Update closes DoS hole in FreeBSD
FreeBSD's developers have released an update for FreeBSD 6-STABLE, RELENG_6 and 6.2 RC1 to remove a DoS vulnerability in the libarchive library. Libarchive is used by tar and cpio, among others, to read and write streams. A flaw related to the skipping of a region at the end of a file can lead the libarchive into an infinite loop. This in turn ends up consuming all of a system's CPU resources until it no longer responds.
The FreeBSD advisory reports that this can occur even during the extraction of a rigged archive (tar -x) or during display of its contents (tar -t). The problem can also occur with other applications that use the library as well. Under normal circumstances, the developers of FreeBSD follow a policy of not issuing updates for local DoS vulnerabilities. Questioned by heise Security, Colin Percival from the FreeBSD security team explained that in this case a remote DoS hole is involved, since users typically download archives from non-trustworthy pages. Past flaws related to gzip behaved in a similar manner.
- Infinite loop in corrupt archives handling in libarchive, flaw advisory from FreeBSD
(ehe)