FreeBSD : libarchive -- multiple vulnerabilities (7c63775e-be31-11e5-b5fe-002590263bf5)

Medium Nessus Plugin ID 87984

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 3.7

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

MITRE reports :

Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow.

Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.

Libarchive issue tracker reports :

Using a crafted tar file bsdtar can perform an out-of-bounds memory read which will lead to a SEGFAULT. The issue exists when the executable skips data in the archive. The amount of data to skip is defined in byte offset [16-19] If ASLR is disabled, the issue can lead to an infinite loop.

Solution

Update the affected package.

See Also

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200176

https://github.com/libarchive/libarchive/pull/110

https://github.com/libarchive/libarchive/commit/5935715

https://github.com/libarchive/libarchive/commit/2253154

https://github.com/libarchive/libarchive/issues/502

https://github.com/libarchive/libarchive/commit/3865cf2

https://github.com/libarchive/libarchive/commit/e6c9668

https://github.com/libarchive/libarchive/commit/24f5de6

http://www.nessus.org/u?84a986a9

Plugin Details

Severity: Medium

ID: 87984

File Name: freebsd_pkg_7c63775ebe3111e5b5fe002590263bf5.nasl

Version: 2.4

Type: local

Published: 2016/01/19

Updated: 2021/01/04

Dependencies: 12634

Risk Information

Risk Factor: Medium

VPR Score: 3.7

CVSS v2.0

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:libarchive, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2016/01/18

Vulnerability Publication Date: 2012/12/06

Reference Information

CVE: CVE-2013-0211, CVE-2015-2304

FreeBSD: SA-16:22.libarchive, SA-16:23.libarchive