[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FreeBSD] Schwachstelle in libArchive - FreeBSD-SA-06:24.libarchive

To: win-sec-ssc@xxxxxxxxxxx
Subject: [FreeBSD] Schwachstelle in libArchive - FreeBSD-SA-06:24.libarchive
From: win-sec-ssc@xxxxxxxxxxx
Date: Thu, 9 Nov 2006 13:52:45 +0100 (CET)

-----BEGIN PGP SIGNED MESSAGE-----

Liebe Kolleginnen und Kollegen,

soeben erreichte uns nachfolgende Warnung des FreeBSD Security Officers.
Wir geben diese Informationen unveraendert an Sie weiter.

CVE-2006-5680 - Schwachstelle in libArchive

  In der Bibliothek libArchive wurde eine Schwachstelle gefunden. Beim
  Verarbeiten einer manipulierten Archiv-Datei kann es vorkommen, dass
  ein Programm, welches diese Bibliothek benutzt, ueber das Ende einer
  Archivdatei hinausspringt und eine Endlosschleife ausgeloest wird. Ein
  Angreifer kann dieses Verhalten ausnutzen, um saemtliche CPU-Zeit zu
  verbrauchen und so einen Denial of Service Angriff auf das System zu
  durchzufuehren.

Betroffen sind die folgenden Software Pakete und Plattformen:

  libarchive

  FreeBSD 6-STABLE bevor 2006-11-08 14:05:40 UTC (RELENG_6, 6.2-RC1)

Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.

Hersteller Advisory:
  ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:24.libarchive.asc


(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.

Mit freundlichen Gruessen,
                Klaus Moeller, DFN-CERT Services GmbH


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=============================================================================
FreeBSD-SA-06:24.libarchive                                 Security Advisory
                                                          The FreeBSD Project

Topic:          Infinite loop in corrupt archives handling in libarchive(3)

Category:       core
Module:         libarchive
Announced:      2006-11-08
Credits:        Rink Springer
Affects:        FreeBSD 6-STABLE after 2006-09-05 05:23:51 UTC
Corrected:      2006-11-08 14:05:40 UTC (RELENG_6, 6.2-RC1)
CVE Name:       CVE-2006-5680

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.

I.   Background

The libarchive library provides a flexible interface for reading and
writing streaming archive files such as tar and cpio, and has been the
basis for FreeBSD's implementation of the tar(1) utility since FreeBSD 5.3.

II.  Problem Description

If the end of an archive is reached while attempting to "skip" past a
region of an archive, libarchive will enter an infinite loop wherein it
repeatedly attempts (and fails) to read further data.

III. Impact

An attacker able to cause a system to extract (via "tar -x" or another
application which uses libarchive) or list the contents (via "tar -t" or
another libarchive-using application) of an archive provided by the
attacker can cause libarchive to enter an infinite loop and use all
available CPU time.

IV.  Workaround

No workaround is available.

V.   Solution

Perform one of the following:

1) Upgrade your vulnerable system to 6-STABLE dated after the correction
date.

2) To patch your present system:

The following patches have been verified to apply to affected systems.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch http://security.FreeBSD.org/patches/SA-06:24/libarchive.patch
# fetch http://security.FreeBSD.org/patches/SA-06:24/libarchive.patch.asc

b) Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch
# cd /usr/src/lib/libarchive
# make obj && make depend && make && make install

VI.  Correction details

The following list contains the revision numbers of each file that was
corrected in FreeBSD.

Branch                                                           Revision
  Path
- - -------------------------------------------------------------------------
RELENG_6
  src/lib/libarchive/archive_read_support_compression_none.c      1.6.2.2
- - -------------------------------------------------------------------------

VII. References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5680

The latest revision of this advisory is available at
http://security.FreeBSD.org/advisories/FreeBSD-SA-06:24.libarchive.asc
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (FreeBSD)

iD8DBQFFUeSvFdaIBMps37IRAug+AKCWT9WdFvuqPZS0o7fp3f9GKd8/aQCfVcQE
WODSvmI0ArwZOcWIESQOnIQ=
=SDvI
- -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iQEVAwUBRVMknfBT2+ukQ5RFAQGGGggAtx2Slrd8U49oIIkXXdoN+yEIZf8T6CR3
pbJucQkOqnD+ZBYuSzHVOFeD2QaMLOpB6WaoTZ7Zwbv0GNt5qDSn0uROcpmPC9XE
oNX2/Xak+uYDzah3gZlF1/hqw2bzME+gy7eV5CojkGI/HJlobS3vh/KWQMlHYWk7
OT4wrNat8xNMlHhGmE9xMAR/kuF0wdhi5UfGzrLVb278lla15mbqpbDxRVwbuIVe
DdQMS1gkQx7rIYP2PbmN9Ycn0lSvEjsRDDwn/CdX835X+JdszejfB++IIGJEwXKi
JTZr2o10qxN3RpHGPDb/oF2AvESB2HLpI9EioN9bdfKaEL7ty8H9tg==
=db6+
-----END PGP SIGNATURE-----

Prev by Date: [Mandriva] Schwachstelle in OpenSSH - MDKSA-2006:204
Next by Date: [Cisco] Schwachstellen in OpenSSL betreffen verschiedene Cisco Produkte - cisco-sr-20061108-openssl
Previous by thread: [Mandriva] Schwachstelle in OpenSSH - MDKSA-2006:204
Next by thread: [Cisco] Schwachstellen in OpenSSL betreffen verschiedene Cisco Produkte - cisco-sr-20061108-openssl
Index(es):
- Date
- Thread