ID 44449BF7-C69B-11DB-9F82-000E0C2E438A Type freebsd Reporter FreeBSD Modified 2016-08-09T00:00:00
Description
Problem Description:
Symlinks created using the "GNUTYPE_NAMES" tar extension can
be absolute due to lack of proper sanity checks.
Impact:
If an attacker can get a user to extract a specially crafted
tar archive the attacker can overwrite arbitrary files with
the permissions of the user running gtar. If file system
permissions allow it, this may allow the attacker to overwrite
important system file (if gtar is being run as root), or
important user configuration files such as .tcshrc or .bashrc,
which would allow the attacker to run arbitrary commands.
Workaround:
Use "bsdtar", which is the default tar implementation in
FreeBSD 5.3 and higher. For FreeBSD 4.x, bsdtar is available
in the FreeBSD Ports Collection as
ports/archivers/libarchive.
{"modified": "2016-08-09T00:00:00", "cvelist": ["CVE-2006-6097"], "edition": 1, "type": "freebsd", "reporter": "FreeBSD", "references": [], "hashmap": [{"hash": "12c055f0d9f0fc3669ddffba877afd5e", "key": "affectedPackage"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "34fc62616f46e022a07318d302ad08d1", "key": "cvelist"}, {"hash": "033863640fb136965d17e3a1c6345959", "key": "cvss"}, {"hash": "f4d28fd785b0ab51bdf26eda81c04db4", "key": "description"}, {"hash": "ed710cc7569c5086f569ffa5f5f1d802", "key": "href"}, {"hash": "29eb0a5e25d1f4c6626f91741ab39650", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "c2e1b0e0d5590537cfda37811e1c868e", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "a3dc630729e463135f4e608954fa6e19", "key": "reporter"}, {"hash": "c2eb40e2b37762ce21369afec349d5b7", "key": "title"}, {"hash": "1527e888767cdce15d200b870b39cfd0", "key": "type"}, {"hash": "cfcd208495d565ef66e7dff9f98764da", "key": "viewCount"}], "href": "https://vuxml.freebsd.org/freebsd/44449bf7-c69b-11db-9f82-000e0c2e438a.html", "description": "\nProblem Description:\nSymlinks created using the \"GNUTYPE_NAMES\" tar extension can\n\t be absolute due to lack of proper sanity checks.\nImpact:\nIf an attacker can get a user to extract a specially crafted\n\t tar archive the attacker can overwrite arbitrary files with\n\t the permissions of the user running gtar. If file system\n\t permissions allow it, this may allow the attacker to overwrite\n\t important system file (if gtar is being run as root), or\n\t important user configuration files such as .tcshrc or .bashrc,\n\t which would allow the attacker to run arbitrary commands.\nWorkaround:\nUse \"bsdtar\", which is the default tar implementation in\n\t FreeBSD 5.3 and higher. For FreeBSD 4.x, bsdtar is available\n\t in the FreeBSD Ports Collection as\n\t ports/archivers/libarchive.\n", "id": "44449BF7-C69B-11DB-9F82-000E0C2E438A", "lastseen": "2016-09-26T17:25:02", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "hash": "85788541e3852c7b588ed7a65fb51d205250eaf086a36f1a6cb6c5bd817c235a", "enchantments": {"vulnersScore": 7.5}, "bulletinFamily": "unix", "history": [], "published": "2006-12-06T00:00:00", "objectVersion": "1.2", "affectedPackage": [{"packageFilename": "UNKNOWN", "operator": "lt", "packageVersion": "5.5_9", "OS": "FreeBSD", "packageName": "FreeBSD", "OSVersion": "any", "arch": "noarch"}, {"packageFilename": "UNKNOWN", "operator": "eq", "packageVersion": "5.5", "OS": "FreeBSD", "packageName": "FreeBSD", "OSVersion": "any", "arch": "noarch"}], "title": "gtar -- name mangling symlink vulnerability", "viewCount": 0}
{"result": {"cve": [{"id": "CVE-2006-6097", "type": "cve", "title": "CVE-2006-6097", "description": "GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216.", "published": "2006-11-24T13:07:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-6097", "cvelist": ["CVE-2006-6097"], "lastseen": "2017-10-11T11:06:52"}], "nessus": [{"id": "GENTOO_GLSA-200612-10.NASL", "type": "nessus", "title": "GLSA-200612-10 : Tar: Directory traversal vulnerability", "description": "The remote host is affected by the vulnerability described in GLSA-200612-10 (Tar: Directory traversal vulnerability)\n\n Tar does not properly extract archive elements using the GNUTYPE_NAMES record name, allowing files to be created at arbitrary locations using symlinks. Once a symlink is extracted, files after the symlink in the archive will be extracted to the destination of the symlink.\n Impact :\n\n An attacker could entice a user to extract a specially crafted tar archive, possibly allowing for the overwriting of arbitrary files on the system extracting the archive.