FreeBSD : libarchive -- Infinite loop in corrupt archives handling in libarchive (792bc222-c5d7-11db-9f82-000e0c2e438a)

This script is Copyright (C) 2007-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

If the end of an archive is reached while attempting to 'skip' past a
region of an archive, libarchive will enter an infinite loop wherein
it repeatedly attempts (and fails) to read further data. Impact : An
attacker able to cause a system to extract (via 'tar -x' or another
application which uses libarchive) or list the contents (via 'tar -t'
or another libarchive-using application) of an archive provided by the
attacker can cause libarchive to enter an infinite loop and use all
available CPU time. Workaround : No workaround is available.

See also :

http://www.nessus.org/u?8aef20ba

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 24720 (freebsd_pkg_792bc222c5d711db9f82000e0c2e438a.nasl)

Bugtraq ID:

CVE ID: CVE-2006-5680

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now