Vulnerability CVE-2006-5680

Vulnerability Name:

CVE-2006-5680 (CCN-30137)

Assigned:

2006-11-08

Published:

2006-11-08

Updated:

2017-07-20

Summary:

The libarchive library in FreeBSD 6-STABLE after 2006-09-05 and before 2006-11-08 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive that causes libarchive to skip a region past the actual end of the archive, which triggers an infinite loop that attempts to read more data.

CVSS v3 Severity:

5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.4 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C)
4.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2006-5680

Source: CCN
Type: SA22723
libarchive Denial of Service Vulnerability

Source: SECUNIA
Type: UNKNOWN
22723

Source: SECUNIA
Type: UNKNOWN
22801

Source: CCN
Type: FreeBSD-SA-06:24.libarchive
Infinite loop in corrupt archives handling in libarchive(3)

Source: FREEBSD
Type: Exploit, Vendor Advisory
FreeBSD-SA-06:24

Source: CCN
Type: SECTRACK ID: 1017199
libarchive Lets Remote Users Deny Service Via Specially Crafted Archives

Source: SECTRACK
Type: UNKNOWN
1017199

Source: CCN
Type: OSVDB ID: 30259
libarchive Malformed File Infinite Loop DoS

Source: BID
Type: UNKNOWN
20961

Source: CCN
Type: BID-20961
FreeBSD LibArchive Remote Denial Of Service Vulnerability

Source: XF
Type: UNKNOWN
freebsd-libarchive-file-dos(30137)

Source: XF
Type: UNKNOWN
freebsd-libarchive-file-dos(30137)

Vulnerable Configuration:

Configuration 1:

cpe:/o:freebsd:freebsd:6:stable:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:freebsd:libarchive:-:*:*:*:*:*:*:*

