Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 16 Sep 2016 02:15:59 +0000
From: Gulshan Singh <gsingh2011@...il.com>
To: OSS Security List <oss-security@...ts.openwall.com>
Subject: Re: Libarchive/bsdtar: multiple crashes

I dug into
https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-memory-corruptionunknown-crash-in-bid_entry-archive_read_support_format_mtree-c/,
which I had reported here earlier (thanks for the mention):
https://github.com/libarchive/libarchive/issues/747

After digging into the bug, it seemed it wasn't exploitable, and could only
lead to a crash, so I decided to not send it out to the list and request a
CVE.

On Thu, Sep 15, 2016 at 8:54 AM Agostino Sarubbo <ago@...too.org> wrote:

> Hello all.
>
> I'd like to make people aware of the following crashes in libarchive/bsdtar
> found by fuzzing (all issues are public on github):
>
> The most dangerous, an out of bounds stack write (which is also fixed
> upstream):
>
> https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-stack-based-buffer-overflow-in-bsdtar_expand_char-util-c/
>
>
> The following are buffer over read of 1 (all are unfixed upstream ATM):
>
>
> https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-heap-based-buffer-overflow-in-detect_form-archive_read_support_format_mtree-c/
>
> https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-heap-based-buffer-overflow-in-read_header-archive_read_support_format_7zip-c/
>
> https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-memory-corruptionunknown-crash-in-bid_entry-archive_read_support_format_mtree-c/
>
> https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-heap-based-buffer-overflow-in-bid_entry-archive_read_support_format_mtree-c/
>
> As stated in the posts, the two latest bug could be the same, but I didn't
> have an upstream response about, so I posted both stacktrace to better
> track
> the issues.
>
>
> The following are use-after-free (all are unfixed upstream ATM):
>
> https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-use-after-free-in-bid_entry-archive_read_support_format_mtree-c/
>
> https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-use-after-free-in-detect_form-archive_read_support_format_mtree-c/
>
> As stated in the posts, they could be the same.
> I didn't have an upstream response too for those.
>
>
> Agostino
>

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