ID CVE-2015-8933
Summary Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file.
References
Vulnerable Configurations
  • libarchive 3.1.901a
    cpe:2.3:a:libarchive:libarchive:3.1.901a
  • SUSE Linux Enterprise Desktop 12 Service Pack 1
    cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1
  • SUSE Linux Enterprise Server 12 Service Pack 1
    cpe:2.3:o:suse:linux_enterprise_server:12:sp1
  • SUSE Linux Enterprise Software Development Kit (SDK) 12 Service Pack 1
    cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1
  • Canonical Ubuntu Linux 12.04 LTS
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:-:-:lts
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 15.10
    cpe:2.3:o:canonical:ubuntu_linux:15.10
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
CVSS
Base: 4.3 (as of 20-09-2016 - 12:20)
Impact:
Exploitability:
CWE CWE-190
CAPEC
  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3657.NASL
    description Hanno Boeck and Marcin Noga discovered multiple vulnerabilities in libarchive; processing malformed archives may result in denial of service or the execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 93238
    published 2016-08-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93238
    title Debian DSA-3657-1 : libarchive - security update
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3033-1.NASL
    description Hanno Bock discovered that libarchive contained multiple security issues when processing certain malformed archive files. A remote attacker could use this issue to cause libarchive to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-8916, CVE-2015-8917 CVE-2015-8919, CVE-2015-8920, CVE-2015-8921, CVE-2015-8922, CVE-2015-8923, CVE-2015-8924, CVE-2015-8925, CVE-2015-8926, CVE-2015-8928, CVE-2015-8930, CVE-2015-8931, CVE-2015-8932, CVE-2015-8933, CVE-2015-8934, CVE-2016-5844) Marcin 'Icewall' Noga discovered that libarchive contained multiple security issues when processing certain malformed archive files. A remote attacker could use this issue to cause libarchive to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-4300, CVE-2016-4302) It was discovered that libarchive incorrectly handled memory allocation with large cpio symlinks. A remote attacker could use this issue to possibly cause libarchive to crash, resulting in a denial of service. (CVE-2016-4809). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 92312
    published 2016-07-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92312
    title Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : libarchive vulnerabilities (USN-3033-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-969.NASL
    description libarchive was updated to fix 20 security issues. These security issues were fixed : - CVE-2015-8918: Overlapping memcpy in CAB parser (bsc#985698). - CVE-2015-8919: Heap out of bounds read in LHA/LZH parser (bsc#985697). - CVE-2015-8920: Stack out of bounds read in ar parser (bsc#985675). - CVE-2015-8921: Global out of bounds read in mtree parser (bsc#985682). - CVE-2015-8922: NULL pointer access in 7z parser (bsc#985685). - CVE-2015-8923: Unclear crashes in ZIP parser (bsc#985703). - CVE-2015-8924: Heap buffer read overflow in tar (bsc#985609). - CVE-2015-8925: Unclear invalid memory read in mtree parser (bsc#985706). - CVE-2015-8926: NULL pointer access in RAR parser (bsc#985704). - CVE-2015-8928: Heap out of bounds read in mtree parser (bsc#985679). - CVE-2015-8929: Memory leak in tar parser (bsc#985669). - CVE-2015-8930: Endless loop in ISO parser (bsc#985700). - CVE-2015-8931: Undefined behavior / signed integer overflow in mtree parser (bsc#985689). - CVE-2015-8932: Compress handler left shifting larger than int size (bsc#985665). - CVE-2015-8933: Undefined behavior / signed integer overflow in TAR parser (bsc#985688). - CVE-2015-8934: Out of bounds read in RAR (bsc#985673). - CVE-2016-4300: Heap buffer overflow vulnerability in the 7zip read_SubStreamsInfo (bsc#985832). - CVE-2016-4301: Stack-based buffer overflow in the mtree parse_device (bsc#985826). - CVE-2016-4302: Heap buffer overflow in the Rar decompression functionality (bsc#985835). - CVE-2016-4809: Memory allocate error with symbolic links in cpio archives (bsc#984990). This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 92975
    published 2016-08-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92975
