Risk | High |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2016-6250 |
CWE-ID | CWE-119 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software |
IBM Tivoli Storage Manager Server applications / File servers (FTP/HTTP) libarchive (Alpine package) Operating systems & Components / Operating system package or component |
Vendor |
IBM Corporation Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one high risk vulnerability.
EUVDB-ID: #VU215
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-6250
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error in libarchive. A remote unauthenticated attacker can cause integer overflow by creating a file with a specially crafted filename that archived as an ISO9660 archive by the target application using libarchive.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Install update from vendor's website.
Vulnerable software versionsIBM Tivoli Storage Manager: 5.1.5
libarchive (Alpine package): 1.0.81ubuntu3 - 1.0.81ubuntu3.1
libarchive (Alpine package): 2.10.3 - 2.10.4
libarchive (Alpine package): 20101020ubuntu318.21 - 20101020ubuntu402
libarchive (Alpine package): 1.5.3-1
libarchive (Alpine package): 3.0pl1-116
libarchive (Alpine package): 0.2.3-2
libarchive (Alpine package): 1.14.0-3
libarchive (Alpine package): 0.11-0ubuntu1 - 0.13ubuntu1
libarchive (Alpine package): 0.7.5-0ubuntu1.16
libarchive (Alpine package): 5.3.12-mariadb122~squeeze
libarchive (Alpine package):
libarchive (Alpine package): before 3.1.2-r4
CPE2.3http://git.alpinelinux.org/aports/commit/?id=87822f4ac4adaaafbbee3ffe58ab6eebdc12907e
http://git.alpinelinux.org/aports/commit/?id=18e265665b4b640f80b99eabc7b585bb91923cd1
http://git.alpinelinux.org/aports/commit/?id=9d0f5e1e02079c44a9c58169c8b78c743edaf7b8
http://git.alpinelinux.org/aports/commit/?id=e9bdabd6e101ba083ed00a8ca911517facd8b1c7
http://git.alpinelinux.org/aports/commit/?id=1245e3e71c664fc180d3a6f17a8aac878007bed2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.