[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

253928

 
 

909

 
 

198006

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-6097Date: (C)2006-11-24   (M)2023-12-22


GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.0
Exploit Score: 4.9
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1017423
SREASON-1918
2006-0068
http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050812.html
http://www.securityfocus.com/archive/1/archive/1/453286/100/0/threaded
20061202-01-P
http://www.securityfocus.com/archive/1/archive/1/464268/100/0/threaded
BID-21235
SECUNIA-23115
SECUNIA-23117
SECUNIA-23142
SECUNIA-23146
SECUNIA-23163
SECUNIA-23173
SECUNIA-23198
SECUNIA-23209
SECUNIA-23314
SECUNIA-23443
SECUNIA-23514
SECUNIA-23911
SECUNIA-24479
SECUNIA-24636
ADV-2006-4717
ADV-2006-5102
ADV-2007-0930
ADV-2007-1171
APPLE-SA-2007-03-13
DSA-1223
GLSA-200612-10
MDKSA-2006:219
OpenPKG-SA-2006.038
RHSA-2006:0749
SA-06:26
SSA:2006-335-01
TA07-072A
USN-385-1
http://docs.info.apple.com/article.html?artnum=305214
http://kb.vmware.com/KanisaPlatform/Publishing/817/2240267_f.SAL_Public.html
http://support.avaya.com/elmodocs2/security/ASA-2007-015.htm
http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=216937
https://issues.rpath.com/browse/RPL-821

CPE    2
cpe:/a:gnu:tar:1.16
cpe:/a:gnu:tar:1.15.1

© SecPod Technologies