FreeBSD LibArchive Remote Denial Of Service Vulnerability
BID:20961
Info
FreeBSD LibArchive Remote Denial Of Service Vulnerability
| Bugtraq ID: | 20961 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2006-5680 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 08 2006 12:00AM |
| Updated: | Nov 13 2006 07:06PM |
| Credit: | This issue was disclosed by the vendor. |
| Vulnerable: |
FreeBSD FreeBSD 6.0 -STABLE FreeBSD FreeBSD 6.1 -STABLE |
| Not Vulnerable: | |
Discussion
FreeBSD LibArchive Remote Denial Of Service Vulnerability
FreeBSD is prone to a remote denial-of-service vulnerability because the 'libarchive' library fails to sufficiently handle corrupted archive files.
An attacker could exploit this issue to exhaust CPU resources on an affected computer, which will cause denial-of-service conditions.
This issue affects FreeBSD 6-STABLE after 2006-09-05 and prior to 2006-11-08.
FreeBSD is prone to a remote denial-of-service vulnerability because the 'libarchive' library fails to sufficiently handle corrupted archive files.
An attacker could exploit this issue to exhaust CPU resources on an affected computer, which will cause denial-of-service conditions.
This issue affects FreeBSD 6-STABLE after 2006-09-05 and prior to 2006-11-08.
Exploit / POC
FreeBSD LibArchive Remote Denial Of Service Vulnerability
To exploit this vulnerability, an attacker must entice a victim to open a corrupted archive file.
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]
To exploit this vulnerability, an attacker must entice a victim to open a corrupted archive file.
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]
Solution / Fix
FreeBSD LibArchive Remote Denial Of Service Vulnerability
Solution:
This issue has been fixed by the vendor as of 2006-11-08 14:05:40UTC. Please see the referenced advisory for information on how to obtain and apply this fix.
Solution:
This issue has been fixed by the vendor as of 2006-11-08 14:05:40UTC. Please see the referenced advisory for information on how to obtain and apply this fix.