Published: 29/05/2023 Updated: 05/06/2023

CVSS v3 Base Score: 5.3 | Impact Score: 4.2 | Exploitability Score: 1

VMScore: 0

Libarchive up to and including 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libarchive libarchive

Debian Bug report logs - #1037093 libarchive: CVE-2023-30571 Package: src:libarchive; Maintainer for src:libarchive is Peter Pentchev <roam@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 4 Jun 2023 13:09:01 UTC Severity: important Tags: security, upstream Found in version libarchive/3 ...

DescriptionA vulnerability was found in libarchive This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside t ...

CWE-362 https://groups.google.com/g/libarchive-announce https://github.com/libarchive/libarchive/issues/1876 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037093 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2023-30571

CVE-2023-30571

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect