Star: Directory traversal vulnerability

Background The Star program provides the ability to create and extract tar archives. Description Robert Buchholz of the Gentoo Security team discovered a directory traversal vulnerability in the hasdotdot function which does not identify //.. slash slash dot dot sequences in file names inside tar...

star fails to set proper permissions on programs specified in RSH environment variable

Overview Star can call external programs specified by the RSH environment variable. This may permit a malicious local user to gain elevated privileges. Description Star is a tape archiving program similar to tar. Star permits the use of storage devices on remote machines via an access program on...