7-zip users beware

Discussion in 'Technical' started by sec_monkey, May 13, 2016.


  1. sec_monkey

    sec_monkey SM Security Administrator

    7-Zip has Dangerous Vulnerabilities which can allow attackers to compromise systems.

    Update immediately.

    MalwareBytes uses 7-Zip which makes it vulnerable.

    Many other products besides MalwareBytes use 7-Zip
     
    Ganado and Seepalaces like this.
  2. sec_monkey

    sec_monkey SM Security Administrator

    It is a compression utility. It runs standalone or as part of other programs like MalwareBytes

    Programs that use 7-Zip are vulnerable including MalwareBytes and many others.

    7-Zip version 16.00 has been fixed.

    All products that use 7-Zip need to rebuild their apps.
     
    Brokor likes this.
  3. Brokor

    Brokor Live Free or Cry Moderator Site Supporter+++ Founding Member

    I have used 7-zip for years, no problems.
    The latest version is stable and no known vulnerabilities.

    "Sadly, many security vulnerabilities arise from applications which fail to properly validate their input data. Both of these 7-Zip vulnerabilities resulted from flawed input validation. Because data can come from a potentially untrusted source, data input validation is of critical importance to all applications’ security. Talos has worked with 7-Zip to responsibly disclose, and then patch these vulnerabilities. Users are urged to update their vulnerable versions of 7-Zip to the latest revision, version 16.00, as soon as possible."

    Cisco Talos Blog: Multiple 7-Zip Vulnerabilities Discovered by Talos
     
    Ganado likes this.
  4. sec_monkey

    sec_monkey SM Security Administrator

    The flaws were fixed in 7-Zip 16.00

    Versions prior to 16.00 are vulnerable according to reports.

    All products that use 7-Zip need to rebuild their apps otherwise they will be vulnerable.
     
    Brokor likes this.
  5. Brokor

    Brokor Live Free or Cry Moderator Site Supporter+++ Founding Member

    Not likely to find many developers around these parts. ;)

    DOWNLOAD 7-ZIP here: 7-Zip
    (and never anywhere else)
     
    Ganado and 3M-TA3 like this.
  6. sec_monkey

    sec_monkey SM Security Administrator

    Some monkeys are developers ;)

    This affects all users of 7-Zip and users of programs that use 7-Zip like
    MalwareBytes, FireEye and many more. Ironically MalwareBytes and FireEye are security programs.

    7-Zip is used to create self-extracting executable files. Millions or Billions of users are potentially affected.
     
    VisuTrac likes this.
  7. Brokor

    Brokor Live Free or Cry Moderator Site Supporter+++ Founding Member

    It's not that serious.

    UDF Issue (CVE-2016-2335):
    Fix Version: 16.00
    Vulnerable versions: 9.20 (confirmed) through 15.14
    Also, versions 4.59 beta and later might be affected, as the UDF support had been introduced with that version (according to the change history at: http://www.7-zip.org/history.txt)

    HFS Issue (CVE-2016-2334):
    Fix Version: 16.00
    Vulnerable versions: 9.32 (assumed) through 15.14
    HFS support is available since version 4.59 beta. However, version 9.20 still does not include the vulnerable code, so I assume that the vulnerability had been introduced with 9.32 (according to the change history at: http://www.7-zip.org/history.txt, which says: "... HFS, ... support was improved.")

    I was running an older version (9.2) which did not include the vulnerable HFS code. But, for folks who were using the latest prior to the 16.0 release, updating is a good idea just to be safe. Most users will not even come into a situation where they are packaging or unpacking a UDF archive, but I know how geeks like to get all antsy over security...
    :LOL:
     
  8. sec_monkey

    sec_monkey SM Security Administrator

    It is potentially more serious than the CVE suggests.
     
    Last edited: May 13, 2016
  9. Brokor

    Brokor Live Free or Cry Moderator Site Supporter+++ Founding Member

    LOL [LMAO]
     
  10. Bandit99

    Bandit99 Monkey+++ Site Supporter+

    Thanks for the heads up! I have updated to v16...
     
    sec_monkey likes this.
survivalmonkey SSL seal        survivalmonkey.com warrant canary
17282WuJHksJ9798f34razfKbPATqTq9E7