== Background == libarchive is a library for manipulating different streaming archive formats, including certain tar variants, several cpio formats, and both BSD and GNU ar variants. == Affected software == bsdtar == Version == All tests were performed using commit 296efb3db188fa4bf7b0e7b5c61d404f9145f0ab == Description == Initial fuzzing was performed using afl-fuzzer Using a crafted tar file bsdtar can perform an out-of-bounds memory read which will lead to a SEGFAULT. The issue exists when the executable skips data in the archive. The amount of data to skip is defined in byte offset [16-19] If ASLR is disabled, the issue can lead to high CPU load, and potential CPU exhaustion in single-core hosts. The issue turned out to be a problem with the cpio reader: Libarchive identifies the constructed file as a big-endian binary cpio format with a very large (>2GB) size. An overflow in parsing the size field caused libarchive to treat this size as a negative value and lead to an attempt to skip the file position forward by a negative number of bytes. == PoC == Additional information and PoC archive can be found here http://ift.tt/1bQEUP5 == Solution == The issue was fixed in commit e6c9668f3202215ddb71617b41c19b6f05acf008. == Timeline == 2015-01-29 - Initial report 2015-02-02 - Response with proposed fix 2015-02-02 - Fix was confirmed to resolve the issue == Credits == Reported by Paris Zoumpouloglou of Project Zero labs (https://projectzero.gr)
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment