ID CVE-2007-3645
Summary archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (crash) via (1) an end-of-file condition within a tar header that follows a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive, which results in a NULL pointer dereference, a different issue than CVE-2007-3644.
References
Vulnerable Configurations
  • FreeBSD libarchive 2.2.3
    cpe:2.3:a:freebsd:libarchive:2.2.3
CVSS
Base: 4.3 (as of 16-07-2007 - 12:57)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBARCHIVE-3982.NASL
    description Specially crafted tar-archives could cause programs based on libarchive to crash, to run into an enless loop or potentially to even execute arbitrary code (CVE-2007-3641, CVE-2007-3644, CVE-2007-3645).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27316
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27316
    title openSUSE 10 Security Update : libarchive (libarchive-3982)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1455.NASL
    description Several local/remote vulnerabilities have been discovered in libarchive1, a single library to read/write tar, cpio, pax, zip, iso9660 archives. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3641 It was discovered that libarchive1 would miscompute the length of a buffer resulting in a buffer overflow if yet another type of corruption occurred in a pax extension header. - CVE-2007-3644 It was discovered that if an archive prematurely ended within a pax extension header the libarchive1 library could enter an infinite loop. - CVE-2007-3645 If an archive prematurely ended within a tar header, immediately following a pax extension header, libarchive1 could dereference a NULL pointer.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 29902
    published 2008-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29902
    title Debian DSA-1455-1 : libarchive - denial of service
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200708-03.NASL
    description The remote host is affected by the vulnerability described in GLSA-200708-03 (libarchive (formerly named as bsdtar): Multiple PaX Extension Header Vulnerabilities) CPNI, CERT-FI, Tim Kientzle, and Colin Percival reported a buffer overflow (CVE-2007-3641), an infinite loop (CVE-2007-3644), and a NULL pointer dereference (CVE-2007-3645) within the processing of archives having corrupted PaX extension headers. Impact : An attacker can trick a user or automated system to process an archive with malformed PaX extension headers into execute arbitrary code, crash an application using the library, or cause a high CPU load. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 25868
    published 2007-08-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25868
    title GLSA-200708-03 : libarchive (formerly named as bsdtar): Multiple PaX Extension Header Vulnerabilities
refmap via4
bid 24885
confirm
debian DSA-1455
freebsd FreeBSD-SA-07:05.libarchive
gentoo GLSA-200708-03
misc http://security.freebsd.org/patches/SA-07:05/libarchive.patch
osvdb
  • 38093
  • 38094
sectrack 1018379
secunia
  • 26050
  • 26062
  • 26355
  • 28377
suse SUSE-SR:2007:015
vupen ADV-2007-2521
xf freebsd-libarchive-null-pax-dos(35404)
Last major update 29-10-2012 - 22:52
Published 15-07-2007 - 17:30
Last modified 28-07-2017 - 21:32
Back to Top