985826 – (CVE-2016-4301) VUL-0: CVE-2016-4301: bsdtar,libarchive: Stack buffer overflow in the mtree parse_device

Bug 985826 (CVE-2016-4301) - VUL-0: CVE-2016-4301: bsdtar,libarchive: Stack buffer overflow in the mtree parse_device

Summary: VUL-0: CVE-2016-4301: bsdtar,libarchive: Stack buffer overflow in the mtree p...

Status:	RESOLVED FIXED

Alias:	CVE-2016-4301

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Major
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/170371/
Whiteboard:	CVSSv2:SUSE:CVE-2016-4301:6.8:(AV:N/A...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2016-06-21 09:03 UTC by Marcus Meissner
Modified:	2020-04-23 15:40 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
foo.mtree (61 bytes, text/plain) 2016-06-21 09:11 UTC, Marcus Meissner	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2016-06-21 09:03:36 UTC

http://www.talosintel.com/reports/TALOS-2016-0153/

TALOS-2016-0153
Libarchive mtree parse_device Code Execution Vulnerability
June 19, 2016
Report ID

CVE-2016-4301
Summary

An exploitable stack based buffer overflow vulnerability exists in the mtree parse_device functionality of libarchive. A specially crafted mtree file can cause a buffer overflow resulting in memory corruption/code execution. An attacker can send a malformed file to trigger this vulnerability.
Tested Versions

libarchive 3.1.2


https://github.com/libarchive/libarchive/commit/a550daeecf6bc689ade371349892ea17b5b97c77

Comment 1 Marcus Meissner 2016-06-21 09:11:16 UTC

Created attachment 681478 [details]
foo.mtree

QA REPRPODUCER:

bsdtar xf foo.mtree

or with valgrind

(doers not report things on 13.2 for me)

Comment 2 Swamp Workflow Management 2016-06-21 22:00:14 UTC

bugbot adjusting priority

Comment 3 Swamp Workflow Management 2016-07-29 12:12:12 UTC

SUSE-SU-2016:1909-1: An update that fixes 20 vulnerabilities is now available.

Category: security (important)
Bug References: 984990,985609,985665,985669,985673,985675,985679,985682,985685,985688,985689,985697,985698,985700,985703,985704,985706,985826,985832,985835
CVE References: CVE-2015-8918,CVE-2015-8919,CVE-2015-8920,CVE-2015-8921,CVE-2015-8922,CVE-2015-8923,CVE-2015-8924,CVE-2015-8925,CVE-2015-8926,CVE-2015-8928,CVE-2015-8929,CVE-2015-8930,CVE-2015-8931,CVE-2015-8932,CVE-2015-8933,CVE-2015-8934,CVE-2016-4300,CVE-2016-4301,CVE-2016-4302,CVE-2016-4809
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    libarchive-3.1.2-22.1
SUSE Linux Enterprise Server 12-SP1 (src):    libarchive-3.1.2-22.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    libarchive-3.1.2-22.1

Comment 4 Swamp Workflow Management 2016-08-11 15:16:34 UTC

openSUSE-SU-2016:2036-1: An update that fixes 20 vulnerabilities is now available.

Category: security (important)
Bug References: 984990,985609,985665,985669,985673,985675,985679,985682,985685,985688,985689,985697,985698,985700,985703,985704,985706,985826,985832,985835
CVE References: CVE-2015-8918,CVE-2015-8919,CVE-2015-8920,CVE-2015-8921,CVE-2015-8922,CVE-2015-8923,CVE-2015-8924,CVE-2015-8925,CVE-2015-8926,CVE-2015-8928,CVE-2015-8929,CVE-2015-8930,CVE-2015-8931,CVE-2015-8932,CVE-2015-8933,CVE-2015-8934,CVE-2016-4300,CVE-2016-4301,CVE-2016-4302,CVE-2016-4809
Sources used:
openSUSE Leap 42.1 (src):    libarchive-3.1.2-13.2

Comment 5 Adrian Schröter 2018-10-10 13:27:09 UTC

is done

Comment 8 Alexandros Toptsoglou 2020-04-23 15:40:06 UTC

Done