Re: FreeBSD Security Advisory FreeBSD-SA-06:24.libarchive

看板FB_security作者時間19年前 (2006/11/09 00:05), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串2/3 (看更多)
On Wednesday 08 November 2006 08:13, FreeBSD Security Advisories wrote: > =================================================================== >========== FreeBSD-SA-06:24.libarchive > Security Advisory The FreeBSD Project > > Topic: Infinite loop in corrupt archives handling in > libarchive(3) > > Category: core > Module: libarchive > Announced: 2006-11-08 > Credits: Rink Springer > Affects: FreeBSD 6-STABLE after 2006-09-05 05:23:51 UTC > Corrected: 2006-11-08 14:05:40 UTC (RELENG_6, 6.2-RC1) > CVE Name: CVE-2006-5680 > > For general information regarding FreeBSD Security Advisories, > including descriptions of the fields above, security branches, and > the following sections, please visit > <URL:http://security.FreeBSD.org/>. > > I. Background > > The libarchive library provides a flexible interface for reading > and writing streaming archive files such as tar and cpio, and has > been the basis for FreeBSD's implementation of the tar(1) utility > since FreeBSD 5.3. > > II. Problem Description > > If the end of an archive is reached while attempting to "skip" past > a region of an archive, libarchive will enter an infinite loop > wherein it repeatedly attempts (and fails) to read further data. > > III. Impact > > An attacker able to cause a system to extract (via "tar -x" or > another application which uses libarchive) or list the contents > (via "tar -t" or another libarchive-using application) of an > archive provided by the attacker can cause libarchive to enter an > infinite loop and use all available CPU time. > > IV. Workaround > > No workaround is available. > > V. Solution > > Perform one of the following: > > 1) Upgrade your vulnerable system to 6-STABLE dated after the > correction date. > > 2) To patch your present system: > > The following patches have been verified to apply to affected > systems. > > a) Download the relevant patch from the location below, and verify > the detached PGP signature using your PGP utility. > > # fetch > http://security.FreeBSD.org/patches/SA-06:24/libarchive.patch # > fetch > http://security.FreeBSD.org/patches/SA-06:24/libarchive.patch.asc > > b) Execute the following commands as root: > > # cd /usr/src > # patch < /path/to/patch > # cd /usr/src/lib/libarchive > # make obj && make depend && make && make install > > VI. Correction details > > The following list contains the revision numbers of each file that > was corrected in FreeBSD. > > Branch > Revision Path > ------------------------------------------------------------------- >------ RELENG_6 > src/lib/libarchive/archive_read_support_compression_none.c > 1.6.2.2 > ------------------------------------------------------------------- >------ > > VII. References > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5680 > > The latest revision of this advisory is available at > http://security.FreeBSD.org/advisories/FreeBSD-SA-06:24.libarchive. Maybe this is an obvious question, but libarchive has been in the system since 5.3, but this issue only affects RELENG_6? So anyone tracking RELENG_6_1 isn't affected? -- Thanks, Josh Paetzel _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 josh. 的文章
文章代碼(AID): #15KW0n00 (FB_security)
更多 josh. 的文章
文章代碼(AID): #15KW0n00 (FB_security)