|
Family: Debian Local Security Checks --> Category: infos
[DSA1223] DSA-1223-1 tar Vulnerability Scan
Vulnerability Scan Summary DSA-1223-1 tar
Detailed Explanation for this Vulnerability Test
Teemu Salmela discovered a vulnerability in GNU tar that could allow a
malicious user to overwrite arbitrary files by inducing the victim to
attempt to extract a specially crafted tar file containing a
GNUTYPE_NAMES record with a symbolic link.
For the stable distribution (sarge), this problem has been fixed in
version 1.14-2.3.
For the unstable distribution (sid) and the forthcoming stable release
(etch), this problem will be fixed in version 1.16-2.
We recommend that you upgrade your tar package.
Solution : http://www.debian.org/security/2006/dsa-1223
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|