Lucene search
This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2006-0195.NASLHistoryFeb 22, 2006 - 12:00 a.m.
RHEL 2.1 / 3 : tar (RHSA-2006:0195)
2006-02-2200:00:00
This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16
An updated tar package that fixes a path traversal flaw is now available.
This update has been rated as having low security impact by the Red Hat Security Response Team.
The GNU tar program saves many files together in one archive and can restore individual files (or all of the files) from that archive.
In 2002, a path traversal flaw was found in the way GNU tar extracted archives. A malicious user could create a tar archive that could write to arbitrary files to which the user running GNU tar has write access (CVE-2002-0399). Red Hat included a backported security patch to correct this issue in Red Hat Enterprise Linux 3, and an erratum for Red Hat Enterprise Linux 2.1 users was issued.
During internal testing, we discovered that our backported security patch contained an incorrect optimization and therefore was not sufficient to completely correct this vulnerability. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2005-1918 to this issue.
Users of tar should upgrade to this updated package, which contains a replacement backported patch to correct this issue.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2006:0195. The text
# itself is copyright (C) Red Hat, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(20965);
script_version("1.24");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2005-1918");
script_bugtraq_id(5834);
script_xref(name:"RHSA", value:"2006:0195");
script_name(english:"RHEL 2.1 / 3 : tar (RHSA-2006:0195)");
script_summary(english:"Checks the rpm output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Red Hat host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"An updated tar package that fixes a path traversal flaw is now
available.
This update has been rated as having low security impact by the Red
Hat Security Response Team.
The GNU tar program saves many files together in one archive and can
restore individual files (or all of the files) from that archive.
In 2002, a path traversal flaw was found in the way GNU tar extracted
archives. A malicious user could create a tar archive that could write
to arbitrary files to which the user running GNU tar has write access
(CVE-2002-0399). Red Hat included a backported security patch to
correct this issue in Red Hat Enterprise Linux 3, and an erratum for
Red Hat Enterprise Linux 2.1 users was issued.
During internal testing, we discovered that our backported security
patch contained an incorrect optimization and therefore was not
sufficient to completely correct this vulnerability. The Common
Vulnerabilities and Exposures project (cve.mitre.org) assigned the
name CVE-2005-1918 to this issue.
Users of tar should upgrade to this updated package, which contains a
replacement backported patch to correct this issue."
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2005-1918"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/errata/RHSA-2006:0195"
);
script_set_attribute(attribute:"solution", value:"Update the affected tar package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tar");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
script_set_attribute(attribute:"vuln_publication_date", value:"2005/12/31");
script_set_attribute(attribute:"patch_publication_date", value:"2006/02/21");
script_set_attribute(attribute:"plugin_publication_date", value:"2006/02/22");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Red Hat Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^(2\.1|3)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x", "Red Hat " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo))
{
rhsa = "RHSA-2006:0195";
yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
if (!empty_or_null(yum_report))
{
security_report_v4(
port : 0,
severity : SECURITY_NOTE,
extra : yum_report
);
exit(0);
}
else
{
audit_message = "affected by Red Hat security advisory " + rhsa;
audit(AUDIT_OS_NOT, audit_message);
}
}
else
{
flag = 0;
if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"tar-1.13.25-5.AS21.1")) flag++;
if (rpm_check(release:"RHEL3", reference:"tar-1.13.25-14.RHEL3")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_NOTE,
extra : rpm_report_get() + redhat_report_package_caveat()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tar");
}
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | enterprise_linux | tar | p-cpe:/a:redhat:enterprise_linux:tar |
| redhat | enterprise_linux | 2.1 | cpe:/o:redhat:enterprise_linux:2.1 |
| redhat | enterprise_linux | 3 | cpe:/o:redhat:enterprise_linux:3 |
Related
openvas
openvas
SLES9: Security update for tar
2009-10-10 00:00:00
SLES9: Security update for tar
2009-10-10 00:00:00
debiancve
debiancve
CVE-2005-1918
2005-12-31 05:00:00
redhat
redhat
(RHSA-2006:0195) tar security update
2006-02-21 00:00:00
centos
centos
tar security update
2006-02-21 15:16:52
tar security update
2006-02-22 00:37:43
cve
cve
CVE-2005-1918
2005-12-31 05:00:00
CVE-2002-0399
2002-10-10 04:00:00
ubuntucve
ubuntucve
CVE-2005-1918
2005-12-31 00:00:00
CVE-2002-0399
2002-10-10 00:00:00
nessus
nessus
CentOS 3 : tar (CESA-2006:0195)
2006-07-03 00:00:00
Mandrake Linux Security Advisory : tar (MDKSA-2002:066)
2004-07-31 00:00:00
RHEL 2.1 : unzip (RHSA-2002:138)
2004-07-06 00:00:00
securityvulns
securityvulns
rPSA-2007-0172-1 tar
2007-08-27 00:00:00
Directory traversal and absolute path in multiple archivers
2007-08-27 00:00:00
Related for REDHAT-RHSA-2006-0195.NASL