Help - Search - Members - Calendar
Full Version: Nlite 1.4.7 - the version of 7zip has a vulnerability
MSFN Forums > Member Contributed Projects > nLite

   
Google Internet Forums Unattended CD/DVD Guide
claykin
Jul 19 2008, 01:55 AM
According to Secunia PSI scanner, the version of 7-zip (V4.4.2) you are using with the current Nlite is insecure. Here is the link describing the vulnerability:

http://secunia.com/advisories/29434/

jaclaz
Jul 19 2008, 02:24 AM
Hmmm, not really documented blink.gif :
QUOTE
Description:
A vulnerability with unknown impact has been reported in 7-zip.

The vulnerability is caused due to unspecified errors. No further information is currently available.


Reading the referred article:
http://www.ee.oulu.fi/research/ouspg/proto...ng/c10/archive/

It is clear that it is aimed to find vulnerabilitios in parsers of Unix Anti-virus apps when parsing files compressed in common archive formats.

There is no evidence of a specific 7-zip vulnerability, as far as I can see, if not a reference to a prior, known one:
http://xforce.iss.net/xforce/xfdb/22396
that was however limited to the .arj format.

The other cited article:
https://www.cert.fi/haavoittuvuudet/joint-a...ve-formats.html
does specify a 7-zip vulnerability, if I get it right in the way it handles errors due to a mal-formed archive, so you need a mal-formed archive as well.

Thanks for the heads up smile.gif, but I don't think I will lose my sleep tonight for this. newwink.gif

jaclaz
bledd
Jul 19 2008, 03:21 AM
even if it has a vulnerability, it makes no difference, it's just working with the nlite stuff
Google Internet Forums Unattended CD/DVD Guide
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.