OSVDB ID: 82161

Title: Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS

Info

Disclosure

May 23, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

May 23, 2012

Description

Apache Commons Compress contains a flaw that that is triggered by an error when using bzip2 file compression, and will result in loss of availability for the program when handling a BZip2CompressorOutputStream class file.

Classification

Location: Local / Remote, Context Dependent
Attack Type: Denial of Service
Impact: Loss of Availability
Solution: Upgrade
Exploit: Exploit Private
Disclosure: Vendor Verified

Solution

Upgrade to version 1.4.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

The Apache Software Foundation	Apache Commons Compress	1.0
		1.1
		1.2
		1.3
		1.4
	Tika	1.1

Plexus-Archiver

2.3

Oracle Corporation	Solaris	10
		11.1

References

Security Tracker: 1027096
CVE ID: 2012-2098 (see also: NVD)
Secunia Advisory ID: 49255 49286 53045 53194
Bugtraq ID: 53676
Vendor Specific News/Changelog Entry: http://ant.apache.org/security.html
http://commons.apache.org/compress/security.html
https://bugzilla.redhat.com/show_bug.cgi?id=951521
https://issues.apache.org/jira/browse/TIKA-932
Packet Storm: http://packetstormsecurity.org/files/113014/Apache-Commons-Compress-Apache-Ant-Denial-Of-Service.html
Mail List Post: http://seclists.org/bugtraq/2012/May/129
Vendor Specific Advisory URL: https://blogs.oracle.com/sunsecurity/entry/algorithmic_complexity_vulnerability_in_apache
Vendor Specific Solution URL: https://github.com/sonatype/plexus-archiver/commit/ce4bf4c5212188692850f06ee6874196104646e9

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/82161

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

The Apache Software Foundation

Apache Commons Compress

Tika

Plexus-Archiver

Plexus-Archiver

Oracle Corporation

Solaris

References

Credit