Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2002:066: tar Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the tar package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2002:066 (tar).
A directory traversal vulnerability was discovered in GNU tar version 1.13.25
and earlier that allows attackers to overwrite arbitrary files during extraction
of the archive by using a '..' (dot dot) in an extracted filename.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2002:066
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.