 camperjust visiting this planet
Premium Member
join:2010-03-21
Bethel, CT
7 recommendations |
camper
Premium Member
2016-May-12 11:36 am
Flawed 7-Zip compression tool opens systems to hack. Update it now! » securityaffairs.co/wordp ··· ool.html
...According to the Cisco security researcher Jaeson Schultz, multiple flaws in the 7-Zip compression tool could be exploited by hackers to gain the complete control on the target machine running the popular software. "Recently Cisco Talos has discovered multiple exploitable vulnerabilities in 7-Zip. These type of vulnerabilities are especially concerning since vendors may not be aware they are using the affected libraries." states a blog post published by CISCO Talos. The first issue discovered by the expert is an out-of-bounds read vulnerability (CVE-2016-2335)" that exists in the way 7-Zip handles Universal Disk Format (UDF) files....
|
|
|
 Kilroy
MVM
join:2002-11-21
Saint Paul, MN
6 recommendations |
Kilroy
MVM
2016-May-12 12:14 pm
"Users are urged to update their 7-Zip software to the latest version 16.00." |
|
SipSizzurpFo' Shizzle
Premium Member
join:2005-12-28
Houston, TX |
to camper
said by camper:...The first issue discovered by the expert is an out-of-bounds read vulnerability (CVE-2016-2335)" that exists in the way 7-Zip handles Universal Disk Format (UDF) files....
So what are the port numbers that 7Z listens on, and who opened them in the router ? |
|
(Software) OPNsense
Ubiquiti UniFi UAP-AC-PRO
4 recommendations |
said by SipSizzurp: So what are the port numbers that 7Z listens on, and who opened them in the router ? Nothing to do with Ports or a network/internet connection. |
|
| |
to camper
Sometimes I wonder if people come up with this stuff to get press. "Could be" covers plenty of ground which only 1 in 10 million or much more might be affected. |
|
camperjust visiting this planet
Premium Member
join:2010-03-21
Bethel, CT |
camper
Premium Member
2016-May-12 3:18 pm
said by Ken1943:Sometimes I wonder if people come up with this stuff to get press. Possibly. On the other hand, for the past week I have noticed a significant uptick in the amount of email spam which contains a zip file as an attachment. When I say "significant", I mean about 60-times as many such emails. While I do not know if those attached zip files are trying to exploit this vuln, I do note the coincidence. |
|
 DarkLogixTexan and Proud
Premium Member
join:2008-10-23
Baytown, TX
1 recommendation |
said by camper:Possibly.
On the other hand, for the past week I have noticed a significant uptick in the amount of email spam which contains a zip file as an attachment.
When I say "significant", I mean about 60-times as many such emails.
While I do not know if those attached zip files are trying to exploit this vuln, I do note the coincidence. Well quote:
Universal Disk Format (UDF) files
So um I think unlikely. But there are often other bad junk sent via Zips because the plain zip format can be opened by windows natively. IMO 7zip can help protect you from lots of that with 2 steps. 1. block all .zip files on your e-mail system. 2. Instruct users to use .7z files instead. That mitigates alot of viruses. |
|
camperjust visiting this planet
Premium Member
join:2010-03-21
Bethel, CT
2 recommendations |
camper
Premium Member
2016-May-12 4:00 pm
said by DarkLogix: block all .zip files on your e-mail system. Yup, they are blocked here. I was going by what my logs tell me to determine the number of incomings.  According to this: » www.networkworld.com/art ··· isk.html the UDF vuln is not the only one. There's also "...the heap overflow condition, CVE-2016-2334, can occur when handling zlib compressed files....". I suspect that one may be a more common occurrence. And then there's "...The 7-Zip software can pack and unpack files using a large number of archive formats, including its own 7z format, which is more efficient than ZIP. Its versatility and open-source nature make it an attractive library to include in other software projects that need to process and deal with archived files...." from that same article. |
|
 antdudeMatrix Ant
Premium Member
join:2001-03-25
US
3 recommendations |
to camper
That's why v16 came out.  |
|
| |
to camper
....can't figure out 7zip's versioning... last version they released was v9?
