BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.cccv.de//congress/2024/fahrplan//FBPUQB
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-38c3-YLNEYH@cfp.cccv.de
DTSTART;TZID=CET:20241230T135000
DTEND;TZID=CET:20241230T143000
DESCRIPTION:In the October 2023 update\, Windows 11 introduced support for 
 11 additional compression formats\, including RAR and 7z\, allowing users 
 to manage these types of files natively within File Explorer. The enhancem
 ent significantly improves convenience\; however\, it also introduces pote
 ntial security risks. To support these various compression formats\, Windo
 ws 11 utilizes the libarchive library\, a well-established open-source lib
 rary used across multiple operating systems like Linux\, BSD\, and macOS\,
  and in major projects such as ClickHouse\, Homebrew\, and Osquery.\n\nThe
  libarchive has been continuously fuzzed by Google’s OSS-Fuzz project\, 
 making it a time-tested library. However\, its coverage in OSS-Fuzz has be
 en less than ideal. In addition to the two remote code execution (RCE) vul
 nerabilities disclosed by Microsoft Offensive Research & Security Engineer
 ing (MORSE) in January\, we have identified several vulnerabilities in lib
 archive through code review and fuzzing. These include a heap buffer overf
 low vulnerability in the RAR decompression and arbitrary file write and de
 lete vulnerabilities due to insufficient checks of libarchive’s output o
 n Windows. Additionally\, in our presentation\, we will reveal several int
 eresting features that emerged from the integration of libarchive with Win
 dows.\n\nAnd whenever vulnerabilities are discovered in widely-used librar
 ies like libarchive\, their risks often permeate every corner\, making it 
 difficult to estimate the potential hazards. Moreover\, when Microsoft pat
 ches Windows\, the corresponding fixes are not immediately merged into lib
 archive. This delay gives attackers the opportunity to exploit other proje
 cts using libarchive. For example\, the vulnerabilities patched by Microso
 ft in January were not merged into libarchive until May\, leaving countles
 s applications exposed to risk for four months. The worst part is that the
  developers might not know the vulnerability details or even be aware of i
 ts existence. To illustrate this situation\, we will use the vulnerabiliti
 es we reported to ClickHouse as an example to demonstrate how attackers ca
 n exploit the vulnerabilities while libarchive remains unpatched.
DTSTAMP:20241227T121846Z
LOCATION:Saal ZIGZAG
SUMMARY:From Convenience to Contagion: The Libarchive Vulnerabilities Lurki
 ng in Windows 11 - NiNi Chen
URL:https://fahrplan.events.ccc.de/congress/2024/fahrplan/talk/YLNEYH/
END:VEVENT
END:VCALENDAR