libarchive 'archive_write_zip_data()' Function Local Denial of Service Vulnerability
BID:58926
Info
libarchive 'archive_write_zip_data()' Function Local Denial of Service Vulnerability
| Bugtraq ID: | 58926 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2013-0211 |
| Remote: | No |
| Local: | Yes |
| Published: | Jan 22 2013 12:00AM |
| Updated: | Jul 29 2016 06:00AM |
| Credit: | Fabian Yamaguchi |
| Vulnerable: |
Ubuntu Ubuntu Linux 14.10 Ubuntu Ubuntu Linux 14.04 LTS Ubuntu Ubuntu Linux 12.04 LTS i386 Ubuntu Ubuntu Linux 12.04 LTS amd64 Splunk Splunk Light 6.4.1 Splunk Splunk Light 6.4.0 Splunk Splunk Enterprise 6.4.1 Splunk Splunk Enterprise 6.3.4 Splunk Splunk Enterprise 6.3.3 Splunk Splunk Enterprise 6.3.2 Splunk Splunk Enterprise 6.3.1 Splunk Splunk Enterprise 6.2.9 Splunk Splunk Enterprise 6.2.8 Splunk Splunk Enterprise 6.2.7 Splunk Splunk Enterprise 6.2.6 Splunk Splunk Enterprise 6.2.5 Splunk Splunk Enterprise 6.2.4 Splunk Splunk Enterprise 6.2.3 Splunk Splunk Enterprise 6.2.1 Splunk Splunk Enterprise 6.1.7 Splunk Splunk Enterprise 6.1.6 Splunk Splunk Enterprise 6.1.5 Splunk Splunk Enterprise 6.1.4 Splunk Splunk Enterprise 6.1.3 Splunk Splunk Enterprise 6.1.2 Splunk Splunk Enterprise 6.1.1 Splunk Splunk Enterprise 6.4.0 Splunk Splunk Enterprise 6.3.5 Splunk Splunk Enterprise 6.3.0 Splunk Splunk Enterprise 6.2.2 Splunk Splunk Enterprise 6.2.10 Splunk Splunk Enterprise 6.1.10 Splunk Splunk Enterprise 6.1.0 Splunk Splunk Enterprise 6.0.11 Splunk Splunk Enterprise 5.0.15 Mandriva Business Server 1 X86 64 Mandriva Business Server 1 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 libarchive libarchive 3.0.4 Gentoo Linux FreeBSD Freebsd 9.3-RELEASE-p9 FreeBSD FreeBSD 9.3-RELEASE-p6 FreeBSD FreeBSD 9.3-RELEASE-p5 FreeBSD Freebsd 9.3-RELEASE-p42 FreeBSD Freebsd 9.3-RELEASE-p41 FreeBSD Freebsd 9.3-RELEASE-p39 FreeBSD Freebsd 9.3-RELEASE-p38 FreeBSD Freebsd 9.3-RELEASE-p36 FreeBSD Freebsd 9.3-RELEASE-p35 FreeBSD Freebsd 9.3-RELEASE-p34 FreeBSD Freebsd 9.3-RELEASE-p33 FreeBSD Freebsd 9.3-RELEASE-p31 FreeBSD FreeBSD 9.3-RELEASE-p3 FreeBSD Freebsd 9.3-RELEASE-p29 FreeBSD Freebsd 9.3-RELEASE-p25 FreeBSD Freebsd 9.3-RELEASE-p24 FreeBSD Freebsd 9.3-RELEASE-p22 FreeBSD Freebsd 9.3-RELEASE-p21 FreeBSD FreeBSD 9.3-RELEASE-p2 FreeBSD Freebsd 9.3-RELEASE-p13 FreeBSD Freebsd 9.3-RELEASE-p10 FreeBSD FreeBSD 9.3-RELEASE-p1 |
| Not Vulnerable: |
Splunk Splunk Light 6.4.2 Splunk Splunk Enterprise 6.4.2 Splunk Splunk Enterprise 6.3.6 Splunk Splunk Enterprise 6.2.11 Splunk Splunk Enterprise 6.1.11 Splunk Splunk Enterprise 6.0.12 Splunk Splunk Enterprise 5.0.16 libarchive libarchive 3.0.4-3 FreeBSD Freebsd 9.3-RELEASE-p43 |
Discussion
libarchive 'archive_write_zip_data()' Function Local Denial of Service Vulnerability
'libarchive' is prone to a local denial-of-service vulnerability.
Local attackers can exploit this issue to cause denial-of-service conditions. Other attacks may be possible.
'libarchive' is prone to a local denial-of-service vulnerability.
Local attackers can exploit this issue to cause denial-of-service conditions. Other attacks may be possible.
Exploit / POC
libarchive 'archive_write_zip_data()' Function Local Denial of Service Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
libarchive 'archive_write_zip_data()' Function Local Denial of Service Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
MandrakeSoft Enterprise Server 5 x86_64
MandrakeSoft Enterprise Server 5
Mandriva Business Server 1 X86 64
Solution:
Updates are available. Please see the references or vendor advisory for more information.
MandrakeSoft Enterprise Server 5 x86_64
-
Mandriva bsdtar-2.5.5-1.2mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64archive-devel-2.5.5-1.2mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64archive2-2.5.5-1.2mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/
MandrakeSoft Enterprise Server 5
-
Mandriva bsdtar-2.5.5-1.2mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libarchive-devel-2.5.5-1.2mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libarchive2-2.5.5-1.2mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/
Mandriva Business Server 1 X86 64
-
Mandriva bsdcpio-3.0.3-2.1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva bsdtar-3.0.3-2.1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64archive-devel-3.0.3-2.1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64archive12-3.0.3-2.1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/
References
libarchive 'archive_write_zip_data()' Function Local Denial of Service Vulnerability
References:
References:
- Bug 902998 - (CVE-2013-0211) libarchive: read buffer overflow on 64-bit systems (Red Hat)
- libarchive Homepage (libarchive)
- Limit write requests to at most INT_MAX (libarchive)
- FreeBSD-SA-16:23.libarchive: Buffer overflow in libarchive(3) (FreeBSD)
- Splunk Enterprise 6.4.2, 6.3.6, 6.2.11, 6.1.11, 6.0.12, 5.0.16 and Splunk Light (Splunk)
- Splunk Enterprise 6.4.2, 6.3.6, 6.2.11, 6.1.11, 6.0.12, 5.0.16 and Splunk Light (Splunk)