CVE-2006-6097

GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPENAMES record with a symbolic link, which is not properly handled by the extractarchive function in extract.c and extractmangle function in...

gnutar.txt

GNU tar directory traversal ---------------------------------------------------------------------------- What is it? When i download a tar file warez.tar.gz in this example from the web and run the following commands: $ mkdir /warez $ tar xzf warez.tar.gz -C /warez , then i would expect that tar...