Vulnerability identifier: #VU33272
Vulnerability risk: Medium
CVSSv3.1: 4.8 [AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
libarchive
Client/Desktop applications /
Software for archiving
Vendor: libarchive
Description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary error in the copy_from_lzss_window function in archive_read_support_format_rar.c. A remote attacker can create a crafted rar file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
Mitigation
Update to version 3.2.1.
Vulnerable software versions
libarchive: 3.0.0 - 3.2.0
External links
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html
http://rhn.redhat.com/errata/RHSA-2016-1844.html
http://www.debian.org/security/2016/dsa-3657
http://www.openwall.com/lists/oss-security/2016/06/17/2
http://www.openwall.com/lists/oss-security/2016/06/17/5
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
http://www.securityfocus.com/bid/91409
http://www.ubuntu.com/usn/USN-3033-1
http://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html
http://github.com/libarchive/libarchive/issues/521
http://security.gentoo.org/glsa/201701-03
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.