AND

cpe:/o:freebsd:freebsd:6.0:-:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20065680	V	CVE-2006-5680	2022-06-30
oval:org.opensuse.security:def:42350	P	Security update for libeconf, shadow and util-linux (Moderate)	2022-03-04
oval:org.opensuse.security:def:112025	P	bsdtar-3.5.1-1.5 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:26225	P	Security update for libsndfile (Important)	2022-01-05
oval:org.opensuse.security:def:26188	P	Security update for gegl (Important)	2021-12-28
oval:org.opensuse.security:def:31720	P	Security update for xorg-x11-server (Important)	2021-12-14
oval:org.opensuse.security:def:31717	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:42147	P	Security update for glib-networking (Important)	2021-12-06
oval:org.opensuse.security:def:32230	P	Security update for xen (Moderate)	2021-12-01
oval:org.opensuse.security:def:26172	P	Security update for webkit2gtk3 (Important)	2021-11-23
oval:org.opensuse.security:def:31294	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:26152	P	Security update for postgresql10 (Important)	2021-10-20
oval:org.opensuse.security:def:105581	P	bsdtar-3.5.1-1.5 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:32186	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:31269	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:26123	P	Security update for openssl-1_0_0 (Low)	2021-09-09
oval:org.opensuse.security:def:32164	P	Security update for java-1_8_0-openjdk (Important)	2021-08-20
oval:org.opensuse.security:def:31662	P	Security update for libsndfile (Critical)	2021-08-05
oval:org.opensuse.security:def:31661	P	Security update for webkit2gtk3 (Important)	2021-08-03
oval:org.opensuse.security:def:31208	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-06-18
oval:org.opensuse.security:def:31644	P	Security update for xterm (Important)	2021-06-18
oval:org.opensuse.security:def:31209	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)	2021-06-18
oval:org.opensuse.security:def:32125	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-06-18
oval:org.opensuse.security:def:31643	P	Security update for apache2 (Important)	2021-06-17
oval:org.opensuse.security:def:36177	P	libarchive2-2.5.5-5.19 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:26070	P	Security update for spice (Important)	2021-06-08
oval:org.opensuse.security:def:36435	P	libarchive-devel-2.5.5-5.19 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:26068	P	Security update for libX11 (Important)	2021-06-08
oval:org.opensuse.security:def:42584	P	libarchive2-2.5.5-5.19 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:26067	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:31628	P	Security update for dhcp (Important)	2021-06-01
oval:org.opensuse.security:def:26060	P	Security update for postgresql13 (Moderate)	2021-05-27
oval:org.opensuse.security:def:32907	P	Security update for gdm (Important)	2021-04-28
oval:org.opensuse.security:def:32076	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-04-28
oval:org.opensuse.security:def:33101	P	Security update for nghttp2 (Important)	2021-03-24
oval:org.opensuse.security:def:31361	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)	2021-03-17
oval:org.opensuse.security:def:26211	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:31729	P	Security update for screen (Important)	2021-02-17
oval:org.opensuse.security:def:32253	P	Security update for python (Important)	2021-02-11
oval:org.opensuse.security:def:31655	P	Security update for MozillaFirefox (Important)	2021-01-29
oval:org.opensuse.security:def:31220	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:32097	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:25985	P	Security update for gimp (Moderate)	2020-12-29
oval:org.opensuse.security:def:25984	P	Security update for cyrus-sasl (Important)	2020-12-28
oval:org.opensuse.security:def:32020	P	Security update for cyrus-sasl (Important)	2020-12-28
oval:org.opensuse.security:def:32010	P	Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)	2020-12-07
oval:org.opensuse.security:def:35583	P	libarchive2-2.5.5-5.19 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35740	P	libarchive2-2.5.5-5.19 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:41990	P	libarchive2-2.5.5-5.19 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35943	P	libarchive2-2.5.5-5.19 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:25970	P	Security update for gdm (Important)	2020-12-03
oval:org.opensuse.security:def:25505	P	Security update for python-PyYAML (Important)	2020-12-01
oval:org.opensuse.security:def:26356	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:32419	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:25419	P	Security update for kernel-firmware (Important)	2020-12-01
oval:org.opensuse.security:def:26023	P	Security update for evince (Important)	2020-12-01
oval:org.opensuse.security:def:25697	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:31864	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:26444	P	Security update for mumble (Moderate)	2020-12-01
oval:org.opensuse.security:def:26583	P	libarchive2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25560	P	Security update for openldap2 (Important)	2020-12-01
oval:org.opensuse.security:def:31766	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26907	P	gnome-screensaver on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25835	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26760	P	libpoppler-glib4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26269	P	Security update for python3-requests (Moderate)	2020-12-01
oval:org.opensuse.security:def:25764	P	Security update for webkitgtk (Moderate)	2020-12-01
oval:org.opensuse.security:def:31827	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:25292	P	Security update for libX11 (Important)	2020-12-01
oval:org.opensuse.security:def:31426	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27433	P	libarchive-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25726	P	Security update for python36 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26410	P	Security update for freexl (Important)	2020-12-01
oval:org.opensuse.security:def:25852	P	Security update for flash-playerqemu (Important)	2020-12-01
oval:org.opensuse.security:def:32666	P	ft2demos on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25367	P	Security update for MozillaFirefox (Moderate)	2020-12-01