\n Workaround :\n\n There is no known workaround at this time.", "published": "2006-12-14T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=23862", "cvelist": ["CVE-2006-6097"], "lastseen": "2017-10-29T13:35:40"}, {"id": "DEBIAN_DSA-1223.NASL", "type": "nessus", "title": "Debian DSA-1223-1 : tar - input validation error", "description": "Teemu Salmela discovered a vulnerability in GNU tar that could allow a malicious user to overwrite arbitrary files by inducing the victim to attempt to extract a specially crafted tar file containing a GNUTYPE_NAMES record with a symbolic link.", "published": "2006-12-04T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=23765", "cvelist": ["CVE-2006-6097"], "lastseen": "2018-07-10T05:53:29"}, {"id": "SUSE_TAR-2351.NASL", "type": "nessus", "title": "openSUSE 10 Security Update : tar (tar-2351)", "description": "This security update fixes a directory traversal in tar, where unpacked symlinks could be followed outside of the directory where the tar file is unpacked. (CVE-2006-6097)\n\nThis feature was made optional and needs to be enabled with a commandline option.", "published": "2007-10-17T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=27463", "cvelist": ["CVE-2006-6097"], "lastseen": "2017-10-29T13:42:35"}, {"id": "REDHAT-RHSA-2006-0749.NASL", "type": "nessus", "title": "RHEL 2.1 / 3 / 4 : tar (RHSA-2006:0749)", "description": "Updated tar packages that fix a path traversal flaw are now available.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nThe GNU tar program saves many files together in one archive and can restore individual files (or all of the files) from that archive.\n\nTeemu Salmela discovered a path traversal flaw in the way GNU tar extracted archives. A malicious user could create a tar archive that could write to arbitrary files to which the user running GNU tar has write access. (CVE-2006-6097)\n\nUsers of tar should upgrade to this updated package, which contains a replacement backported patch to correct this issue.", "published": "2006-12-30T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=23959", "cvelist": ["CVE-2006-6097"], "lastseen": "2017-10-29T13:39:50"}, {"id": "SUSE_TAR-2344.NASL", "type": "nessus", "title": "SuSE 10 Security Update : tar (ZYPP Patch Number 2344)", "description": "This security update fixes a directory traversal in tar, where unpacked symlinks could be followed outside of the directory where the tar file is unpacked. (CVE-2006-6097)\n\nThe problematic feature has been made optional and is disabled by default. It can be enabled by a commandline switch.", "published": "2007-12-13T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=29585", "cvelist": ["CVE-2006-6097"], "lastseen": "2017-10-29T13:34:38"}, {"id": "CENTOS_RHSA-2006-0749.NASL", "type": "nessus", "title": "CentOS 3 / 4 : tar (CESA-2006:0749)", "description": "Updated tar packages that fix a path traversal flaw are now available.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nThe GNU tar program saves many files together in one archive and can restore individual files (or all of the files) from that archive.\n\nTeemu Salmela discovered a path traversal flaw in the way GNU tar extracted archives. A malicious user could create a tar archive that could write to arbitrary files to which the user running GNU tar has write access. (CVE-2006-6097)\n\nUsers of tar should upgrade to this updated package, which contains a replacement backported patch to correct this issue.", "published": "2006-12-30T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=23941", "cvelist": ["CVE-2006-6097"], "lastseen": "2017-10-29T13:39:39"}, {"id": "SUSE_TAR-2343.NASL", "type": "nessus", "title": "openSUSE 10 Security Update : tar (tar-2343)", "description": "This security update fixes a directory traversal in tar, where unpacked symlinks could be followed outside of the directory where the tar file is unpacked. (CVE-2006-6097)\n\nThis feature was made optional and needs to be enabled with a commandline option.", "published": "2007-10-17T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=27462", "cvelist": ["CVE-2006-6097"], "lastseen": "2017-10-29T13:33:15"}, {"id": "FREEBSD_PKG_3DD7EB5880AE11DBB4EC000854D03344.NASL", "type": "nessus", "title": "FreeBSD : gtar -- GNUTYPE_NAMES directory traversal vulnerability (3dd7eb58-80ae-11db-b4ec-000854d03344)", "description": "Teemu Salmela reports :\n\nThere is a tar record type, called GNUTYPE_NAMES (an obsolete GNU extension), that allows the creation of symbolic links pointing to arbitrary locations in the filesystem, which makes it possible to create/overwrite arbitrary files.", "published": "2006-12-04T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=23759", "cvelist": ["CVE-2006-6097"], "lastseen": "2017-10-29T13:46:15"}, {"id": "MANDRAKE_MDKSA-2006-219.NASL", "type": "nessus", "title": "Mandrake Linux Security Advisory : tar (MDKSA-2006:219)", "description": "GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216.