Vulnerability Details : CVE-2016-5418
The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.
Vulnerability category: Input validation
Products affected by CVE-2016-5418
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*
- cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*
- cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-5418
0.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 51 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-5418
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2016-5418
-
Assigned by: nvd@nist.gov (Primary)
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-5418
-
https://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9
Fixes for Issue #745 and Issue #746 from Doran Moppert. · libarchive/libarchive@dfd6b54 · GitHubPatch
-
http://rhn.redhat.com/errata/RHSA-2016-1850.html
RHSA-2016:1850 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2016:1853
RHSA-2016:1853 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-1844.html
RHSA-2016:1844 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2016:1852
RHSA-2016:1852 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.securityfocus.com/bid/93165
libarchive CVE-2016-5418 Arbitrary File Write Vulnerability
-
https://security.gentoo.org/glsa/201701-03
libarchive: Multiple vulnerabilities (GLSA 201701-03) — Gentoo security
-
https://bugzilla.redhat.com/show_bug.cgi?id=1362601
1362601 – (CVE-2016-5418) CVE-2016-5418 libarchive: Archive Entry with type 1 (hardlink), but has a non-zero data size file overwriteIssue Tracking;Third Party Advisory;VDB Entry
-
http://www.openwall.com/lists/oss-security/2016/08/09/2
oss-security - FreeBSD update components vulns (libarchive, bsdiff, portsnap)Exploit;Technical Description
-
https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f
FreeBSD · GitHubExploit;Technical Description
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
Oracle Linux Bulletin - July 2016Third Party Advisory
-
https://github.com/libarchive/libarchive/issues/746
Hard links with data can evade sandboxing restrictions · Issue #746 · libarchive/libarchive · GitHubExploit;Patch
Jump to