ID CVE-2006-0300
Summary Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.
References
Vulnerable Configurations
  • cpe:2.3:a:gnu:tar:1.14:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:tar:1.14:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:tar:1.14.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:tar:1.14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:tar:1.15:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:tar:1.15:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:tar:1.15.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:tar:1.15.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:tar:1.15.90:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:tar:1.15.90:*:*:*:*:*:*:*
CVSS
Base: 5.1 (as of 19-10-2018 - 15:44)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
oval via4
  • accepted 2009-06-15T04:00:39.412-04:00
    class vulnerability
    contributors
    name Michael Wood
    organization Hewlett-Packard
    definition_extensions
    comment Solaris 10 (x86) is installed
    oval oval:org.mitre.oval:def:1926
    description Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.
    family unix
    id oval:org.mitre.oval:def:5252
    status accepted
    submitted 2009-04-30T11:23:00.000-04:00
    title Security Vulnerability in GNU tar May Lead to Arbitrary Code Execution or Denial of Service (DoS)
    version 35
  • accepted 2009-06-15T04:00:53.458-04:00
    class vulnerability
    contributors
    name Michael Wood
    organization Hewlett-Packard
    definition_extensions
    comment Solaris 10 (SPARC) is installed
    oval oval:org.mitre.oval:def:1440
    description Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.
    family unix
    id oval:org.mitre.oval:def:5978
    status accepted
    submitted 2009-04-30T11:23:00.000-04:00
    title Security Vulnerability in GNU tar May Lead to Arbitrary Code Execution or Denial of Service (DoS)
    version 35
  • accepted 2009-06-15T04:00:54.861-04:00
    class vulnerability
    contributors
    name Michael Wood
    organization Hewlett-Packard
    definition_extensions
    comment Solaris 9 (SPARC) is installed
    oval oval:org.mitre.oval:def:1457
    description Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.
    family unix
    id oval:org.mitre.oval:def:5993
    status accepted
    submitted 2009-04-30T11:23:00.000-04:00
    title Security Vulnerability in GNU tar May Lead to Arbitrary Code Execution or Denial of Service (DoS)
    version 36
  • accepted 2009-06-15T04:01:00.185-04:00
    class vulnerability
    contributors
    name Michael Wood
    organization Hewlett-Packard
    definition_extensions
    comment Solaris 9 (x86) is installed
    oval oval:org.mitre.oval:def:1683
    description Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.
    family unix
    id oval:org.mitre.oval:def:6094
    status accepted
    submitted 2009-04-30T11:23:00.000-04:00
    title Security Vulnerability in GNU tar May Lead to Arbitrary Code Execution or Denial of Service (DoS)
    version 36
  • accepted 2013-04-29T04:18:40.860-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    description Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.
    family unix
    id oval:org.mitre.oval:def:9295
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.
    version 29
redhat via4
advisories
bugzilla
id 1617881
title CVE-2006-0300 security flaw
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhba:tst:20070304025
    • comment tar is earlier than 0:1.14-9.RHEL4
      oval oval:com.redhat.rhsa:tst:20060232001
    • comment tar is signed with Red Hat master key
      oval oval:com.redhat.rhsa:tst:20060232002
rhsa
id RHSA-2006:0232
released 2006-03-01
severity Moderate
title RHSA-2006:0232: tar security update (Moderate)
rpms
  • tar-0:1.14-9.RHEL4
  • tar-debuginfo-0:1.14-9.RHEL4
refmap via4
apple
  • APPLE-SA-2007-03-13
  • APPLE-SA-2007-04-19
bid 16764
cert
  • TA07-072A
  • TA07-109A
confirm
debian DSA-987
fedora FLSA:183571-2
gentoo GLSA-200603-06
mandriva MDKSA-2006:046
mlist [Bug-tar] 20060220 tar 1.15.90 released
openpkg OpenPKG-SA-2006.006
osvdb 23371
sectrack 1015705
secunia
  • 18973
  • 18976
  • 18999
  • 19016
  • 19093
  • 19130
  • 19152
  • 19236
  • 20042
  • 24479
  • 24966
sreason
sunalert 241646
suse SUSE-SR:2006:005
trustix 2006-0010
ubuntu USN-257-1
vupen
  • ADV-2006-0684
  • ADV-2007-0930
  • ADV-2007-1470
  • ADV-2008-2518
xf gnu-tar-pax-headers-bo(24855)
Last major update 19-10-2018 - 15:44
Published 24-02-2006 - 00:02
Last modified 19-10-2018 - 15:44
Back to Top