    title openSUSE Security Update : libarchive (openSUSE-2016-969)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-1909-1.NASL
    description libarchive was updated to fix 20 security issues. These security issues were fixed : - CVE-2015-8918: Overlapping memcpy in CAB parser (bsc#985698). - CVE-2015-8919: Heap out of bounds read in LHA/LZH parser (bsc#985697). - CVE-2015-8920: Stack out of bounds read in ar parser (bsc#985675). - CVE-2015-8921: Global out of bounds read in mtree parser (bsc#985682). - CVE-2015-8922: NULL pointer access in 7z parser (bsc#985685). - CVE-2015-8923: Unclear crashes in ZIP parser (bsc#985703). - CVE-2015-8924: Heap buffer read overflow in tar (bsc#985609). - CVE-2015-8925: Unclear invalid memory read in mtree parser (bsc#985706). - CVE-2015-8926: NULL pointer access in RAR parser (bsc#985704). - CVE-2015-8928: Heap out of bounds read in mtree parser (bsc#985679). - CVE-2015-8929: Memory leak in tar parser (bsc#985669). - CVE-2015-8930: Endless loop in ISO parser (bsc#985700). - CVE-2015-8931: Undefined behavior / signed integer overflow in mtree parser (bsc#985689). - CVE-2015-8932: Compress handler left shifting larger than int size (bsc#985665). - CVE-2015-8933: Undefined behavior / signed integer overflow in TAR parser (bsc#985688). - CVE-2015-8934: Out of bounds read in RAR (bsc#985673). - CVE-2016-4300: Heap buffer overflow vulnerability in the 7zip read_SubStreamsInfo (bsc#985832). - CVE-2016-4301: Stack buffer overflow in the mtree parse_device (bsc#985826). - CVE-2016-4302: Heap buffer overflow in the Rar decompression functionality (bsc#985835). - CVE-2016-4809: Memory allocate error with symbolic links in cpio archives (bsc#984990). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 93185
    published 2016-08-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93185
    title SUSE SLED12 / SLES12 Security Update : libarchive (SUSE-SU-2016:1909-1)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2017-0010_LIBARCHIVE.NASL
    description An update of the libarchive package has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 121677
    published 2019-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121677
    title Photon OS 1.0: Libarchive PHSA-2017-0010
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-554.NASL
    description Several vulnerabilities were discovered in libarchive, a library for reading and writing archives in various formats. An attacker can take advantage of these flaws to cause a denial of service against an application using the libarchive library (application crash), or potentially execute arbitrary code with the privileges of the user running the application. For Debian 7 'Wheezy', these problems have been fixed in version 3.0.4-3+wheezy2. We recommend that you upgrade your libarchive packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-09
    plugin id 92500
    published 2016-07-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92500
    title Debian DLA-554-1 : libarchive security update
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201701-03.NASL
    description The remote host is affected by the vulnerability described in GLSA-201701-03 (libarchive: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libarchive. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted archive file possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2017-01-03
    plugin id 96234
    published 2017-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96234
    title GLSA-201701-03 : libarchive: Multiple vulnerabilities
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2017-0010.NASL
    description An update of [binutils,ntp,libarchive] packages for PhotonOS has been released.
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 111859
    published 2018-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111859
    title Photon OS 1.0: Binutils / Libarchive / Ntp PHSA-2017-0010 (deprecated)
refmap via4
bid 91421
confirm https://github.com/libarchive/libarchive/issues/548
debian DSA-3657
gentoo GLSA-201701-03
misc https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html
mlist
  • [oss-security] 20160617 Many invalid memory access issues in libarchive
  • [oss-security] 20160617 Re: Many invalid memory access issues in libarchive
suse SUSE-SU-2016:1909
ubuntu USN-3033-1
Last major update 28-11-2016 - 14:50
Published 20-09-2016 - 10:15
Last modified 03-11-2017 - 21:29
Back to Top