Lucene search
K

453 matches found

Debian
Debian
added 2006/12/01 4:26 p.m.26 views

[SECURITY] [DSA 1223-1] New tar packages fix arbitrary file overwrite

------------------------------------------------------------------------ Debian Security Advisory DSA-1223-1 [email protected] http://www.debian.org/security/ Noah Meyerhans December 01, 2006 - ------------------------------------------------------------------------ Package : tar Vulnerability...

4CVSS0.6AI score0.11084EPSS
Exploits1
Debian
Debian
added 2006/12/01 4:26 p.m.35 views

[SECURITY] [DSA 1223-1] New tar packages fix arbitrary file overwrite

------------------------------------------------------------------------ Debian Security Advisory DSA-1223-1 [email protected] http://www.debian.org/security/ Noah Meyerhans December 01, 2006 - ------------------------------------------------------------------------ Package : tar Vulnerability...

4CVSS7.9AI score0.11084EPSS
Exploits1
OSV
OSV
added 2006/12/01 12:0 a.m.17 views

DSA-1223-1 tar

Bulletin has no description...

4CVSS6.3AI score0.11084EPSS
Exploits1
seebug.org
seebug.org
added 2006/11/29 12:0 a.m.57 views

GNU Tar GNUTYPE_NAMES远程目录遍历漏洞

GNU tar可创建和解压tar文档,并进行各种存档文件管理。 GNU tar在处理特定的记录时未能正确处理可能的符号链接,远程攻击者可能利用此漏洞在用户机器的任意位置创建文件。 tar的extract.c文件中的extractarchive函数和mangle.c文件中的extractmangle函数会处理包含有符号链接的GNUTYPENAMES记录类型。如果用户受骗打开了特制的tar文件的话,就会导致覆盖任意文件。 GNU tar 1.16 GNU tar 1.15.1 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2006/11/28 12:0 a.m.37 views

[Full-disclosure] GNU tar directory traversal

GNU tar directory traversal ---------------------------------------------------------------------------- What is it? When i download a tar file warez.tar.gz in this example from the web and run the following commands: $ mkdir /warez $ tar xzf warez.tar.gz -C /warez , then i would expect that tar...

7.4AI score
Exploits0
UbuntuCve
UbuntuCve
added 2006/11/24 6:7 p.m.34 views

CVE-2006-6097

GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPENAMES record with a symbolic link, which is not properly handled by the extractarchive function in extract.c and extractmangle function in...

4CVSS7.2AI score0.11084EPSS
Exploits1References2
NVD
NVD
added 2006/11/24 6:7 p.m.20 views

CVE-2006-6097

GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPENAMES record with a symbolic link, which is not properly handled by the extractarchive function in extract.c and extractmangle function in...

4CVSS6.2AI score0.11084EPSS
Exploits1References43
OSV
OSV
added 2006/11/24 6:7 p.m.11 views

CVE-2006-6097

GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPENAMES record with a symbolic link, which is not properly handled by the extractarchive function in extract.c and extractmangle function in...

6.3AI score
Exploits0References43
Snyk
Snyk
added 2006/11/24 6:7 p.m.1 views

Arbitrary Code Execution

Overview Affected versions of this package are vulnerable to Arbitrary Code Execution. GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPENAMES record with a symbolic link, which is not properly...

5CVSS7.2AI score0.11084EPSS
Exploits1References2
CVE
CVE
added 2006/11/24 6:0 p.m.77 views

CVE-2006-6097

Summary: CVE-2006-6097 affects GNU tar (notably v1.15.1 and v1.16) due to improper handling of GNUTYPE_NAMES symlink records during extraction, enabling a user-assisted attacker to overwrite arbitrary files. Multiple advisories report the issue as a path-traversal vulnerability in tar extraction,...

4CVSS7.5AI score0.11084EPSS
Exploits1References43Affected Software1
Debian CVE
Debian CVE
added 2006/11/24 6:0 p.m.40 views

CVE-2006-6097

GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPENAMES record with a symbolic link, which is not properly handled by the extractarchive function in extract.c and extractmangle function in...

4CVSS5AI score0.11084EPSS
Exploits1
Packet Storm
Packet Storm
added 2006/11/22 12:0 a.m.24 views

gnutar.txt

GNU tar directory traversal ---------------------------------------------------------------------------- What is it? When i download a tar file warez.tar.gz in this example from the web and run the following commands: $ mkdir /warez $ tar xzf warez.tar.gz -C /warez , then i would expect that tar...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2006/11/21 12:0 a.m.23 views

GNU Tar 1.1x - 'GNUTYPE_NAMES' Directory Traversal

/ source: https://www.securityfocus.com/bid/21235/info GNU Tar is prone to a vulnerability that may allow an attacker to place files and overwrite files in arbitrary locations on a vulnerable computer. These issues present themselves when the application processes malicious archives. A successful...

7AI score
Exploits0
exploitpack
exploitpack
added 2006/11/21 12:0 a.m.13 views

GNU Tar 1.1x - GNUTYPE_NAMES Directory Traversal

GNU Tar 1.1x - GNUTYPENAMES Directory Traversal / source: https://www.securityfocus.com/bid/21235/info GNU Tar is prone to a vulnerability that may allow an attacker to place files and overwrite files in arbitrary locations on a vulnerable computer. These issues present themselves when the...

Exploits0
Tenable Nessus
Tenable Nessus
added 2006/10/14 12:0 a.m.29 views

Debian DSA-987-1 : tar - buffer overflow

Jim Meyering discovered several buffer overflows in GNU tar, which may lead to the execution of arbitrary code through specially crafted tar archives. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security...

5.1CVSS7.9AI score0.05053EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2006/07/05 12:0 a.m.40 views

CentOS 4 : tar (CESA-2006:0232)

An updated tar package that fixes a buffer overflow bug is now available for Red Hat Enterprise Linux 4. This update has been rated as having Moderate security impact by the Red Hat Security Response Team. The GNU tar program saves many files together in one archive and can restore individual fil...

5.1CVSS7.8AI score0.05053EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2006/07/03 12:0 a.m.33 views

CentOS 3 : tar (CESA-2006:0195)

An updated tar package that fixes a path traversal flaw is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The GNU tar program saves many files together in one archive and can restore individual files or all of the files from that...

5CVSS7.1AI score0.03589EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2006/03/13 12:0 a.m.50 views

GLSA-200603-06 : GNU tar: Buffer overflow

The remote host is affected by the vulnerability described in GLSA-200603-06 GNU tar: Buffer overflow Jim Meyering discovered a flaw in the handling of certain header fields that could result in a buffer overflow when extracting or listing the contents of an archive. Impact : A remote attacker...

5.1CVSS8.1AI score0.05053EPSS
Exploits0References2
Gentoo Linux
Gentoo Linux
added 2006/03/10 12:0 a.m.31 views

GNU tar: Buffer overflow

Background GNU tar is the standard GNU utility for creating and manipulating tar archives, a common format used for creating backups and distributing files on UNIX-like systems. Description Jim Meyering discovered a flaw in the handling of certain header fields that could result in a buffer...

5.1CVSS8.2AI score0.05053EPSS
Exploits0
Debian
Debian
added 2006/03/07 2:19 p.m.22 views

[SECURITY] [DSA 987-1] New tar packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 987-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 7th, 2006 http://www.debian.org/security/faq -...

5.1CVSS0.4AI score0.05053EPSS
Exploits0
Rows per page
Query Builder