EulerOS Virtualization 3.0.1.0 : libarchive (EulerOS-SA-2019-1470)

High Nessus Plugin ID 124794

Synopsis

The remote EulerOS Virtualization host is missing multiple security updates.

Description

According to the versions of the libarchive package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

- A vulnerability was found in libarchive. A specially crafted MTREE file could cause a small out-of-bounds read, potentially disclosing a small amount of application memory.(CVE-2015-8925)

- A vulnerability was found in libarchive. An attempt to create an ISO9660 volume with 2GB or 4GB filenames could cause the application to crash.(CVE-2016-6250)

- A vulnerability was found in libarchive. A specially crafted RAR file could cause the application to read memory beyond the end of the decompression buffer.(CVE-2015-8934)

- A vulnerability was found in libarchive's handling of 7zip data. A specially crafted 7zip file can cause a integer overflow resulting in memory corruption that can lead to code execution.(CVE-2016-4300)

- A vulnerability was found in libarchive. A specially crafted 7Z file could trigger a NULL pointer dereference, causing the application to crash.(CVE-2015-8922)

- Undefined behavior (signed integer overflow) was discovered in libarchive, in the ISO parser. A crafted file could potentially cause denial of service.(CVE-2016-5844)

- A vulnerability was found in libarchive. A specially crafted AR archive could cause the application to read a single byte of application memory, potentially disclosing it to the attacker.(CVE-2015-8920)

- A vulnerability was found in libarchive. A specially crafted mtree file could cause libarchive to read beyond a statically declared structure, potentially disclosing application memory.(CVE-2015-8921)

- A vulnerability was found in libarchive. A specially crafted LZA/LZH file could cause a small out-of-bounds read, potentially disclosing a few bytes of application memory.(CVE-2015-8919)

- A vulnerability was found in libarchive. A specially crafted ISO file could cause the application to consume resources until it hit a memory limit, leading to a crash or denial of service.(CVE-2015-8930)

- A vulnerability was found in libarchive. A specially crafted TAR file could trigger an out-of-bounds read, potentially causing the application to disclose a small amount of application memory.(CVE-2015-8924)

- A vulnerability was found in libarchive. A specially crafted MTREE file could cause a limited out-of-bounds read, potentially disclosing contents of application memory.(CVE-2015-8928)

- A vulnerability was found in libarchive. A specially crafted CAB file could cause the application dereference a NULL pointer, leading to a crash.(CVE-2015-8917)

- A vulnerability was found in libarchive. A specially crafted RAR file could cause the application dereference a NULL pointer, leading to a crash.(CVE-2015-8916)

- A vulnerability was found in libarchive's handling of RAR archives. A specially crafted RAR file can cause a heap overflow, potentially leading to code execution in the context of the application.(CVE-2016-4302)

- Undefined behavior (invalid left shift) was discovered in libarchive, in how Compress streams are identified.
This could cause certain files to be mistakenly identified as Compress archives and fail to read.(CVE-2015-8932)

- A vulnerability was found in libarchive. A specially crafted gzip file can cause libarchive to allocate memory without limit, eventually leading to a crash.(CVE-2016-7166)

- Undefined behavior (signed integer overflow) was discovered in libarchive, in the MTREE parser's calculation of maximum and minimum dates. A crafted mtree file could potentially cause denial of service.(CVE-2015-8931)

- A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive.(CVE-2016-5418)

- Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow.(CVE-2013-0211)

- A vulnerability was found in libarchive. A specially crafted zip file can provide an incorrect compressed size, which may allow an attacker to place arbitrary code on the heap and execute it in the context of the application.(CVE-2016-1541)

- A vulnerability was found in libarchive. A specially crafted cpio archive containing a symbolic link to a ridiculously large target path can cause memory allocation to fail, resulting in any attempt to view or extract the archive crashing.(CVE-2016-4809)

- A vulnerability was found in libarchive. A specially crafted ZIP file could cause a few bytes of application memory in a 256-byte region to be disclosed.(CVE-2015-8923)

- A vulnerability was found in libarchive. A specially crafted RAR file could cause the application to disclose a 128k block of memory from an uncontrolled location.(CVE-2015-8926)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected libarchive packages.

See Also

http://www.nessus.org/u?62040cd8

Plugin Details

Severity: High

ID: 124794

File Name: EulerOS_SA-2019-1470.nasl

Version: 1.2

Type: local

Published: 2019/05/13

Updated: 2019/05/31

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSS v3.0

Base Score: 8.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Vulnerability Information

CPE: p-cpe:/a:huawei:euleros:ibarchive, cpe:/o:huawei:euleros:uvp:3.0.1.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/EulerOS/release, Host/EulerOS/rpm-list, Host/EulerOS/uvp_version

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2019/05/07

Reference Information

CVE: CVE-2013-0211, CVE-2015-8916, CVE-2015-8917, CVE-2015-8919, CVE-2015-8920, CVE-2015-8921, CVE-2015-8922, CVE-2015-8923, CVE-2015-8924, CVE-2015-8925, CVE-2015-8926, CVE-2015-8928, CVE-2015-8930, CVE-2015-8931, CVE-2015-8932, CVE-2015-8934, CVE-2016-1541, CVE-2016-4300, CVE-2016-4302, CVE-2016-4809, CVE-2016-5418, CVE-2016-5844, CVE-2016-6250, CVE-2016-7166

BID: 58926