FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gtar -- GNUTYPE_NAMES directory traversal vulnerability

Affected packages
gtar < 1.16_2

Details

VuXML ID 3dd7eb58-80ae-11db-b4ec-000854d03344
Discovery 2006-11-21
Entry 2006-11-30

Teemu Salmela reports:

There is a tar record type, called GNUTYPE_NAMES (an obsolete GNU extension), that allows the creation of symbolic links pointing to arbitrary locations in the filesystem, which makes it possible to create/overwrite arbitrary files.

[source]

References

Bugtraq ID 21235
CVE Name CVE-2006-6097
URL http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0344.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.