Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2006-6097HistoryNov 24, 2006 - 6:07 p.m.
CVE-2006-6097
2006-11-2418:07:00
Debian Security Bug Tracker
security-tracker.debian.org
14
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:P/A:P
0.01 Low
EPSS
Percentile
83.6%
GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | tar | < 1.16-2 | tar_1.16-2_all.deb |
| Debian | 11 | all | tar | < 1.16-2 | tar_1.16-2_all.deb |
| Debian | 10 | all | tar | < 1.16-2 | tar_1.16-2_all.deb |
| Debian | 999 | all | tar | < 1.16-2 | tar_1.16-2_all.deb |
| Debian | 13 | all | tar | < 1.16-2 | tar_1.16-2_all.deb |
Related
nessus
nessus
Mandrake Linux Security Advisory : tar (MDKSA-2006:219)
2007-02-18 00:00:00
CentOS 3 / 4 : tar (CESA-2006:0749)
2006-12-30 00:00:00
Debian DSA-1223-1 : tar - input validation error
2006-12-04 00:00:00
cve
cve
CVE-2006-6097
2006-11-24 18:07:00
CVE-2002-1216
2002-10-28 05:00:00
ubuntucve
ubuntucve
CVE-2006-6097
2006-11-24 00:00:00
debiancve
debiancve
CVE-2002-1216
2002-10-28 05:00:00
oraclelinux
oraclelinux
Moderate tar security update
2006-12-20 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-1223-1)
2008-01-17 00:00:00
FreeBSD Ports: gtar
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200612-10 (tar)
2008-09-24 00:00:00
centos
centos
tar security update
2006-12-20 03:41:54
tar security update
2006-12-20 15:42:51
debian
debian
[SECURITY] [DSA 1223-1] New tar packages fix arbitrary file overwrite
2006-12-01 16:26:11
[SECURITY] [DSA 1223-1] New tar packages fix arbitrary file overwrite
2006-12-01 16:26:11
redhat
redhat
(RHSA-2006:0749) Moderate: tar security update
2006-12-19 00:00:00
freebsd
freebsd
gtar -- name mangling symlink vulnerability
2006-12-06 00:00:00
gtar -- GNUTYPE_NAMES directory traversal vulnerability
2006-11-21 00:00:00
gentoo
gentoo
Tar: Directory traversal vulnerability
2006-12-11 00:00:00
slackware
slackware
[slackware-security] tar
2006-12-01 22:55:57
freebsd_advisory
freebsd_advisory
FreeBSD-SA-06:26.gtar
2006-12-06 00:00:00
ubuntu
ubuntu
tar vulnerability
2006-11-27 00:00:00
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:P/A:P
0.01 Low
EPSS
Percentile
83.6%
Related for DEBIANCVE:CVE-2006-6097