Bug 15211

Summary: cabextract hangs on special crafte cab files
Product: Mageia Reporter: Thomas Spuhler <thomas>
Component: RPM PackagesAssignee: Shlomi Fish <shlomif>
Status: RESOLVED DUPLICATE QA Contact:
Severity: critical    
Priority: High CC: thomas
Version: 4   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: cabextract-1.5 CVE:
Status comment:
Attachments: file that causes the infinite loop

Description Thomas Spuhler 2015-02-06 01:47:07 CET 
Description of problem:
Cabextract goes into an infinite loop when trying to expand a special crafted .cab file as attached. This seems to originate in a bug in the embeded libmspack.
Contrary to the report, clamav doesn't show this behavior.
See bug # 15155
This causes a security issue in amavisd and can cause a DoS attack.

http://openwall.com/lists/oss-security/2015/02/03/12
http://lwn.net/Vulnerabilities/631508/
http://lists.opensuse.org/opensuse-updates/2015-02/msg00004.html

Version-Release number of selected component (if applicable):
1.5

How reproducible:
every time


Steps to Reproduce:
1. save the attached hang.cab file and run cabextract hang.cab. 
2. you will get the output:
Extracting cabinet: hang.cab
  extracting limeric
3. Here it hangs and I had to cancel it after two hours.


Reproducible: 

Steps to Reproduce:
Comment 1 Thomas Spuhler 2015-02-06 01:49:13 CET 
Created attachment 5861 [details]
file that causes the infinite loop
Thomas Spuhler 2015-02-06 01:50:01 CET

Priority: Normal => High
Status: NEW => ASSIGNED
CC: (none) => thomas
Assignee: bugsquad => shlomif

Comment 2 David Walser 2015-02-06 03:25:32 CET 
Already fixed.

*** This bug has been marked as a duplicate of bug 15193 ***

Status: ASSIGNED => RESOLVED
Resolution: (none) => DUPLICATE