Gnu Tar "GNUTYPE_NAMES" Record Handling Directory Traversal ...

Posted by dcparris on Nov 28, 2006 2:37 AM EDT
FrSIRT		Mail this story
Print this story

A vulnerability has been identified in GNU Tar, which could be exploited by malicious people to conduct directory traversal attacks. This flaw is due to errors in the "extract_archive()" and "extract_mangle()" functions when processing a "GNUTYPE_NAMES" record with a symbolic link, which could be exploited by attackers to overwrite arbitrary files by tricking a user into extracting a specially crafted archive.

Full Story

  Nav
» Read more about: Story Type: Security; Groups: GNU

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.