Candidate: CVE-2012-6706
PublicDate: 2017-06-22 13:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6706
 http://www.openwall.com/lists/oss-security/2017/06/21/9
 https://bugs.chromium.org/p/project-zero/issues/detail?id=1286&desc=6
 http://securitytracker.com/id?1027725
 http://telussecuritylabs.com/threats/show/TSL20121207-01
 https://bugs.chromium.org/p/project-zero/issues/detail?id=1286
 https://community.sophos.com/kb/en-us/118424#six
 https://lock.cmpxchg8b.com/sophailv2.pdf
 https://nakedsecurity.sophos.com/2012/11/05/tavis-ormandy-sophos/
Description:
 A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as
 used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other
 products, that can lead to arbitrary code execution. An integer overflow
 can be caused in DataSize+CurChannel. The result is a negative value of the
 "DestPos" variable, which allows the attacker to write out of bounds when
 setting Mem[DestPos].
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865461
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_unrar-nonfree:
upstream_unrar-nonfree: released (1:5.3.2-1+deb9u1, 1:5.5.5-1)
precise/esm_unrar-nonfree: DNE
trusty_unrar-nonfree: ignored (reached end-of-life)
trusty/esm_unrar-nonfree: DNE (trusty was needed)
vivid/ubuntu-core_unrar-nonfree: DNE
xenial_unrar-nonfree: released (1:5.3.2-1+deb9u1build0.16.04.1)
yakkety_unrar-nonfree: ignored (reached end-of-life)
zesty_unrar-nonfree: ignored (reached end-of-life)
artful_unrar-nonfree: not-affected (5.5.8-1)
bionic_unrar-nonfree: not-affected (5.5.8-1)
cosmic_unrar-nonfree: not-affected (5.5.8-1)
disco_unrar-nonfree: not-affected (5.5.8-1)
devel_unrar-nonfree: not-affected (5.5.8-1)

Patches_libclamunrar:
upstream_libclamunrar: released (0.99-4)
precise/esm_libclamunrar: DNE
trusty_libclamunrar: released (0.99-0ubuntu0.14.04.2)
trusty/esm_libclamunrar: DNE (trusty was released [0.99-0ubuntu0.14.04.2])
vivid/ubuntu-core_libclamunrar: DNE
xenial_libclamunrar: released (0.99-1ubuntu0.1)
zesty_libclamunrar: ignored (reached end-of-life)
artful_libclamunrar: released (0.99-4ubuntu1)
bionic_libclamunrar: released (0.99-4ubuntu1)
cosmic_libclamunrar: released (0.99-4ubuntu1)
disco_libclamunrar: released (0.99-4ubuntu1)
devel_libclamunrar: released (0.99-4ubuntu1)