\n\nThe updated packages have been patched to address this issue.", "published": "2007-02-18T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=24603", "cvelist": ["CVE-2006-6097"], "lastseen": "2017-10-29T13:45:15"}, {"id": "ORACLELINUX_ELSA-2006-0749.NASL", "type": "nessus", "title": "Oracle Linux 3 / 4 : tar (ELSA-2006-0749)", "description": "From Red Hat Security Advisory 2006:0749 :\n\nUpdated tar packages that fix a path traversal flaw are now available.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nThe GNU tar program saves many files together in one archive and can restore individual files (or all of the files) from that archive.\n\nTeemu Salmela discovered a path traversal flaw in the way GNU tar extracted archives. A malicious user could create a tar archive that could write to arbitrary files to which the user running GNU tar has write access. (CVE-2006-6097)\n\nUsers of tar should upgrade to this updated package, which contains a replacement backported patch to correct this issue.", "published": "2013-07-12T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=67428", "cvelist": ["CVE-2006-6097"], "lastseen": "2017-10-29T13:37:26"}], "redhat": [{"id": "RHSA-2006:0749", "type": "redhat", "title": "(RHSA-2006:0749) Moderate: tar security update", "description": "The GNU tar program saves many files together in one archive and can\r\nrestore individual files (or all of the files) from that archive. \r\n\r\nTeemu Salmela discovered a path traversal flaw in the way GNU tar extracted\r\narchives. A malicious user could create a tar archive that could write to\r\narbitrary files to which the user running GNU tar has write access.\r\n(CVE-2006-6097)\r\n\r\nUsers of tar should upgrade to this updated package, which contains a\r\nreplacement backported patch to correct this issue.", "published": "2006-12-19T05:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2006:0749", "cvelist": ["CVE-2006-6097"], "lastseen": "2018-05-11T21:14:11"}], "ubuntu": [{"id": "USN-385-1", "type": "ubuntu", "title": "tar vulnerability", "description": "Teemu Salmela discovered that tar still handled the deprecated GNUTYPE_NAMES record type. This record type could be used to create symlinks that would be followed while unpacking a tar archive. If a user or an automated system were tricked into unpacking a specially crafted tar file, arbitrary files could be overwritten with user privileges.", "published": "2006-11-27T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/385-1/", "cvelist": ["CVE-2006-6097"], "lastseen": "2018-03-29T18:19:36"}], "openvas": [{"id": "OPENVAS:57949", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200612-10 (tar)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200612-10.", "published": "2008-09-24T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=57949", "cvelist": ["CVE-2006-6097"], "lastseen": "2017-07-24T12:50:19"}, {"id": "OPENVAS:57685", "type": "openvas", "title": "Debian Security Advisory DSA 1223-1 (tar)", "description": "The remote host is missing an update to tar\nannounced via advisory DSA 1223-1.\n\nTeemu Salmela discovered a vulnerability in GNU tar that could allow a\nmalicious user to overwrite arbitrary files by inducing the victim to\nattempt to extract a specially crafted tar file containing a\nGNUTYPE_NAMES record with a symbolic link.", "published": "2008-01-17T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=57685", "cvelist": ["CVE-2006-6097"], "lastseen": "2017-07-24T12:49:45"}, {"id": "OPENVAS:136141256231065492", "type": "openvas", "title": "SLES9: Security update for tar", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n tar\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5016710 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "published": "2009-10-10T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065492", "cvelist": ["CVE-2006-6097"], "lastseen": "2018-04-06T11:38:14"}, {"id": "OPENVAS:57704", "type": "openvas", "title": "Slackware Advisory SSA:2006-335-01 tar", "description": "The remote host is missing an update as announced\nvia advisory