CVE-2010-0624 – cpio: Heap-based buffer overflow by expanding a specially-crafted archive
https://notcve.org/view.php?id=CVE-2010-0624
Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character. Desbordamiento de búfer basado en pila en la función rmt_read__ en lib/rtapelib.c en la funcionalidad de cliente rmt en GNU tar anterior v1.23 y GNU cpio anterior v2.11 permite a servidores rmt remotos causar una denegación de servicio (caída de memoria) o probablemente ejecutar código de su elección con el envío de más datos de los requeridos, relacionado con nombre de ficheros que contienen el caracter : (dos puntos). • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036668.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037395.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037401.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038134.html http://lists.fedoraproject.org/pipermail/package-announce/2010-Marc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVE-2007-4476 – GNU TAR 1.15.91 / CPIO 2.5.90 - 'safer_name_suffix' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-4476
Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack." Desbordamiento de búfer en la función safer_name_suffix en GNU tar tienen un vector de ataque sin especificar y un impacto, teniendo como resultado una "caida de pila". • https://www.exploit-db.com/exploits/30766 http://bugs.gentoo.org/show_bug.cgi?id=196978 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://secunia.com/advisories/26674 http://secunia.com/advisories/26987 http://secunia.com/advisories/27331 http://secunia.com/advisories/27453 http://secunia.com/advisories/27514 http://secunia.com/advisories/27681 http://secunia.com/advisories/27857 http:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-4131 – tar directory traversal vulnerability
https://notcve.org/view.php?id=CVE-2007-4131
Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive. Vulnerabilidad de salto de directorio en la función contains_dot_dot de src/names.c en GNU tar permite a atacantes remotos con la complicidad del usuario sobre-escribir ficheros de su elección mediante determinadas secuencias //.. (barra barra punto punto) en los enlaces simbólicos de directorio en un fichero TAR. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=251921 http://docs.info.apple.com/article.html?artnum=307179 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://secunia.com/advisories/26573 http://secunia.com/advisories/26590 http://secunia.com/advisories/26603 http://secunia.com/advisories/26604 http://secunia.com/advisories/26655 http://secunia.com/advisories/26673 http://secunia.com/advisories/26674 http://secunia.com/advisories/26781 http: •
CVE-2006-0300
https://notcve.org/view.php?id=CVE-2006-0300
Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers. • http://docs.info.apple.com/article.html?artnum=305214 http://docs.info.apple.com/article.html?artnum=305391 http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html http://lists.gnu.org/archive/html/bug-tar/2006-02/msg00051.html http://secunia.com/advisories/18973 http://secunia.com/advisories/18976 http://secunia.com/advisories/18999 http://secunia.com/advisories/19016 http://secunia.co •