|
|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200612-10] Tar: Directory traversal vulnerability Vulnerability Scan
Vulnerability Scan Summary
Tar: Directory traversal vulnerability
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200612-10
(Tar: Directory traversal vulnerability)
Tar does not properly extract archive elements using the GNUTYPE_NAMES
record name, allowing files to be created at arbitrary locations using
symlinks. Once a symlink is extracted, files after the symlink in the
archive will be extracted to the destination of the symlink.
Impact
A possible hacker could entice a user to extract a specially crafted tar
archive, possibly allowing for the overwriting of arbitrary files on
the system extracting the archive.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6097
Solution:
All Tar users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-arch/tar-1.16-r2"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|
