// For flags

CVE-2006-6097

GNU Tar 1.1x - 'GNUTYPE_NAMES' Directory Traversal

Severity Score

9.1
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

4
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216.

GNU tar 1.16 y 1.15.1, y posiblemente otras versiones, permiten a un atacante con la intervención del usuario sobreescribir ficheros de su elección a través del fichero tar que contiene un registro GNUTYPE_NAMES con un enlace simbólico, lo cual no se maneja de forma adecuada por la función extract_archive en extract.c y la función extract_mangle en mangle.c, un variante de CVE-2002-1216.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2006-11-21 First Exploit
  • 2006-11-24 CVE Reserved
  • 2006-11-24 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-04-01 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
References (46)
URL Tag Source
http://docs.info.apple.com/article.html?artnum=305214 X_refsource_confirm
http://kb.vmware.com/KanisaPlatform/Publishing/817/2240267_f.SAL_Public.html X_refsource_confirm
http://secunia.com/advisories/23115 Third Party Advisory
http://secunia.com/advisories/23117 Third Party Advisory
http://secunia.com/advisories/23142 Third Party Advisory
http://secunia.com/advisories/23146 Third Party Advisory
http://secunia.com/advisories/23163 Third Party Advisory
http://secunia.com/advisories/23173 Third Party Advisory
http://secunia.com/advisories/23198 Third Party Advisory
http://secunia.com/advisories/23209 Third Party Advisory
http://secunia.com/advisories/23314 Third Party Advisory
http://secunia.com/advisories/23443 Third Party Advisory
http://secunia.com/advisories/23514 Third Party Advisory
http://secunia.com/advisories/23911 Third Party Advisory
http://secunia.com/advisories/24479 Third Party Advisory
http://secunia.com/advisories/24636 Third Party Advisory
http://securityreason.com/securityalert/1918 Third Party Advisory
http://securitytracker.com/id?1017423 Vdb Entry
http://support.avaya.com/elmodocs2/security/ASA-2007-015.htm X_refsource_confirm
http://www.securityfocus.com/archive/1/453286/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/464268/100/0/threaded Mailing List
http://www.us-cert.gov/cas/techalerts/TA07-072A.html Third Party Advisory
http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html X_refsource_confirm
http://www.vupen.com/english/advisories/2006/4717 Vdb Entry
http://www.vupen.com/english/advisories/2006/5102 Vdb Entry
http://www.vupen.com/english/advisories/2007/0930 Vdb Entry
http://www.vupen.com/english/advisories/2007/1171 Vdb Entry
https://issues.rpath.com/browse/RPL-821 X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10963 Signature
URL Date SRC
https://www.exploit-db.com/exploits/29160 2006-11-21
http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050812.html 2024-08-07
http://www.securityfocus.com/bid/21235 2024-08-07
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=216937 2024-08-07
URL Date SRC
URL Date SRC
ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc 2018-10-17
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html 2018-10-17
http://rhn.redhat.com/errata/RHSA-2006-0749.html 2018-10-17
http://security.freebsd.org/advisories/FreeBSD-SA-06:26.gtar.asc 2018-10-17
http://security.gentoo.org/glsa/glsa-200612-10.xml 2018-10-17
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.469379 2018-10-17
http://www.debian.org/security/2006/dsa-1223 2018-10-17
http://www.mandriva.com/security/advisories?name=MDKSA-2006:219 2018-10-17
http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.038.html 2018-10-17
http://www.trustix.org/errata/2006/0068 2018-10-17
http://www.ubuntu.com/usn/usn-385-1 2018-10-17
https://access.redhat.com/security/cve/CVE-2006-6097 2006-12-19
https://bugzilla.redhat.com/show_bug.cgi?id=1618237 2006-12-19
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Gnu
Search vendor "Gnu"
 Tar
Search vendor "Gnu" for product "Tar"
 1.15.1
Search vendor "Gnu" for product "Tar" and version "1.15.1"
-
Affected
Gnu
Search vendor "Gnu"
 Tar
Search vendor "Gnu" for product "Tar"
 1.16
Search vendor "Gnu" for product "Tar" and version "1.16"
-
Affected