Vulnerabilities > CVE-2007-3644 - Remote vulnerability in Freebsd Libarchive 2.2.3
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (infinite loop) via (1) an end-of-file condition within a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_LIBARCHIVE-3982.NASL description Specially crafted tar-archives could cause programs based on libarchive to crash, to run into an enless loop or potentially to even execute arbitrary code (CVE-2007-3641, CVE-2007-3644, CVE-2007-3645). last seen 2020-06-01 modified 2020-06-02 plugin id 27316 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27316 title openSUSE 10 Security Update : libarchive (libarchive-3982) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1455.NASL description Several local/remote vulnerabilities have been discovered in libarchive1, a single library to read/write tar, cpio, pax, zip, iso9660 archives. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3641 It was discovered that libarchive1 would miscompute the length of a buffer resulting in a buffer overflow if yet another type of corruption occurred in a pax extension header. - CVE-2007-3644 It was discovered that if an archive prematurely ended within a pax extension header the libarchive1 library could enter an infinite loop. - CVE-2007-3645 If an archive prematurely ended within a tar header, immediately following a pax extension header, libarchive1 could dereference a NULL pointer. last seen 2020-06-01 modified 2020-06-02 plugin id 29902 published 2008-01-10 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/29902 title Debian DSA-1455-1 : libarchive - denial of service NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200708-03.NASL description The remote host is affected by the vulnerability described in GLSA-200708-03 (libarchive (formerly named as bsdtar): Multiple PaX Extension Header Vulnerabilities) CPNI, CERT-FI, Tim Kientzle, and Colin Percival reported a buffer overflow (CVE-2007-3641), an infinite loop (CVE-2007-3644), and a NULL pointer dereference (CVE-2007-3645) within the processing of archives having corrupted PaX extension headers. Impact : An attacker can trick a user or automated system to process an archive with malformed PaX extension headers into execute arbitrary code, crash an application using the library, or cause a high CPU load. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 25868 published 2007-08-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25868 title GLSA-200708-03 : libarchive (formerly named as bsdtar): Multiple PaX Extension Header Vulnerabilities
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924
- http://osvdb.org/38093
- http://osvdb.org/38094
- http://people.freebsd.org/~kientzle/libarchive/
- http://secunia.com/advisories/26050
- http://secunia.com/advisories/26062
- http://secunia.com/advisories/26355
- http://secunia.com/advisories/28377
- http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc
- http://security.freebsd.org/patches/SA-07:05/libarchive.patch
- http://security.gentoo.org/glsa/glsa-200708-03.xml
- http://www.debian.org/security/2008/dsa-1455
- http://www.kb.cert.org/vuls/id/970849
- http://www.novell.com/linux/security/advisories/2007_15_sr.html
- http://www.securityfocus.com/bid/24885
- http://www.securitytracker.com/id?1018379
- http://www.vupen.com/english/advisories/2007/2521
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35402