SecurityReason.com - Our Reason is

Security

Register | Forget Password | Login
SecurityReason
WLB
Services
RSS
Corporate
Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com

Home arrow SecurityAlert Database

Arrow  Topic :

tar vulnerability


Arrow  SecurityAlert : 480
Arrow  CVE : CVE-2006-0300
Arrow  SecurityRisk : Medium  Security Risk Medium  (About)
Arrow  Remote Exploit : Yes
Arrow  Local Exploit : No
Arrow  Exploit Available : No
Arrow  Credit : Martin Pitt
Arrow  Published : 24.02.2006

Arrow  Affected Software : tar



Arrow  Advisory Content :  

===========================================================
Ubuntu Security Notice USN-257-1 February 23, 2006
tar vulnerability
CVE-2006-0300
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

tar

The problem can be corrected by upgrading the affected package to
version 1.14-2ubuntu0.1 (for Ubuntu 5.04), or 1.15.1-2ubuntu0.1 (for
Ubuntu 5.10). In general, a standard system upgrade is sufficient to
effect the necessary changes.

Details follow:

Jim Meyering discovered that tar did not properly verify the validity
of certain header fields in a GNU tar archive. By tricking an user
into processing a specially crafted tar archive, this could be
exploited to execute arbitrary code with the privileges of the user.

The tar version in Ubuntu 4.10 is not affected by this vulnerability.

Updated packages for Ubuntu 5.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.14-2ubuntu0.1.di
ff.gz
Size/MD5: 21395 1f8f561b862e0eaa1d3d76ab5b0805cc

http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.14-2ubuntu0.1.ds
c
Size/MD5: 568 1ac96d117355d0c6501bcfc0603d7f35
http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.14.orig.tar.gz
Size/MD5: 1485633 3094544702b1affa32d969f0b6459663

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.14-2ubuntu0.1_am
d64.deb
Size/MD5: 374144 92a29882b472aae37c4f241a2b3d70b7

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.14-2ubuntu0.1_i3
86.deb
Size/MD5: 366426 bd8a627f95eea1d4dd38da1b8cb755a2

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.14-2ubuntu0.1_po
werpc.deb
Size/MD5: 377108 8d1b6600f06a051dc7236e8e65c2032f

Updated packages for Ubuntu 5.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu0.1.
diff.gz
Size/MD5: 28928 e545480fd691241448cd885504e50393

http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu0.1.
dsc
Size/MD5: 576 c9d9bf92c8460d314cb3320666b01294

http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1.orig.tar.gz

Size/MD5: 2204322 d87021366fe6488e9dc398fcdcb6ed7d

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu0.1_
amd64.deb
Size/MD5: 531590 9f7a550698b0a138f4d92ec06ecfec96

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu0.1_
i386.deb
Size/MD5: 519510 fd362a5872f6924e491e2caf7639162b

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu0.1_
powerpc.deb
Size/MD5: 533538 c8148419548837909a81da6983af2964
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (GNU/Linux)

iD8DBQFD/cH6DecnbV4Fd/IRAk3oAJ0ZfcbllOf0EePF9fbKs4HRPktmCQCg7svG
TYGljxHntymH5GdKMhFJK3I=
=QI2i
-----END PGP SIGNATURE-----





Arrow  Feedback :

If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Alert

libc:fts_*() Multiple Denial of Service

Security Risk Medium- 2009-10-02

The fts functions are provided for traversing UNIX file hierarchies...

Apache RSS Apache Alert

» Apache 1.3.41 mod_proxy
   Integer overflow (code
   execution)

» Apache Tomcat 6.0.20 and
   5.5.28 unexpected file
   deletion in work
   directory

» Apache Tomcat 6.0.20 and
   5.5.28 insecure partial
   deploy after failed
   undeploy

» Apache Tomcat 6.0.20 and
   5.5.28 unexpected file
   deletion and/or
   alteration

PHP RSS PHP Alert

» PHP 5.2.12/5.3.1 Multiple
   Vulnerabilities

» PHP 5.2.11 libgd multiple
   vulnerabilities

» PHP 5.2.11 tempnam()
   safe_mode bypass

» PHP 5.3.0 5.2.11
   posix_mkfifo()
   open_basedir bypass

Copyright © SecurityReason.com. All Rights Reserved.