FreeBSD Security Advisory FreeBSD-SA-06:24.libarchive
Josh Paetzel
josh at tcbug.org
Wed Nov 8 15:36:12 UTC 2006
On Wednesday 08 November 2006 08:13, FreeBSD Security Advisories
wrote:
> ===================================================================
>========== FreeBSD-SA-06:24.libarchive
> Security Advisory The FreeBSD Project
>
> Topic: Infinite loop in corrupt archives handling in
> libarchive(3)
>
> Category: core
> Module: libarchive
> Announced: 2006-11-08
> Credits: Rink Springer
> Affects: FreeBSD 6-STABLE after 2006-09-05 05:23:51 UTC
> Corrected: 2006-11-08 14:05:40 UTC (RELENG_6, 6.2-RC1)
> CVE Name: CVE-2006-5680
>
> For general information regarding FreeBSD Security Advisories,
> including descriptions of the fields above, security branches, and
> the following sections, please visit
> <URL:http://security.FreeBSD.org/>.
>
> I. Background
>
> The libarchive library provides a flexible interface for reading
> and writing streaming archive files such as tar and cpio, and has
> been the basis for FreeBSD's implementation of the tar(1) utility
> since FreeBSD 5.3.
>
> II. Problem Description
>
> If the end of an archive is reached while attempting to "skip" past
> a region of an archive, libarchive will enter an infinite loop
> wherein it repeatedly attempts (and fails) to read further data.
>
> III. Impact
>
> An attacker able to cause a system to extract (via "tar -x" or
> another application which uses libarchive) or list the contents
> (via "tar -t" or another libarchive-using application) of an
> archive provided by the attacker can cause libarchive to enter an
> infinite loop and use all available CPU time.
>
> IV. Workaround
>
> No workaround is available.
>
> V. Solution
>
> Perform one of the following:
>
> 1) Upgrade your vulnerable system to 6-STABLE dated after the
> correction date.
>
> 2) To patch your present system:
>
> The following patches have been verified to apply to affected
> systems.
>
> a) Download the relevant patch from the location below, and verify
> the detached PGP signature using your PGP utility.
>
> # fetch
> http://security.FreeBSD.org/patches/SA-06:24/libarchive.patch #
> fetch
> http://security.FreeBSD.org/patches/SA-06:24/libarchive.patch.asc
>
> b) Execute the following commands as root:
>
> # cd /usr/src
> # patch < /path/to/patch
> # cd /usr/src/lib/libarchive
> # make obj && make depend && make && make install
>
> VI. Correction details
>
> The following list contains the revision numbers of each file that
> was corrected in FreeBSD.
>
> Branch
> Revision Path
> -------------------------------------------------------------------
>------ RELENG_6
> src/lib/libarchive/archive_read_support_compression_none.c
> 1.6.2.2
> -------------------------------------------------------------------
>------
>
> VII. References
>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5680
>
> The latest revision of this advisory is available at
> http://security.FreeBSD.org/advisories/FreeBSD-SA-06:24.libarchive.
Maybe this is an obvious question, but libarchive has been in the
system since 5.3, but this issue only affects RELENG_6? So anyone
tracking RELENG_6_1 isn't affected?
--
Thanks,
Josh Paetzel
More information about the freebsd-security
mailing list