Executive Summary

Summary
Title libarchive does not properly terminate loop
Informations
Name VU#970849 First vendor Publication 2008-03-20
Vendor VU-CERT Last vendor Modification 2008-03-20
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#970849

libarchive does not properly terminate loop

Overview

libarchive contains a vulnerability that may allow an attacker to cause a denial of service.

I. Description

The libarchive library provides an interface for reading and writing archive files.

There is a vulnerability in libarchive that occurs when it parses the pax interchange format. If an archive prematurely ends within a pax extension, libarchive may enter an infinite loop.

II. Impact

A remote, unauthenitcated attacker may be able to cause a denial of service condition.

III. Solution

Upgrade

Multiple operating system vendors have released an update to address this issue. Administrators should the systems affected portion of this document for more information.

Systems Affected

VendorStatusDate Updated
Debian GNU/LinuxVulnerable20-Mar-2008
FreeBSD, Inc.Vulnerable20-Mar-2008
Gentoo LinuxVulnerable20-Mar-2008
SUSE LinuxVulnerable20-Mar-2008

References


http://www.security-database.com/detail.php?cve=CVE-2007-3644
https://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc
http://people.freebsd.org/~kientzle/libarchive/

Credit

Theanks to CERT-FI and CPNI for information that was used in this report.

This document was written by Ryan Giobbi.

Other Information

Date Public07/12/2007
Date First Published03/20/2008 03:51:18 PM
Date Last Updated03/20/2008
CERT Advisory 
CVE NameCVE-2007-3644
US-CERT Technical Alerts 
Metric1.35
Document Revision7

Original Source

Url : http://www.kb.cert.org/vuls/id/970849

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 4

OpenVAS Exploits

Date Description
2008-09-24 Name : Gentoo Security Advisory GLSA 200708-03 (libarchive)
File : nvt/glsa_200708_03.nasl
2008-09-04 Name : FreeBSD Security Advisory (FreeBSD-SA-07:05.libarchive.asc)
File : nvt/freebsdsa_libarchive.nasl
2008-01-17 Name : Debian Security Advisory DSA 1455-1 (libarchive1)
File : nvt/deb_1455_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
38094 libarchive archive_read_support_format_tar.c TAR Archive Malformed PAX Extens...
38093 libarchive archive_read_support_format_tar.c PAX Archive Malformed PAX Extens...

Nessus® Vulnerability Scanner

Date Description
2008-01-10 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1455.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_libarchive-3982.nasl - Type : ACT_GATHER_INFO
2007-08-13 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200708-03.nasl - Type : ACT_GATHER_INFO