CVE-2006-6097

GNU Tar 1.1x - 'GNUTYPE_NAMES' Directory Traversal

Severity Score

4.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216.

GNU tar 1.16 y 1.15.1, y posiblemente otras versiones, permiten a un atacante con la intervención del usuario sobreescribir ficheros de su elección a través del fichero tar que contiene un registro GNUTYPE_NAMES con un enlace simbólico, lo cual no se maneja de forma adecuada por la función extract_archive en extract.c y la función extract_mangle en mangle.c, un variante de CVE-2002-1216.

*Credits: N/A

CVSS Scores

NISTv2 4.0

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2006-11-21 First Exploit
2006-11-24 CVE Reserved
2006-11-24 CVE Published
2024-06-05 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CAPEC

References (46)

URL	Tag	Source
http://docs.info.apple.com/article.html?artnum=305214	X_refsource_confirm
http://kb.vmware.com/KanisaPlatform/Publishing/817/2240267_f.SAL_Public.html	X_refsource_confirm
http://secunia.com/advisories/23115	Third Party Advisory
http://secunia.com/advisories/23117	Third Party Advisory
http://secunia.com/advisories/23142	Third Party Advisory
http://secunia.com/advisories/23146	Third Party Advisory
http://secunia.com/advisories/23163	Third Party Advisory
http://secunia.com/advisories/23173	Third Party Advisory
http://secunia.com/advisories/23198	Third Party Advisory
http://secunia.com/advisories/23209	Third Party Advisory
http://secunia.com/advisories/23314	Third Party Advisory
http://secunia.com/advisories/23443	Third Party Advisory
http://secunia.com/advisories/23514	Third Party Advisory
http://secunia.com/advisories/23911	Third Party Advisory
http://secunia.com/advisories/24479	Third Party Advisory
http://secunia.com/advisories/24636	Third Party Advisory
http://securityreason.com/securityalert/1918	Third Party Advisory
http://securitytracker.com/id?1017423	Vdb Entry
http://support.avaya.com/elmodocs2/security/ASA-2007-015.htm	X_refsource_confirm
http://www.securityfocus.com/archive/1/453286/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/464268/100/0/threaded	Mailing List
http://www.us-cert.gov/cas/techalerts/TA07-072A.html	Third Party Advisory
http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html	X_refsource_confirm
http://www.vupen.com/english/advisories/2006/4717	Vdb Entry
http://www.vupen.com/english/advisories/2006/5102	Vdb Entry
http://www.vupen.com/english/advisories/2007/0930	Vdb Entry
http://www.vupen.com/english/advisories/2007/1171	Vdb Entry
https://issues.rpath.com/browse/RPL-821	X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10963	Signature

URL	Date	SRC
https://www.exploit-db.com/exploits/29160	2006-11-21
http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050812.html	2024-08-07
http://www.securityfocus.com/bid/21235	2024-08-07
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=216937	2024-08-07

URL	Date	SRC

URL	Date	SRC
ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc	2018-10-17
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html	2018-10-17
http://rhn.redhat.com/errata/RHSA-2006-0749.html	2018-10-17
http://security.freebsd.org/advisories/FreeBSD-SA-06:26.gtar.asc	2018-10-17
http://security.gentoo.org/glsa/glsa-200612-10.xml	2018-10-17
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.469379	2018-10-17
http://www.debian.org/security/2006/dsa-1223	2018-10-17
http://www.mandriva.com/security/advisories?name=MDKSA-2006:219	2018-10-17
http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.038.html	2018-10-17
http://www.trustix.org/errata/2006/0068	2018-10-17
http://www.ubuntu.com/usn/usn-385-1	2018-10-17
https://access.redhat.com/security/cve/CVE-2006-6097	2006-12-19
https://bugzilla.redhat.com/show_bug.cgi?id=1618237	2006-12-19

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Gnu Search vendor "Gnu"		Tar Search vendor "Gnu" for product "Tar"				1.15.1 Search vendor "Gnu" for product "Tar" and version "1.15.1"		-		Affected
Gnu Search vendor "Gnu"		Tar Search vendor "Gnu" for product "Tar"				1.16 Search vendor "Gnu" for product "Tar" and version "1.16"		-		Affected