But thanks for the update, will get this installed ASAP.
Regards |
|
 therube
join:2004-11-11
Randallstown, MD
1 edit
3 recommendations |
quote:
last version they released was v9
No, v15 has been out for a while now, including a few updates to it, » www.7-zip.org/history.txt. (Prior to 15, we were on 9 for an eternity, with the actual release dating back years, as he was always hesitant to call any of the more recent 9's anything but alpha or beta. From the looks of it, he's now making the major number the year of the release. Wonder what he's going to do in the year 3016?) |
|
| |
to camper
The executables from the latest update once again didn't have DEP and ASLR enabled. So I used the program SetDllCharacteristics.exe to toggle the DEP and ASLR bits. for %f in (*.exe) do (setdllcharacteristics +n +d %f)
for %f in (*.dll) do (setdllcharacteristics +n +d %f)
for %f in (*.sfx) do (setdllcharacteristics +n +d %f)
The above commands would need to be issued from a console with a write ability to the targeted files. It is too early to say whether there is a problem with this release, but I've done this with previous releases without a problem. For this particular program, I prefer native DEP and ASLR enabled, because of its integration with explorer.exe . |
|
 CartelIntel inside Your sensitive data outside
Premium Member
join:2006-09-13
Chilliwack, BC
1 edit
2 recommendations |
to camper
I'm still using 9.22... Guess everyone will have to update winrar too Edit** You can download the plugin and copy it to the winrar folder the replace the vulnerable version. » www.7-zip.org/a/7z1600-extra.7z |
|
camperjust visiting this planet
Premium Member
join:2010-03-21
Bethel, CT
3 recommendations |
to HELLFIRE
said by HELLFIRE:can't figure out 7zip's versioning. The last version I had was 15.xx The major version number is the year, the minor number is a serial number, counting upwards. |
|
therube
join:2004-11-11
Randallstown, MD
1 recommendation |
to camper
|
|
camperjust visiting this planet
Premium Member
join:2010-03-21
Bethel, CT |
camper
Premium Member
2016-May-13 10:42 am
said by therube:Peazip updated its application That's one aspect of this vuln that I read about initially but I did not, at the time, suss just how widespread the use of 7z's libs was among other compression software. |
|
| |
to Cartel
said by Cartel:I'm still using 9.22... Same TIL: 7zip doesn't auto update or have any update mechanism |
|
2 recommendations |
to camper
said by therube:(Prior to 15, we were on 9 for an eternity, with the actual release dating back years, as he was always hesitant to call any of the more recent 9's anything but alpha or beta. From the looks of it, he's now making the major number the year of the release. Wonder what he's going to do in the year 3016?) said by camper:The major version number is the year, the minor number is a serial number, counting upwards. Ahh, thanks for that! Regards |
|
camperjust visiting this planet
Premium Member
join:2010-03-21
Bethel, CT
1 recommendation |
camper
Premium Member
2016-May-13 2:33 pm
For completeness of this thread, here's the thread about version 16.00 on the 7-zip support forum: » sourceforge.net/p/sevenz ··· 8fd6078/ |
|
 BlackbirdBuilt for Speed
Premium Member
join:2005-01-14
Fort Wayne, IN
1 recommendation |
to camper
What is the suggested way to get to version 16 if one has an older 7-Zip version installed... uninstall the old version first, install the new one 'over the top' via the .msi, or what? I was unable to find any "update" info at the SourceForge site... |
|
5 recommendations |
just download and install the new one, it will overwrite. |
|
DarkLogixTexan and Proud
Premium Member
join:2008-10-23
Baytown, TX |
to therube
said by therube:From the looks of it, he's now making the major number the year of the release. Wonder what he's going to do in the year 3016?) Use Hex for the version number V.BC8 |
|
| DarkLogix |
to Frodo
said by Frodo:The executables from the latest update once again didn't have DEP and ASLR enabled.