SSA:2006-335-01.", "published": "2012-09-11T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=57704", "cvelist": ["CVE-2006-6097"], "lastseen": "2017-07-24T12:50:42"}, {"id": "OPENVAS:65492", "type": "openvas", "title": "SLES9: Security update for tar", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n tar\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5016710 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "published": "2009-10-10T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=65492", "cvelist": ["CVE-2006-6097"], "lastseen": "2017-07-26T08:55:32"}, {"id": "OPENVAS:57680", "type": "openvas", "title": "FreeBSD Security Advisory (FreeBSD-SA-06:26.gtar.asc)", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory FreeBSD-SA-06:26.gtar.asc", "published": "2008-09-04T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=57680", "cvelist": ["CVE-2006-6097"], "lastseen": "2017-12-08T11:44:20"}, {"id": "OPENVAS:57678", "type": "openvas", "title": "FreeBSD Ports: gtar", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "published": "2008-09-04T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=57678", "cvelist": ["CVE-2006-6097"], "lastseen": "2017-07-02T21:10:10"}, {"id": "OPENVAS:136141256231057704", "type": "openvas", "title": "Slackware Advisory SSA:2006-335-01 tar", "description": "The remote host is missing an update as announced\nvia advisory SSA:2006-335-01.", "published": "2012-09-11T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231057704", "cvelist": ["CVE-2006-6097"], "lastseen": "2018-04-06T11:17:50"}], "exploitdb": [{"id": "EDB-ID:29160", "type": "exploitdb", "title": "GNU Tar 1.1x GNUTYPE_NAMES Remote Directory Traversal Vulnerability", "description": "GNU Tar 1.1x GNUTYPE_NAMES Remote Directory Traversal Vulnerability. CVE-2006-6097. Remote exploit for linux platform", "published": "2006-11-21T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/29160/", "cvelist": ["CVE-2006-6097"], "lastseen": "2016-02-03T09:43:30"}], "centos": [{"id": "CESA-2006:0749-01", "type": "centos", "title": "tar security update", "description": "**CentOS Errata and Security Advisory** CESA-2006:0749-01\n\n\nThe GNU tar program saves many files together in one archive and can\r\nrestore individual files (or all of the files) from that archive. \r\n\r\nTeemu Salmela discovered a path traversal flaw in the way GNU tar extracted\r\narchives. A malicious user could create a tar archive that could write to\r\narbitrary files to which the user running GNU tar has write access.\r\n(CVE-2006-6097)\r\n\r\nUsers of tar should upgrade to this updated package, which contains a\r\nreplacement backported patch to correct this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-December/013431.html\n\n**Affected packages:**\ntar\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "published": "2006-12-20T03:41:54", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2006-December/013431.html", "cvelist": ["CVE-2006-6097"], "lastseen": "2017-10-12T14:46:59"}, {"id": "CESA-2006:0749", "type": "centos", "title": "tar security update", "description": "**CentOS Errata and Security Advisory** CESA-2006:0749\n\n\nThe GNU tar program saves many files together in one archive and can\r\nrestore individual files (or all of the files) from that archive. \r\n\r\nTeemu Salmela discovered a path traversal flaw in the way GNU tar extracted\r\narchives. A malicious user could create a tar archive that could write to\r\narbitrary files to which the user running GNU tar has write access.\r\n(CVE-2006-6097)\r\n\r\nUsers of tar should upgrade to this updated package, which contains a\r\nreplacement backported patch to correct this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-December/013433.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-December/013434.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-December/013437.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-December/013438.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-December/013439.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-December/013440.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-December/013443.