Vigil@nce - libtar: integer overflow of th_read
October 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can generate an integer overflow in the th_read()
function of libtar, in order to trigger a denial of service, and
possibly to execute code.
Impacted products: Fedora, MBS, MES, RHEL, Unix (platform)
Severity: 2/4
Creation date: 10/10/2013
DESCRIPTION OF THE VULNERABILITY
The libtar library is used to extract TAR archives.
The th_read() function of the lib/block.c file reads headers of
TAR blocks. However, if fields from the TAR file are too large, a
multiplication overflows, and an allocated memory area is too
short.
An attacker can therefore generate an integer overflow in the
th_read() function of libtar, in order to trigger a denial of
service, and possibly to execute code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/libtar-integer-overflow-of-th-read-13578