Date: Wed, 8 Nov 2006 10:36:02 -0500 From: Josh Paetzel <josh@tcbug.org> To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-06:24.libarchive Message-ID: <200611080936.03101.josh@tcbug.org> In-Reply-To: <200611081413.kA8EDtA7011912@freefall.freebsd.org> References: <200611081413.kA8EDtA7011912@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 08 November 2006 08:13, FreeBSD Security Advisories wrote: > =================================================================== >========== FreeBSD-SA-06:24.libarchive > Security Advisory The FreeBSD Project > > Topic: Infinite loop in corrupt archives handling in > libarchive(3) > > Category: core > Module: libarchive > Announced: 2006-11-08 > Credits: Rink Springer > Affects: FreeBSD 6-STABLE after 2006-09-05 05:23:51 UTC > Corrected: 2006-11-08 14:05:40 UTC (RELENG_6, 6.2-RC1) > CVE Name: CVE-2006-5680 > > For general information regarding FreeBSD Security Advisories, > including descriptions of the fields above, security branches, and > the following sections, please visit > <URL:http://security.FreeBSD.org/>. > > I. Background > > The libarchive library provides a flexible interface for reading > and writing streaming archive files such as tar and cpio, and has > been the basis for FreeBSD's implementation of the tar(1) utility > since FreeBSD 5.3. > > II. Problem Description > > If the end of an archive is reached while attempting to "skip" past > a region of an archive, libarchive will enter an infinite loop > wherein it repeatedly attempts (and fails) to read further data. > > III. Impact > > An attacker able to cause a system to extract (via "tar -x" or > another application which uses libarchive) or list the contents > (via "tar -t" or another libarchive-using application) of an > archive provided by the attacker can cause libarchive to enter an > infinite loop and use all available CPU time. > > IV. Workaround > > No workaround is available. > > V. Solution > > Perform one of the following: > > 1) Upgrade your vulnerable system to 6-STABLE dated after the > correction date. > > 2) To patch your present system: > > The following patches have been verified to apply to affected > systems. > > a) Download the relevant patch from the location below, and verify > the detached PGP signature using your PGP utility. > > # fetch > http://security.FreeBSD.org/patches/SA-06:24/libarchive.patch # > fetch > http://security.FreeBSD.org/patches/SA-06:24/libarchive.patch.asc > > b) Execute the following commands as root: > > # cd /usr/src > # patch < /path/to/patch > # cd /usr/src/lib/libarchive > # make obj && make depend && make && make install > > VI. Correction details > > The following list contains the revision numbers of each file that > was corrected in FreeBSD. > > Branch > Revision Path > ------------------------------------------------------------------- >------ RELENG_6 > src/lib/libarchive/archive_read_support_compression_none.c > 1.6.2.2 > ------------------------------------------------------------------- >------ > > VII. References > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5680 > > The latest revision of this advisory is available at > http://security.FreeBSD.org/advisories/FreeBSD-SA-06:24.libarchive. Maybe this is an obvious question, but libarchive has been in the system since 5.3, but this issue only affects RELENG_6? So anyone tracking RELENG_6_1 isn't affected? -- Thanks, Josh Paetzel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200611080936.03101.josh>