Integer overflow in isoent_gen_joliet_identifier() in libarchive libarchive



Published: 2016-07-26 | Updated: 2017-01-10
Risk High
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2016-6250
CWE-ID CWE-119
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		libarchive
Client/Desktop applications / Software for archiving

Oracle Linux
Operating systems & Components / Operating system

Vendor libarchive
Oracle

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Integer overflow in isoent_gen_joliet_identifier()

EUVDB-ID: #VU215

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-6250

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error in libarchive. A remote unauthenticated attacker can cause integer overflow by creating a file with a specially crafted filename that archived as an ISO9660 archive by the target application using libarchive.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install the latest version: (3.2.1).

Vulnerable software versions

libarchive: 2.6.992 - 3.2.0

Oracle Linux: 7

External links

http://github.com/libarchive/libarchive/issues/711
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to open a a specially crafted archive.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###