Heap-based buffer overflow in libarchive (Alpine package)



Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2016-4302
CWE-ID CWE-122
Exploitation vector Local
Public exploit N/A
Vulnerable software
IBM Tivoli Storage Manager
Server applications / File servers (FTP/HTTP)

libarchive (Alpine package)
Operating systems & Components / Operating system package or component

Vendor IBM Corporation
Alpine Linux Development Team

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Heap-based buffer overflow

EUVDB-ID: #VU32264

Risk: Medium

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2016-4302

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1. A remote attacker can use a RAR file with a zero-sized dictionary. to trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Tivoli Storage Manager: 5.1.5

libarchive (Alpine package): 1.5.3-1

libarchive (Alpine package): 3.0pl1-116

libarchive (Alpine package): 0.2.3-2

libarchive (Alpine package): before 3.1.2-r4

CPE2.3 External links

http://git.alpinelinux.org/aports/commit/?id=87822f4ac4adaaafbbee3ffe58ab6eebdc12907e
http://git.alpinelinux.org/aports/commit/?id=18e265665b4b640f80b99eabc7b585bb91923cd1
http://git.alpinelinux.org/aports/commit/?id=9d0f5e1e02079c44a9c58169c8b78c743edaf7b8
http://git.alpinelinux.org/aports/commit/?id=e9bdabd6e101ba083ed00a8ca911517facd8b1c7
http://git.alpinelinux.org/aports/commit/?id=1245e3e71c664fc180d3a6f17a8aac878007bed2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###