MiracleLinux 4 : libtar-1.2.11-17.AXS4.1 (AXSA:2014-078:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2014-078:01 advisory. libtar is a C library for manipulating tar archives. It supports both the strict POSIX tar format and many of the commonly-used GNU extensions. Security issue...

UBUNTU-CVE-2013-4397

Multiple integer overflows in the thread function in lib/block.c in libtar before 1.2.20 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long 1 name or 2 link in an archive, which triggers a heap-based buffer overflow...

GNU TAR和CPIO safer_name_suffix远程拒绝服务漏洞

BUGTRAQ ID: 26445 CVECAN ID: CVE-2007-4476 GNU Tar和GNU Cpio都是流行的用于管理档案文件的程序。 tar和cpio使用的safernamesuffix函数使用alloca报告所要剥离的前缀字符串，而这个字符串的长度（也就是传送给alloca的大小）是受tarball所有者控制的。因此，只要字符串超长就可以触发栈溢出。由于alloca之后的memcpy调用，这个溢出只能导致崩溃 GNU cpio 2.6 GNU cpio 2.5 GNU cpio 2.4 GNU cpio 1.x GNU tar 1.16 GNU tar 1.15 G...