Cisco Warns Of Libarchive File Compression Flaw

Security researchers at Cisco Talos have warned users to patch the widely-used file compression library libarchive, after they discovered three severe vulnerabilities.

The discovery comes after Cisco’s security research team last month discovered a vulnerability in 7-Zip, an open source compression tool used by many companies to shrink their software and files.

Patch Now

“Libarchive is an open-source library that provides access to a variety of different file archive formats, and it’s used just about everywhere,” the security researcers blogged.

“Cisco Talos has recently worked with the maintainers of libarchive to patch three rather severe bugs in the library. Because of the number of products that include libarchive in their handling of compressed files, Talos urges all users to patch/upgrade related, vulnerable software.”

The first problem once again concerns a 7-Zip file, which if malicious, can cause an integer overflow, resulting in subsequent memory corruption and code execution. “To exploit this vulnerability, an attacker need only send their victim a poisoned 7-Zip file for the victim to process with libarchive,” the researchers warned.

The second flaw concerns flawed code which could allow an attacker to trigger an overflow of the buffer. The third flaw concerns libarchive RAR restartmodel, which has a heap overflow vulnerabilty.

“Writing secure code can be difficult,” blogged the researchers. “The root cause of these libarchive vulnerabilities is a failure to properly validate input – data being read from a compressed file. Sadly, these types of programming errors occur over, and over again.”

“When vulnerabilities are discovered in a piece of software such as libarchive, many third-party programs that rely on, and bundle libarchive are affected,” they wrote. “These are what are known as common mode failures, which enable attackers to use a single attack to compromise many different programs/systems. Users are encouraged to patch all relevant programs as quickly as possible.”

Growing Presence

The discovery of more flaws in commonly used compression software should help bolster Cisco’s visibility as a security specialist. The company recently said it has the “largest security business on the planet”, with 5,000 staff and $2 billion in revenue.

Last October Cisco closed down a highly profitable ransomware operation. That criminal gang were using the notorious Angler Exploit Kit to generate an estimated $60 million (£39m) annually by delivering ransomware to unsuspecting people browsing the Internet.

But not all firms are happy when Cisco’s researchers identify problems with their software.

Earlier this year French software firm Tuto4PC hit back at Cisco for labelling it a “shady malware distribution enterprise,” and said it was seeking legal advice.

Cisco Talos had accused Tuto4PC of sneaking unwanted programs, which exhibit malware-like behaviour, onto 12 million computers.

How much do you know about hackers and viruses? Take our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago