235 matches found
CVE-2013-4397
Concretely, CVE-2013-4397 affects the libtar library (libtar) prior to 1.2.20. The vulnerability arises from integer overflows in the th_read() function in lib/block.c, enabling a heap-based buffer overflow when processing long names or links in tar archives. Exploitation could result in remote d...
CVE-2013-4397
Multiple integer overflows in the thread function in lib/block.c in libtar before 1.2.20 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long 1 name or 2 link in an archive, which triggers a heap-based buffer overflow...
MGASA-2013-0309 Updated libtar packages fixes security vulnerability
Two heap-based buffer overflow flaws were found in the way libtar handled certain archives. If a user were tricked into expanding a specially-crafted archive, it could cause the libtar executable or an application using libtar to crash or, potentially, execute arbitrary code CVE-2013-4397...
Updated libtar packages fixes security vulnerability
Two heap-based buffer overflow flaws were found in the way libtar handled certain archives. If a user were tricked into expanding a specially-crafted archive, it could cause the libtar executable or an application using libtar to crash or, potentially, execute arbitrary code CVE-2013-4397...
CentOS Update for libtar CESA-2013:1418 centos6
Check for the Version of libtar OpenVAS Vulnerability Test CentOS Update for libtar CESA-2013:1418 centos6 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...
CentOS Update for libtar CESA-2013:1418 centos6
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CentOS 6 : libtar (CESA-2013:1418)
An updated libtar package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Scientific Linux Security Update : libtar on SL6.x i386/x86_64 (20131010)
Two heap-based buffer overflow flaws were found in the way libtar handled certain archives. If a user were tricked into expanding a specially- crafted archive, it could cause the libtar executable or an application using libtar to crash or, potentially, execute arbitrary code. CVE-2013-4397 Note:...
RHEL 6 : libtar (RHSA-2013:1418)
An updated libtar package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Oracle Linux 6 : libtar (ELSA-2013-1418)
The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2013-1418 advisory. 1.2.11-17.el64.1 - fix CVE-2013-4397: buffer overflows by expanding a specially-crafted archive Tenable has extracted the preceding description block directly...
libtar: Heap-based buffer overflows by expanding a specially-crafted archive
Multiple integer overflows in the thread function in lib/block.c in libtar before 1.2.20 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long 1 name or 2 link in an archive, which triggers a heap-based buffer overflow...
Moderate: Red Hat Security Advisory: libtar security update
An updated libtar package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
libtar security update
1.2.11-17.el64.1 - fix CVE-2013-4397: buffer overflows by expanding a specially-crafted archive...
PT-2013-1072 · Libtar +3 · Libtar +3
Name of the Vulnerable Software and Affected Versions: libtar versions prior to 1.2.20 Description: The issue is related to multiple integer overflows in the th read function in lib/block.c in libtar, which can lead to a denial of service crash and possibly allow remote attackers to execute...
GNU TAR和CPIO safer_name_suffix远程拒绝服务漏洞
BUGTRAQ ID: 26445 CVECAN ID: CVE-2007-4476 GNU Tar和GNU Cpio都是流行的用于管理档案文件的程序。 tar和cpio使用的safernamesuffix函数使用alloca报告所要剥离的前缀字符串,而这个字符串的长度(也就是传送给alloca的大小)是受tarball所有者控制的。因此,只要字符串超长就可以触发栈溢出。由于alloca之后的memcpy调用,这个溢出只能导致崩溃 GNU cpio 2.6 GNU cpio 2.5 GNU cpio 2.4 GNU cpio 1.x GNU tar 1.16 GNU tar 1.15 G...