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-December/013444.html\n\n**Affected packages:**\ntar\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2006-0749.html", "published": "2006-12-20T15:42:51", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2006-December/013433.html", "cvelist": ["CVE-2006-6097"], "lastseen": "2017-10-12T14:45:34"}], "gentoo": [{"id": "GLSA-200612-10", "type": "gentoo", "title": "Tar: Directory traversal vulnerability", "description": "### Background\n\nThe Tar program provides the ability to create and manipulate tar archives. \n\n### Description\n\nTar does not properly extract archive elements using the GNUTYPE_NAMES record name, allowing files to be created at arbitrary locations using symlinks. Once a symlink is extracted, files after the symlink in the archive will be extracted to the destination of the symlink. \n\n### Impact\n\nAn attacker could entice a user to extract a specially crafted tar archive, possibly allowing for the overwriting of arbitrary files on the system extracting the archive. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Tar users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-arch/tar-1.16-r2\"", "published": "2006-12-11T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/200612-10", "cvelist": ["CVE-2006-6097"], "lastseen": "2016-09-06T19:45:59"}], "slackware": [{"id": "SSA-2006-335-01", "type": "slackware", "title": "tar", "description": "New tar packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,\n10.2, and 11.0 to fix a security issue.\n\nMore details about this issue may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6097\n\n\nHere are the details from the Slackware 11.0 ChangeLog:\n\npatches/packages/tar-1.16-i486-1_slack11.0.tgz:\n Upgraded to tar-1.16.\n This fixes an issue where files may be extracted outside of the current\n directory, possibly allowing a malicious tar archive, when extracted, to\n overwrite any of the user's files (in the case of root, any file on the\n system).\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6097\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\nfrom ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 8.1:\nftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/tar-1.16-i386-1_slack8.1.tgz\n\nUpdated package for Slackware 9.0:\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/tar-1.16-i386-1_slack9.0.tgz\n\nUpdated package for Slackware 9.1:\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/tar-1.16-i486-1_slack9.1.tgz\n\nUpdated package for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/tar-1.16-i486-1_slack10.0.tgz\n\nUpdated package for Slackware 10.1:\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/tar-1.16-i486-1_slack10.1.tgz\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/tar-1.16-i486-1_slack10.2.tgz\n\nUpdated package for Slackware 11.0:\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/tar-1.16-i486-1_slack11.0.tgz\n\n\nMD5 signatures:\n\nSlackware 8.1 package:\n7c9534ea20e4dea9481d2e5389ccb028 tar-1.16-i386-1_slack8.1.tgz\n\nSlackware 9.0 package:\n876549ce9871fe255e53f6941d652955 tar-1.16-i386-1_slack9.0.tgz\n\nSlackware 9.1 package:\nc1de51bb69fbecd26c9b7ee317b92fa7 tar-1.16-i486-1_slack9.1.tgz\n\nSlackware 10.0 package:\n75e329799b7bf0d536fab1debea5c301 tar-1.16-i486-1_slack10.0.tgz\n\nSlackware 10.1 package:\n7a97719499b08cefb77fb0aaee4e2a80 tar-1.16-i486-1_slack10.1.tgz\n\nSlackware 10.2 package:\nc64be78f5930f9e9557f5ec8b783b7ec tar-1.16-i486-1_slack10.2.tgz\n\nSlackware 11.0 package:\n9832de4337bd8e1bd6e43c18e06885dc tar-1.16-i486-1_slack11.0.tgz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg tar-1.16-i486-1_slack11.0.tgz", "published": "2006-12-01T14:55:57", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.469379", "cvelist": ["CVE-2006-6097"], "lastseen": "2018-02-02T18:11:31"}], "freebsd": [{"id": "3DD7EB58-80AE-11DB-B4EC-000854D03344", "type": "freebsd", "title": "gtar -- GNUTYPE_NAMES directory traversal vulnerability", "description": "\nTeemu Salmela reports:\n\nThere is a tar record type, called GNUTYPE_NAMES (an\n\t obsolete GNU extension), that allows the creation of\n\t symbolic links pointing to arbitrary locations in the\n\t filesystem, which makes it possible to create/overwrite\n\t arbitrary files.\n\n", "published": "2006-11-21T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://vuxml.freebsd.org/freebsd/3dd7eb58-80ae-11db-b4ec-000854d03344.html", "cvelist": ["CVE-2006-6097"], "lastseen": "2016-09-26T17:25:04"}], "osvdb": [{"id": "OSVDB:30721", "type": "osvdb", "title": "GNU tar GNUTYPES_NAMES Record Type Traversal Arbitrary File Overwrite", "description": "## Solution Description\nUpgrade to version 1.16.