CVE-2006-6097 – GNU Tar 1.1x - 'GNUTYPE_NAMES' Directory Traversal
https://notcve.org/view.php?id=CVE-2006-6097
GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216. GNU tar 1.16 y 1.15.1, y posiblemente otras versiones, permiten a un atacante con la intervención del usuario sobreescribir ficheros de su elección a través del fichero tar que contiene un registro GNUTYPE_NAMES con un enlace simbólico, lo cual no se maneja de forma adecuada por la función extract_archive en extract.c y la función extract_mangle en mangle.c, un variante de CVE-2002-1216. • https://www.exploit-db.com/exploits/29160 ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc http://docs.info.apple.com/article.html?artnum=305214 http://kb.vmware.com/KanisaPlatform/Publishing/817/2240267_f.SAL_Public.html http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050812.html http://rhn.redhat.com/errata/RHSA-2006-0749.html http://secunia.com/advisories/23115 http •
CVE-2006-0300
https://notcve.org/view.php?id=CVE-2006-0300
Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers. • http://docs.info.apple.com/article.html?artnum=305214 http://docs.info.apple.com/article.html?artnum=305391 http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html http://lists.gnu.org/archive/html/bug-tar/2006-02/msg00051.html http://secunia.com/advisories/18973 http://secunia.com/advisories/18976 http://secunia.com/advisories/18999 http://secunia.com/advisories/19016 http://secunia.co •
CVE-2005-1918 – tar archive path traversal issue
https://notcve.org/view.php?id=CVE-2005-1918
The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/". • ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc http://secunia.com/advisories/18988 http://secunia.com/advisories/19130 http://secunia.com/advisories/19183 http://secunia.com/advisories/20397 http://securitytracker.com/id?1015655 http://support.avaya.com/elmodocs2/security/ASA-2006-110.htm http://www.novell.com/linux/security/advisories/2006_05_sr.html http://www.redhat.com/support/errata/RHSA-2006-0195.html http://www.securityfocus.com/archive/1/4 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2005-2541
https://notcve.org/view.php?id=CVE-2005-2541
Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges. • http://marc.info/?l=bugtraq&m=112327628230258&w=2 https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E •
CVE-2002-1216
https://notcve.org/view.php?id=CVE-2002-1216
GNU tar 1.13.19 and other versions before 1.13.25 allows remote attackers to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security check. GNU tar 1.13.19 y otras versiones anteriores a 1.13.25 permite a atacantes remotos sobreescribir ficheros arbitrarios mediante un ataque de enlaces simbólicos (symlink), como resultado de una modificación que tiene como efecto desactivar la comprobación de seguridad. • http://marc.info/?l=bugtraq&m=103419290219680&w=2 http://www.iss.net/security_center/static/10224.php http://www.mandriva.com/security/advisories?name=MDKSA-2006:219 http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.038.html http://www.redhat.com/support/errata/RHSA-2002-096.html https://access.redhat.com/security/cve/CVE-2002-1216 https://bugzilla.redhat.com/show_bug.cgi?id=1616858 •