Cisco Warns Of Libarchive File Compression Flaw

Security researchers at Cisco Talos have warned users to patch the widely-used file compression library libarchive, after they discovered three severe vulnerabilities.

The discovery comes after Cisco’s security research team last month discovered a vulnerability in 7-Zip, an open source compression tool used by many companies to shrink their software and files.

Patch Now

“Libarchive is an open-source library that provides access to a variety of different file archive formats, and it’s used just about everywhere,” the security researcers blogged.

“Cisco Talos has recently worked with the maintainers of libarchive to patch three rather severe bugs in the library. Because of the number of products that include libarchive in their handling of compressed files, Talos urges all users to patch/upgrade related, vulnerable software.”

The first problem once again concerns a 7-Zip file, which if malicious, can cause an integer overflow, resulting in subsequent memory corruption and code execution. “To exploit this vulnerability, an attacker need only send their victim a poisoned 7-Zip file for the victim to process with libarchive,” the researchers warned.

The second flaw concerns flawed code which could allow an attacker to trigger an overflow of the buffer. The third flaw concerns libarchive RAR restartmodel, which has a heap overflow vulnerabilty.

“Writing secure code can be difficult,” blogged the researchers. “The root cause of these libarchive vulnerabilities is a failure to properly validate input – data being read from a compressed file. Sadly, these types of programming errors occur over, and over again.”

“When vulnerabilities are discovered in a piece of software such as libarchive, many third-party programs that rely on, and bundle libarchive are affected,” they wrote. “These are what are known as common mode failures, which enable attackers to use a single attack to compromise many different programs/systems. Users are encouraged to patch all relevant programs as quickly as possible.”

Growing Presence

The discovery of more flaws in commonly used compression software should help bolster Cisco’s visibility as a security specialist. The company recently said it has the “largest security business on the planet”, with 5,000 staff and $2 billion in revenue.

Last October Cisco closed down a highly profitable ransomware operation. That criminal gang were using the notorious Angler Exploit Kit to generate an estimated $60 million (£39m) annually by delivering ransomware to unsuspecting people browsing the Internet.

But not all firms are happy when Cisco’s researchers identify problems with their software.

Earlier this year French software firm Tuto4PC hit back at Cisco for labelling it a “shady malware distribution enterprise,” and said it was seeking legal advice.

Cisco Talos had accused Tuto4PC of sneaking unwanted programs, which exhibit malware-like behaviour, onto 12 million computers.

How much do you know about hackers and viruses? Take our quiz!