rPSA-2006-0222-1 tar

To: security-announce@xxxxxxxxxxxxxxx, update-announce@xxxxxxxxxxxxxxx
Subject: rPSA-2006-0222-1 tar
From: rPath Update Announcements <announce-noreply@xxxxxxxxx>
Date: Thu, 30 Nov 2006 22:46:14 -0500
Cc: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, lwn@xxxxxxx
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: nail 11.22 3/20/05

rPath Security Advisory: 2006-0222-1
Published: 2006-11-30
Products: rPath Linux 1
Rating: Severe
Exposure Level Classification:
    Indirect User Deterministic Vulnerability
Updated Versions:
    tar=/conary.rpath.com@rpl:devel//1/1.15.1-7.1-1

References:
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6097
    https://issues.rpath.com/browse/RPL-821

Description:
    Previous version of the tar package are vulnerable to an attack in
    which unpacking an intentionally-malformed tar archive can overwrite
    arbitrary files to which the user running tar has write access.
    If the attacking user knows the name of a vulnerable binary file
    and overwrites it, this allows the attacker to place arbitrary code
    on the system which is likely to be run.  If root is running tar,
    this includes any file on the system, which would elevate this
    to an indirect non-deterministic remote root unauthorized access
    vulnerability.

Prev by Date: TSLSA-2006-0068 - multi
Next by Date: Re: safely concatenating strings in portable C (Re: GnuPG 1.4 and 2.0 buffer overflow)
Previous by thread: TSLSA-2006-0068 - multi
Next by thread: freeqboard <= 1.1 (qb_path) Remote File Include Vulnerability
Index(es):
- Date
- Thread