GNU tar 1.13.19 and other versions before 1.13.25 allows remote attackers to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security check.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Tar | Gnu | * | 1.13.25 (including) |
| Tar | Gnu | 1.13.19 (including) | 1.13.19 (including) |
| Red Hat Enterprise Linux AS (Advanced Server) version 2.1 | RedHat | * | |
| Red Hat Linux 6.2 | RedHat | * | |
| Red Hat Linux 7.0 | RedHat | * | |
| Red Hat Linux 7.1 | RedHat | * | |
| Red Hat Linux 7.1 | RedHat | * | |
| Red Hat Linux 7.2 | RedHat | * | |
| Red Hat Linux 7.3 | RedHat | * |
References
- http://marc.info/?l=bugtraq\u0026m=103419290219680\u0026w=2
- http://www.iss.net/security_center/static/10224.php
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:219
- http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.038.html
- http://www.redhat.com/support/errata/RHSA-2002-096.html
- http://marc.info/?l=bugtraq\u0026m=103419290219680\u0026w=2
- http://www.iss.net/security_center/static/10224.php
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:219
- http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.038.html
- http://www.redhat.com/support/errata/RHSA-2002-096.html