On Thu, 29 Nov 2007 14:46:06 +0300, 3APA3A said: > In order to exploit this vulnerability you need to force victim to run > attacker-supplied BAT file. It's like forcing user to run > attacker-supplied .sh script under Unix. And oddly enough, the *very next mail* from Bugtraq said: > FreeBSD-SA-07:10.gtar Security Advisory > The FreeBSD Project > Topic: gtar directory traversal vulnerability ... > III. Impact > An attacker who can convince an user to extract a specially crafted > archive can overwrite arbitrary files with the permissions of the user > running gtar. If that user is root, the attacker can overwrite any > file on the system. Apparently, somebody at FreeBSD thinks "can be exploited if you trick the user into doing something" is a valid attack vector.
Attachment:
pgp1FnrzzJPYP.pgp
Description: PGP signature