oval:org.opensuse.security:def:31575	P	Security update for sudo	2020-12-01
oval:org.opensuse.security:def:32463	P	Security update for xorg-x11-libXpm (Moderate)	2020-12-01
oval:org.opensuse.security:def:25738	P	Security update for libxslt (Moderate)	2020-12-01
oval:org.opensuse.security:def:31953	P	Security update for gstreamer-0_10-plugins-base (Moderate)	2020-12-01
oval:org.opensuse.security:def:26614	P	mozilla-xulrunner190 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25910	P	Security update for gstreamer-0_10-plugins-base (Low)	2020-12-01
oval:org.opensuse.security:def:31052	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25576	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31818	P	Security update for audiofile (Moderate)	2020-12-01
oval:org.opensuse.security:def:33140	P	libarchive2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31410	P	Security update for php53 (Important)	2020-12-01
oval:org.opensuse.security:def:25930	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:26702	P	fuse on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26740	P	libarchive2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25134	P	Security update for apache2 (Important)	2020-12-01
oval:org.opensuse.security:def:31137	P	Security update for kvm and libvirt	2020-12-01
oval:org.opensuse.security:def:25717	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:31923	P	Security update for ghostscript-library (Moderate)	2020-12-01
oval:org.opensuse.security:def:27140	P	gstreamer-0_10-plugins-base on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31422	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32309	P	Security update for quagga (Moderate)	2020-12-01
oval:org.opensuse.security:def:31871	P	Security update for curl (Important)	2020-12-01
oval:org.opensuse.security:def:25146	P	Security update for man (Moderate)	2020-12-01
oval:org.opensuse.security:def:25921	P	Recommended update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:31984	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:25494	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26303	P	Security update for dnsmasq (Moderate)	2020-12-01
oval:org.opensuse.security:def:32397	P	Security update for unzip (Moderate)	2020-12-01
oval:org.opensuse.security:def:32548	P	libarchive2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25338	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:31505	P	Security update for python27 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26009	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:32868	P	ghostscript-fonts-other on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25569	P	Security update for tomcat (Important)	2020-12-01
oval:org.opensuse.security:def:31777	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26405	P	Security update for sox (Moderate)	2020-12-01
oval:org.opensuse.security:def:26548	P	freetype2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25996	P	Security update for libvirt (Moderate)	2020-12-01
oval:org.opensuse.security:def:25476	P	Security update for git (Important)	2020-12-01
oval:org.opensuse.security:def:25778	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:26458	P	Security update for phpMyAdmin (Moderate)	2020-12-01
oval:org.opensuse.security:def:25711	P	Security update for python-aws-sam-translator, python-boto3, python-botocore, python-cfn-lint, python-jsonschema, python-nose2, python-parameterized, python-pathlib2, python-pytest-cov, python-requests, python-s3transfer (Moderate)	2020-12-01
oval:org.opensuse.security:def:31805	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26942	P	libarchive2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25291	P	Security update for MozillaFirefox (Moderate)	2020-12-01
oval:org.opensuse.security:def:25919	P	Security update for libplist (Moderate)	2020-12-01
oval:org.opensuse.security:def:27398	P	file-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26326	P	Security update for MozillaThunderbird (Moderate)	2020-12-01
oval:org.opensuse.security:def:25813	P	Security update for libssh (Moderate)	2020-12-01
oval:org.opensuse.security:def:32028	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25303	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:31518	P	Security update for quagga (Important)	2020-12-01
oval:org.opensuse.security:def:25727	P	Security update for libzypp (Moderate)	2020-12-01
oval:org.opensuse.security:def:31861	P	Security update for curl (Important)	2020-12-01
oval:org.opensuse.security:def:26561	P	gstreamer-0_10-plugins-good on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25866	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:32705	P	libarchive2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31051	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25495	P	Security update for shibboleth-sp (Moderate)	2020-12-01
oval:org.opensuse.security:def:25802	P	Recommended update for LibreOffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:26663	P	PolicyKit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26705	P	gd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31063	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25633	P	Security update for perl-DBI (Important)	2020-12-01
oval:org.opensuse.security:def:31874	P	Security update for cyrus-imapd (Important)	2020-12-01
oval:org.opensuse.security:def:26502	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:31411	P	Security update for php53 (Important)	2020-12-01
oval:org.opensuse.security:def:26011	P	Security update for gwenhywfar (Moderate)	2020-12-01
oval:org.opensuse.security:def:26716	P	gvim on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25135	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:25868	P	Security update for pcre (Moderate)	2020-12-01
oval:org.opensuse.security:def:31962	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:27175	P	libarchive2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25493	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:31496	P	Security update for python-imaging	2020-12-01
oval:org.opensuse.security:def:32358	P	Security update for squidGuard (Moderate)	2020-12-01
oval:org.opensuse.security:def:32509	P	fetchmail on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25210	P	Security update for unzip (Moderate)	2020-12-01
oval:org.opensuse.security:def:31418	P	Security update for php53 (Moderate)	2020-12-01

BACK