FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gtar -- GNU TAR safer_name_suffix Remote Denial of Service Vulnerability

Affected packages
gtar < 1.19


VuXML ID 0809ce7d-f672-4924-9b3b-7c74bc279b83
Discovery 2007-11-14
Entry 2009-01-15

SecurityFocus reports:

GNUs tar and cpio utilities are prone to a denial-of-service vulnerability because of insecure use of the alloca() function.

Successfully exploiting this issue allows attackers to crash the affected utilities and possibly to execute code but this has not been confirmed.


Bugtraq ID 26445
CVE Name CVE-2007-4476