Executive Summary

Summary
Title libarchive does not properly terminate loop
Informations
Name VU#970849 First vendor Publication 2008-03-20
Vendor VU-CERT Last vendor Modification 2008-03-20
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#970849

libarchive does not properly terminate loop

Overview

libarchive contains a vulnerability that may allow an attacker to cause a denial of service.

I. Description

The libarchive library provides an interface for reading and writing archive files.

There is a vulnerability in libarchive that occurs when it parses the pax interchange format. If an archive prematurely ends within a pax extension, libarchive may enter an infinite loop.

II. Impact

A remote, unauthenitcated attacker may be able to cause a denial of service condition.

III. Solution

Upgrade

Multiple operating system vendors have released an update to address this issue. Administrators should the systems affected portion of this document for more information.

Systems Affected

VendorStatusDate Updated
Debian GNU/LinuxVulnerable20-Mar-2008
FreeBSD, Inc.Vulnerable20-Mar-2008
Gentoo LinuxVulnerable20-Mar-2008
SUSE LinuxVulnerable20-Mar-2008

References


http://www.security-database.com/detail.php?cve=CVE-2007-3644
https://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc
http://people.freebsd.org/~kientzle/libarchive/

Credit

Theanks to CERT-FI and CPNI for information that was used in this report.

This document was written by Ryan Giobbi.

Other Information

Date Public07/12/2007
Date First Published03/20/2008 03:51:18 PM
Date Last Updated03/20/2008
CERT Advisory
CVE NameCVE-2007-3644
US-CERT Technical Alerts
Metric1.35
Document Revision7

Original Source

Url : http://www.kb.cert.org/vuls/id/970849

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1

OpenVAS Exploits

DateDescription
2008-09-24Name : Gentoo Security Advisory GLSA 200708-03 (libarchive)
File : nvt/glsa_200708_03.nasl
2008-09-04Name : FreeBSD Security Advisory (FreeBSD-SA-07:05.libarchive.asc)
File : nvt/freebsdsa_libarchive.nasl
2008-01-17Name : Debian Security Advisory DSA 1455-1 (libarchive1)
File : nvt/deb_1455_1.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
38094libarchive archive_read_support_format_tar.c TAR Archive Malformed PAX Extens...
38093libarchive archive_read_support_format_tar.c PAX Archive Malformed PAX Extens...

Nessus® Vulnerability Scanner

DateDescription
2008-01-10Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1455.nasl - Type : ACT_GATHER_INFO
2007-10-17Name : The remote openSUSE host is missing a security update.
File : suse_libarchive-3982.nasl - Type : ACT_GATHER_INFO
2007-08-13Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200708-03.nasl - Type : ACT_GATHER_INFO