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor Specific News/Changelog Entry: http://kb.vmware.com/kb/5031800\n[Vendor Specific Advisory URL](http://www.ubuntu.com/usn/usn-385-1)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-1223)\n[Vendor Specific Advisory URL](https://issues.rpath.com/browse/RPL-821)\n[Vendor Specific Advisory URL](http://www.us.debian.org/security/2006/dsa-1223)\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.469379)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc)\n[Vendor Specific Advisory URL](http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:219)\n[Vendor Specific Advisory URL](http://kb.vmware.com/KanisaPlatform/Publishing/817/2240267_f.SAL_Public.html)\n[Vendor Specific Advisory URL](http://security.freebsd.org/advisories/FreeBSD-SA-06:26.gtar.asc)\n[Vendor Specific Advisory URL](http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.038.html)\n[Vendor Specific Advisory URL](http://www.trustix.org/errata/2006/0068/)\n[Vendor Specific Advisory URL](http://security.gentoo.org/glsa/glsa-200612-10.xml)\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2007-015.htm)\nSecurity Tracker: 1017423\n[Secunia Advisory ID:23115](https://secuniaresearch.flexerasoftware.com/advisories/23115/)\n[Secunia Advisory ID:23146](https://secuniaresearch.flexerasoftware.com/advisories/23146/)\n[Secunia Advisory ID:23173](https://secuniaresearch.flexerasoftware.com/advisories/23173/)\n[Secunia Advisory ID:23198](https://secuniaresearch.flexerasoftware.com/advisories/23198/)\n[Secunia Advisory ID:23314](https://secuniaresearch.flexerasoftware.com/advisories/23314/)\n[Secunia Advisory ID:23514](https://secuniaresearch.flexerasoftware.com/advisories/23514/)\n[Secunia Advisory ID:23911](https://secuniaresearch.flexerasoftware.com/advisories/23911/)\n[Secunia Advisory ID:24636](https://secuniaresearch.flexerasoftware.com/advisories/24636/)\n[Secunia Advisory ID:25056](https://secuniaresearch.flexerasoftware.com/advisories/25056/)\n[Secunia Advisory ID:23163](https://secuniaresearch.flexerasoftware.com/advisories/23163/)\n[Secunia Advisory ID:23785](https://secuniaresearch.flexerasoftware.com/advisories/23785/)\n[Secunia Advisory ID:23117](https://secuniaresearch.flexerasoftware.com/advisories/23117/)\n[Secunia Advisory ID:23142](https://secuniaresearch.flexerasoftware.com/advisories/23142/)\n[Secunia Advisory ID:23209](https://secuniaresearch.flexerasoftware.com/advisories/23209/)\n[Secunia Advisory ID:23443](https://secuniaresearch.flexerasoftware.com/advisories/23443/)\nRedHat RHSA: RHSA-2006:0749\nOther Advisory URL: http://www.ipcop.org/modules.php?op=modload&name=News&file=article&sid=31&mode=thread&order=0&thold=0\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2007-May/0007.html\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200612-10.xml\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:219\nOther Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2007-015.htm\nOther Advisory URL: http://security.freebsd.org/advisories/FreeBSD-SA-06:26.gtar.asc\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0344.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-03/0404.html\nMail List Post: http://archives.neohapsis.com/archives/apps/freshmeat/2006-12/0010.html\nFrSIRT Advisory: FRSIRT:ADV-2007-1171\nFrSIRT Advisory: FRSIRT:ADV-2007-0930\nFrSIRT Advisory: ADV-2006-4717\nFrSIRT Advisory: ADV-2006-5102\n[CVE-2006-6097](https://vulners.com/cve/CVE-2006-6097)\nBugtraq ID: 21235\n", "published": "2006-11-21T07:33:53", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:30721", "cvelist": ["CVE-2006-6097"], "lastseen": "2017-04-28T13:20:27"}], "oraclelinux": [{"id": "ELSA-2006-0749", "type": "oraclelinux", "title": "Moderate tar security update ", "description": " [1.14-12.RHEL4]\n - fix CVE-2006-6097 GNU tar directory traversal (#216937)\n \n [1.14-11.RHEL4]\n - fix verbose output (#192770) ", "published": "2006-12-20T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2006-0749.html", "cvelist": ["CVE-2006-6097"], "lastseen": "2016-09-04T11:16:14"}], "debian": [{"id": "DSA-1223", "type": "debian", "title": "tar -- input validation error", "description": "Teemu Salmela discovered a vulnerability in GNU tar that could allow a malicious user to overwrite arbitrary files by inducing the victim to attempt to extract a specially crafted tar file containing a GNUTYPE_NAMES record with a symbolic link.\n\nFor the stable distribution (sarge), this problem has been fixed in version 1.14-2.3.\n\nFor the unstable distribution (sid) and the forthcoming stable release (etch), this problem will be fixed in version 1.16-2.\n\nWe recommend that you upgrade your tar package.", "published": "2006-12-01T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.debian.org/security/dsa-1223", "cvelist": ["CVE-2006-6097"], "lastseen": "2016-09-02T18:24:53"}]}}