So I used the program SetDllCharacteristics.exe to toggle the DEP and ASLR bits.
for %f in (*.exe) do (setdllcharacteristics +n +d %f)
for %f in (*.dll) do (setdllcharacteristics +n +d %f)
for %f in (*.sfx) do (setdllcharacteristics +n +d %f)
The above commands would need to be issued from a console with a write ability to the targeted files. It is too early to say whether there is a problem with this release, but I've done this with previous releases without a problem. For this particular program, I prefer native DEP and ASLR enabled, because of its integration with explorer.exe . Could you provide a Windows 64bit exe of 7zip 16 with Dep/ASLR? BTW if I put said exe on my website any idea of what I'd need to include so I don't face legal suff? |
|
| |
to camper
Thanks for the sf link. I tried peazip but don't like the way it didn't seem to show the name of new folder to be created when right click on file.zip Was expecting it to point to a yet to be created new directory/folder named File but nope. Peazip might have option for that but too busy to dig into its guts when 7-zip shoes File as default. 64 bit is fast now. |
|
 jap
Premium Member
join:2003-08-10
038xx
1 recommendation |
jap to camper
Premium Member
2016-May-13 6:33 pm
to camper
Thanks camper. Windows installers of stable versions: » www.7-zip.org/download.htmlAll others (Linux, portable, beta, etc..): » sourceforge.net/projects ··· evenzip/ |
|
BlackbirdBuilt for Speed
Premium Member
join:2005-01-14
Fort Wayne, IN |
to Napsterbater
said by Napsterbater:just download and install the new one, it will overwrite. Thanks much! It worked like a charm... |
|
CartelIntel inside Your sensitive data outside
Premium Member
join:2006-09-13
Chilliwack, BC |
to Frodo
said by Frodo:The executables from the latest update once again didn't have DEP and ASLR enabled.
So I used the program SetDllCharacteristics.exe to toggle the DEP and ASLR bits.
for %f in (*.exe) do (setdllcharacteristics +n +d %f)
for %f in (*.dll) do (setdllcharacteristics +n +d %f)
for %f in (*.sfx) do (setdllcharacteristics +n +d %f)
The above commands would need to be issued from a console with a write ability to the targeted files. It is too early to say whether there is a problem with this release, but I've done this with previous releases without a problem. For this particular program, I prefer native DEP and ASLR enabled, because of its integration with explorer.exe . DEP is on for me |
|
| |
to Frodo
I like this suggestion and I greatly respect your opinion. I will keep this program in mind. But what I am wondering is, would using EMET to force DEP and ASLR on 7-Zip binaries be sufficient? |
|
1 edit |
Frodo
Member
2016-May-14 12:05 am
I think on my computer, it is mandatory DEP whether the program wants it or not. The EMET might actually be better because of bottom up randomization. Don't really know. I do also have 7Z on EMET. But, I don't have explorer on EMET. And I believe the rule is, if any DLL hooked by explorer doesn't have ASLR on, then the whole process won't use ASLR. I'm looking at the dlls being used by one of my explorers and I see a 7Z one. So, I like the flags toggled on to tie up any loose ends, known or unknown, unless it causes the process to malfunction. There is the FC command to check the before and after files. There should only be two bytes changed, the one for DEP and the one for ASLR. This Didier guy seems to have a good reputation, so I'm happy with the tool. Edit: Winamp would be another program. This one has exe, dll, and w5s. I guess w5s is some weird name for a dll. They are located in a "System" subfolder and show in Process Explorer. I toggled all of the above like I did with 7Z. I don't remember whether the DEP or ASLR bit was enabled before I changed them with the tool. |
|
| |
said by Frodo:And I believe the rule is, if any DLL hooked by explorer doesn't have ASLR on, then the whole process won't use ASLR. I'm looking at the dlls being used by one of my explorers and I see a 7Z one. So, I like the flags toggled on to tie up any loose ends, known or unknown, unless it causes the process to malfunction. I see what you mean now, particularly with regard to .DLLs and being more thorough. Thank you, Frodo. Didier Stevens definitely has a lot of unique and useful tools and this is quite a nice gem that I was previously not aware of. So I will definitely add this tool and your suggestions to some of my routines now as well. My only concern is over digitally signed binaries since it would invalidate the certificate, but I will use this for non-signed binaries when appropriate. |
|
