Libarchive vulnerability can lead to code execution on Linux, FreeBSD, NetBSD

guest · Nov 5, 2019

Libarchive vulnerability can lead to code execution on Linux, FreeBSD, NetBSD
Bug discovered by Google. Impacts Linux and BSD distros, but not Windows and macOS
November 6, 2019
https://www.zdnet.com/article/libar...ad-to-code-execution-on-linux-freebsd-netbsd/

A compression library included by default in Debian, Ubuntu, Gentoo, Arch Linux, FreeBSD, and NetBSD distros, contains a vulnerability that can allow hackers to execute code on user machines.

The macOS and Windows operating systems, where this library is also included and used as a default decompression utility, are not affected.
CVE-2019-18408 IN LIBARCHIVE
Last week, details about a major bug impacting the library have been made public after several Linux and FreeBSD distros rolled out updates containing patches for the Libarchive version they had been shipping out to users.
The bug, tracked under the CVE-2019-18408 identifier, allows an attacker to execute code on a user's system via a malformed archive file.
COULD HAVE BEEN MUCH WORSE
The list of vulnerable operating systems and software utilities that ship Libarchive is exhaustive, opening a huge attack surface for malicious threat actors.
Click to expand...

Log in or Sign up

Libarchive vulnerability can lead to code execution on Linux, FreeBSD, NetBSD

guest Guest

Log in or Sign up

Libarchive vulnerability can lead to code execution on Linux, FreeBSD, NetBSD

guest Guest

Useful Searches