Libarchive is included by default with Debian, Ubuntu, Gentoo, Arch Linux, FreeBSD, and NetBSD, and the vulnerability allows an attacker to execute arbitrary code on a vulnerable machine.
It is reported that Windows and macOS, which include the library, are not vulnerable.
“Thankfully, Windows and macOS, today’s two most popular operating systems are not impacted; otherwise, the bug would have caused major headaches to users all over the world”, — report ZDNet magazine journalists.
The bug received the identifier CVE-2019-18408. It allows an attacker to execute arbitrary code in the system using a specially created archive file. The problem can be exploited through a malicious file obtained from cybercriminals through local applications that use various components of Libarchive in their work.
Read also: Linux and FreeBSD TCP Stacks Revealed DoS Vulnerabilities
Information about the problem was released only recently, after the release of patches for Linux and FreeBSD. Vulnerability is already fixed in Libarchive version 3.4.0. Most Linux distributions have already fixed the problem.
“The list of vulnerable operating systems and software utilities that ship Libarchive is exhaustive, opening a huge attack surface for malicious threat actors”, — write ZDNet journalists.
GitHub has published a list of vulnerable operating systems and applications, which includes desktop and server operating systems, package managers, security utilities, file browsers and so on, including well-known names such as pkgutils, Pacman, CMake, Nautilus and Samba.
At this stage, nothing is known about any public exploit code to test this vulnerability or about attempts to exploit it in the wild.
About Colidunt.xyz Colidunt.xyz pop-ups can not open out of nowhere. If you have clicked some…
About Myflisblog.com Myflisblog.com pop-ups can not open out of the blue. If you have clicked…
About Dofenpas.xyz Dofenpas.xyz pop-ups can not expose out of the blue. If you have clicked…
About Bifotend.xyz Bifotend.xyz pop-ups can not expose out of nowhere. If you have clicked on…
About Likudservices.com Likudservices.com pop-ups can not launch out of nowhere. If you have actually clicked…
About Codebenmike.live Codebenmike.live pop-ups can not introduce out of the blue. If you have clicked…