Verity KeyView Viewer SDK tarrdr.dll TAR Extraction Overflow

2006-02-10T09:47:53
ID OSVDB:23067
Type osvdb
Reporter Carsten Eiram()
Modified 2006-02-10T09:47:53

Description

Vulnerability Description

A remote overflow exists in Verity KeyView Viewer SDK. 'tarrdr.dll' fails to perform bounds checking on filenames of files contained by TAR archives, resulting in a stack based overflow. With a specially crafted TAR archive, an attacker can cause arbitrary code execution when the archive is extracted with an application using the vulnerable viewer, resulting in a loss of integrity.

Solution Description

Upgrade to version 8.2, 9.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in Verity KeyView Viewer SDK. 'tarrdr.dll' fails to perform bounds checking on filenames of files contained by TAR archives, resulting in a stack based overflow. With a specially crafted TAR archive, an attacker can cause arbitrary code execution when the archive is extracted with an application using the vulnerable viewer, resulting in a loss of integrity.

References:

Vendor URL: http://www.verity.com/products/oem/keyview/features/keyview_viewing_sdk.html Vendor URL: http://www.verity.com/products/oem_solutions/keyview/ Vendor Specific Advisory URL Security Tracker: 1015657 Secunia Advisory ID:16100 Secunia Advisory ID:16280 Related OSVDB ID: 23064 Related OSVDB ID: 23066 Related OSVDB ID: 23065 Related OSVDB ID: 23068 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0186.html FrSIRT Advisory: ADV-2006-0500 CVE-2005-2618 CERT VU: 884076