LXer: Gnu Tar "GNUTYPE_NAMES" Record Handling Directory Traversal ...
Published at LXer:
A vulnerability has been identified in GNU Tar, which could be exploited by malicious people to conduct directory traversal attacks. This flaw is due to errors in the "extract_archive()" and "extract_mangle()" functions when processing a "GNUTYPE_NAMES" record with a symbolic link, which could be exploited by attackers to overwrite arbitrary files by tricking a user into extracting a specially crafted archive. Read More... |
All times are GMT -5. The time now is 12:01 AM. |