/21/cve-2010-0405-bzip2-integer-overflow/

https://bugzilla.redhat.com/show_bug.cgi?id=627882

https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2230

https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2231

Details

Source: MITRE

Published: 2010-09-28

Updated: 2018-10-10

Type: CWE-189

Risk Information

CVSS v2

Base Score: 5.1

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 4.9

Severity: MEDIUM

Tenable Plugins

View all (41 total)

IDNameProductFamilySeverity
107958Solaris 10 (x86) : 126869-05NessusSolaris Local Security Checks
medium
107457Solaris 10 (sparc) : 126868-04NessusSolaris Local Security Checks
medium
89745VMware ESX Multiple Vulnerabilities (VMSA-2010-0019) (remote check)NessusVMware ESX Local Security Checks
high
89106VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2012-0005) (BEAST) (remote check)NessusMisc.
critical
79587F5 Networks BIG-IP : bzip2 vulnerability (SOL15878)NessusF5 Networks Local Security Checks
medium
75443openSUSE Security Update : bzip2 (openSUSE-SU-2010:0684-1)NessusSuSE Local Security Checks
medium
70881ESXi 5.0 < Build 608089 Multiple Vulnerabilities (remote check)NessusMisc.
high
68136Oracle Linux 6 : bzip2 (ELSA-2010-0858)NessusOracle Linux Local Security Checks
medium
68102Oracle Linux 3 / 4 / 5 : bzip2 (ELSA-2010-0703)NessusOracle Linux Local Security Checks
medium
63439GLSA-201301-05 : bzip2: User-assisted execution of arbitrary codeNessusGentoo Local Security Checks
medium
60887Scientific Linux Security Update : bzip2 on SL6.x i386/x86_64NessusScientific Linux Local Security Checks
medium
60858Scientific Linux Security Update : bzip2 on SL3.x, SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
medium
58362VMSA-2012-0005 : VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi, and ESX address several security issuesNessusVMware ESX Local Security Checks
critical
56595GLSA-201110-20 : Clam AntiVirus: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
52754Mac OS X 10.6.x < 10.6.7 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
high
52753Mac OS X Multiple Vulnerabilities (Security Update 2011-001)NessusMacOS X Local Security Checks
high
800796Mac OS X 10.6 < 10.6.7 Multiple VulnerabilitiesLog Correlation EngineOperating System Detection
high
5826Mac OS X 10.6 < 10.6.7 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
51077VMSA-2010-0019 : VMware ESX third-party updates for Service ConsoleNessusVMware ESX Local Security Checks
high
50893SuSE 11 / 11.1 Security Update : bzip2 (SAT Patch Numbers 3121 / 3125)NessusSuSE Local Security Checks
medium
50697Fedora 12 : bzip2-1.0.6-1.fc12 (2010-15125)NessusFedora Local Security Checks
medium
50683Fedora 13 : clamav-0.96.4-1300.fc13 (2010-17439)NessusFedora Local Security Checks
medium
50630RHEL 6 : bzip2 (RHSA-2010:0858)NessusRed Hat Local Security Checks
medium
50328FreeBSD : bzip2 -- integer overflow vulnerability (0ddb57a9-da20-4e99-b048-4366092f3d31)NessusFreeBSD Local Security Checks
medium
49832SuSE 10 Security Update : bzip2 (ZYPP Patch Number 7169)NessusSuSE Local Security Checks
medium
49769Fedora 14 : clamav-0.96.3-1400.fc14 (2010-15443)NessusFedora Local Security Checks
medium
49760SuSE9 Security Update : bzip2 (YOU Patch Number 12645)NessusSuSE Local Security Checks
medium
49755openSUSE Security Update : bzip2 (openSUSE-SU-2010:0684-1)NessusSuSE Local Security Checks
medium
49753openSUSE Security Update : bzip2 (openSUSE-SU-2010:0684-1)NessusSuSE Local Security Checks
medium
49712ClamAV < 0.96.3 Multiple VulnerabilitiesNessusMisc.
medium
5672ClamAV < 0.96.3 DoSNessus Network MonitorWeb Clients
medium
49685Fedora 13 : bzip2-1.0.6-1.fc13 (2010-15120)NessusFedora Local Security Checks
medium
49684Fedora 14 : bzip2-1.0.6-1.fc14 (2010-15106)NessusFedora Local Security Checks
medium
49633CentOS 3 / 4 / 5 : bzip2 (CESA-2010:0703)NessusCentOS Local Security Checks
medium
49305Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : dpkg vulnerability (USN-986-3)NessusUbuntu Local Security Checks
medium
49304Ubuntu 9.04 / 9.10 / 10.04 LTS : clamav vulnerability (USN-986-2)NessusUbuntu Local Security Checks
medium
49303Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : bzip2 vulnerability (USN-986-1)NessusUbuntu Local Security Checks
medium
49301RHEL 3 / 4 / 5 : bzip2 (RHSA-2010:0703)NessusRed Hat Local Security Checks
medium
49300Mandriva Linux Security Advisory : bzip2 (MDVSA-2010:185)NessusMandriva Local Security Checks
medium
49291Debian DSA-2112-1 : bzip2 - integer overflowNessusDebian Local Security Checks
medium
49290Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 8.1 / 9.0 / 9.1 / current : bzip2 (SSA:2010-263-01)NessusSlackware Local Security Checks
medium