LinuxQuestions.org - LXer: Gnu Tar "GNUTYPE_NAMES" Record Handling Directory Traversal ...

- Syndicated Linux News (https://www.linuxquestions.org/questions/syndicated-linux-news-67/)

- - LXer: Gnu Tar "GNUTYPE_NAMES" Record Handling Directory Traversal ... (https://www.linuxquestions.org/questions/syndicated-linux-news-67/lxer-gnu-tar-gnutype_names-record-handling-directory-traversal-505526/)

LXer	11-28-2006 05:54 AM

LXer: Gnu Tar "GNUTYPE_NAMES" Record Handling Directory Traversal ...

Published at LXer:

A vulnerability has been identified in GNU Tar, which could be exploited by malicious people to conduct directory traversal attacks. This flaw is due to errors in the "extract_archive()" and "extract_mangle()" functions when processing a "GNUTYPE_NAMES" record with a symbolic link, which could be exploited by attackers to overwrite arbitrary files by tricking a user into extracting a specially crafted archive.

Read More...

All times are GMT -5. The time now is 12:01 AM.