Back to search
CVE-2006-6097
Published: Nov 24, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
23117
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:10963
vdb-entry
signature
x_refsource_OVAL
https://issues.rpath.com/browse/RPL-821
x_refsource_CONFIRM
1918
third-party-advisory
x_refsource_SREASON
TA07-072A
third-party-advisory
x_refsource_CERT
21235
vdb-entry
x_refsource_BID
23146
third-party-advisory
x_refsource_SECUNIA
20061121 GNU tar directory traversal
mailing-list
x_refsource_FULLDISC
http://kb.vmware.com/KanisaPlatform/Publishing/817/2240267_f.SAL_Public.html
x_refsource_CONFIRM
APPLE-SA-2007-03-13
vendor-advisory
x_refsource_APPLE
23209
third-party-advisory
x_refsource_SECUNIA
http://docs.info.apple.com/article.html?artnum=305214
x_refsource_CONFIRM
ADV-2006-5102
vdb-entry
x_refsource_VUPEN
2006-0068
vendor-advisory
x_refsource_TRUSTIX
23142
third-party-advisory
x_refsource_SECUNIA
23314
third-party-advisory
x_refsource_SECUNIA
ADV-2007-1171
vdb-entry
x_refsource_VUPEN
http://support.avaya.com/elmodocs2/security/ASA-2007-015.htm
x_refsource_CONFIRM
GLSA-200612-10
vendor-advisory
x_refsource_GENTOO
23198
third-party-advisory
x_refsource_SECUNIA
23115
third-party-advisory
x_refsource_SECUNIA
http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html
x_refsource_CONFIRM
20061201 rPSA-2006-0222-1 tar
mailing-list
x_refsource_BUGTRAQ
23911
third-party-advisory
x_refsource_SECUNIA
USN-385-1
vendor-advisory
x_refsource_UBUNTU
20070330 VMSA-2007-0002 VMware ESX security updates
mailing-list
x_refsource_BUGTRAQ
23173
third-party-advisory
x_refsource_SECUNIA
RHSA-2006:0749
vendor-advisory
x_refsource_REDHAT
FreeBSD-SA-06:26
vendor-advisory
x_refsource_FREEBSD
1017423
vdb-entry
x_refsource_SECTRACK
24636
third-party-advisory
x_refsource_SECUNIA
DSA-1223
vendor-advisory
x_refsource_DEBIAN
ADV-2007-0930
vdb-entry
x_refsource_VUPEN
23443
third-party-advisory
x_refsource_SECUNIA
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=216937
x_refsource_MISC
MDKSA-2006:219
vendor-advisory
x_refsource_MANDRIVA
OpenPKG-SA-2006.038
vendor-advisory
x_refsource_OPENPKG
ADV-2006-4717
vdb-entry
x_refsource_VUPEN
23514
third-party-advisory
x_refsource_SECUNIA
SSA:2006-335-01
vendor-advisory
x_refsource_SLACKWARE
24479
third-party-advisory
x_refsource_SECUNIA
23163
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now