Lucene search

K

[email protected]CVE-2010-0624

HistoryMar 15, 2010 - 1:28 p.m.

CVE-2010-0624

2010-03-1513:28:00

CWE-119

[email protected]

web.nvd.nist.gov

38

cve-2010-0624

buffer overflow

gnu tar

memory corruption

denial of service

nvd

8.1 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

87.9%

Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character.

CPENameOperatorVersion
gnu:targnu tareq1.14.1
gnu:targnu tareq1.13.17
gnu:cpiognu cpioeq2.9
gnu:targnu tareq1.13.25
gnu:targnu tarle1.22
gnu:cpiognu cpioeq2.5.90
gnu:targnu tareq1.13
gnu:cpiognu cpioeq1.1
gnu:targnu tareq1.13.5
gnu:cpiognu cpioeq1.3

Rows per page:

1-10 of 361

References

kb.juniper.net/InfoCenter/index?page=content&id=JSA10691

kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

lists.fedoraproject.org/pipermail/package-announce/2010-March/036668.html

lists.fedoraproject.org/pipermail/package-announce/2010-March/037395.html

lists.fedoraproject.org/pipermail/package-announce/2010-March/037401.html

lists.fedoraproject.org/pipermail/package-announce/2010-March/038134.html

lists.fedoraproject.org/pipermail/package-announce/2010-March/038149.html

lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html

osvdb.org/62950

secunia.com/advisories/38869

secunia.com/advisories/38988

secunia.com/advisories/39008

security.gentoo.org/glsa/glsa-201111-11.xml

www.agrs.tu-berlin.de/index.php?id=78327

www.mandriva.com/security/advisories?name=MDVSA-2010:065

www.redhat.com/support/errata/RHSA-2010-0141.html

www.redhat.com/support/errata/RHSA-2010-0142.html

www.redhat.com/support/errata/RHSA-2010-0144.html

www.redhat.com/support/errata/RHSA-2010-0145.html

www.securityfocus.com/archive/1/514503/100/0/threaded

www.ubuntu.com/usn/USN-2456-1

www.vupen.com/english/advisories/2010/0628

www.vupen.com/english/advisories/2010/0629

www.vupen.com/english/advisories/2010/0639

www.vupen.com/english/advisories/2010/0687

www.vupen.com/english/advisories/2010/0728

www.vupen.com/english/advisories/2010/0729

www.vupen.com/english/advisories/2010/1107

bugzilla.redhat.com/show_bug.cgi?id=564368

issues.rpath.com/browse/RPL-3219

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10277

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6907

8.1 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

87.9%

Related for CVE-2010-0624

fedora6 nessus43 prion1 openvas42 oraclelinux5 securityvulns1 debiancve1 freebsd1 veracode1 redhat6 gentoo2 centos5 ubuntucve1 ubuntu1 ibm1 vmware2 seebug1