gtar -- GNUTYPE_NAMES directory traversal vulnerability

ID 3DD7EB58-80AE-11DB-B4EC-000854D03344
Type freebsd
Reporter FreeBSD
Modified 2006-11-21T00:00:00


Teemu Salmela reports:

There is a tar record type, called GNUTYPE_NAMES (an obsolete GNU extension), that allows the creation of symbolic links pointing to arbitrary locations in the filesystem, which makes it possible to create/overwrite arbitrary files.