ID CVE-2006-0300
Summary Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.
References
Vulnerable Configurations
  • GNU tar 1.14
    cpe:2.3:a:gnu:tar:1.14
  • GNU tar 1.14.1
    cpe:2.3:a:gnu:tar:1.14.1
  • GNU tar 1.15
    cpe:2.3:a:gnu:tar:1.15
  • GNU tar 1.15.1
    cpe:2.3:a:gnu:tar:1.15.1
  • GNU tar 1.15.90
    cpe:2.3:a:gnu:tar:1.15.90
CVSS
Base: 5.1 (as of 24-02-2006 - 09:18)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_6107EFB9AAE311DAAEA1000854D03344.NASL
    description GNU tar is vulnerable to a buffer overflow, caused by improper bounds checking of the PAX extended headers. By tricking an user into processing a specially crafted tar archive, this could be exploited to execute arbitrary code with the privileges of the user.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 21437
    published 2006-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21437
    title FreeBSD : gtar -- invalid headers buffer overflow (6107efb9-aae3-11da-aea1-000854d03344)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-046.NASL
    description Gnu tar versions 1.14 and above have a buffer overflow vulnerability and some other issues including : - Carefully crafted invalid headers can cause buffer overrun. - Invalid header fields go undiagnosed. - Some valid time strings are ignored. The updated packages have been patched to address this issue.
    last seen 2019-01-16
    modified 2018-07-19
    plugin id 20964
    published 2006-02-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20964
    title Mandrake Linux Security Advisory : tar (MDKSA-2006:046)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2006-0232.NASL
    description An updated tar package that fixes a buffer overflow bug is now available for Red Hat Enterprise Linux 4. This update has been rated as having Moderate security impact by the Red Hat Security Response Team. The GNU tar program saves many files together in one archive and can restore individual files (or all of the files) from that archive. Jim Meyering discovered a buffer overflow bug in the way GNU tar extracts malformed archives. By tricking a user into extracting a malicious tar archive, it is possible to execute arbitrary code as the user running tar. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2006-0300 to this issue. Users of tar should upgrade to this updated package, which contains a backported patch to correct this issue.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 21988
    published 2006-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21988
    title CentOS 4 : tar (CESA-2006:0232)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200603-06.NASL
    description The remote host is affected by the vulnerability described in GLSA-200603-06 (GNU tar: Buffer overflow) Jim Meyering discovered a flaw in the handling of certain header fields that could result in a buffer overflow when extracting or listing the contents of an archive. Impact : A remote attacker could construct a malicious tar archive that could potentially execute arbitrary code with the privileges of the user running GNU tar. Workaround : There is no known workaround at this time.
    last seen 2019-01-16
    modified 2018-08-10
    plugin id 21044
    published 2006-03-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21044
    title GLSA-200603-06 : GNU tar: Buffer overflow
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_139099.NASL
    description SunOS 5.10: gtar patch. Date this patch was last updated by Sun : Apr/19/10 This plugin has been deprecated and either replaced with individual 139099 patch-revision plugins, or deemed non-security related.
    last seen 2019-01-16
    modified 2018-07-30
    plugin id 34106
    published 2008-09-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34106
    title Solaris 10 (sparc) : 139099-04 (deprecated)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-257-1.NASL
    description Jim Meyering discovered that tar did not properly verify the validity of certain header fields in a GNU tar archive. By tricking an user into processing a specially crafted tar archive, this could be exploited to execute arbitrary code with the privileges of the user. The tar version in Ubuntu 4.10 is not affected by this vulnerability. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-08-15
    plugin id 21065
    published 2006-03-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21065
    title Ubuntu 5.04 / 5.10 : tar vulnerability (USN-257-1)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_139100-04.NASL
    description SunOS 5.10_x86: gtar patch. Date this patch was last updated by Sun : Apr/19/10
    last seen 2018-10-31
    modified 2018-10-29
    plugin id 108007
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108007
    title Solaris 10 (x86) : 139100-04
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_4_9.NASL
    description The remote host is running a version of Mac OS X 10.4 which is older than version 10.4.9 or a version of Mac OS X 10.3 which does not have Security Update 2007-003 applied. This update contains several security fixes for the following programs : - ColorSync - CoreGraphics - Crash Reporter - CUPS - Disk Images - DS Plugins - Flash Player - GNU Tar - HFS - HID Family - ImageIO - Kernel - MySQL server - Networking - OpenSSH - Printing - QuickDraw Manager - servermgrd - SMB File Server - Software Update - sudo - WebLog
    last seen 2019-01-16
    modified 2018-07-14
    plugin id 24811
    published 2007-03-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24811
    title Mac OS X < 10.4.9 Multiple Vulnerabilities (Security Update 2007-003)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_139100.NASL
    description SunOS 5.10_x86: gtar patch. Date this patch was last updated by Sun : Apr/19/10 This plugin has been deprecated and either replaced with individual 139100 patch-revision plugins, or deemed non-security related.
    last seen 2019-01-16
    modified 2018-07-30
    plugin id 34107
    published 2008-09-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34107
    title Solaris 10 (x86) : 139100-04 (deprecated)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2006-0232.NASL
    description An updated tar package that fixes a buffer overflow bug is now available for Red Hat Enterprise Linux 4. This update has been rated as having Moderate security impact by the Red Hat Security Response Team. The GNU tar program saves many files together in one archive and can restore individual files (or all of the files) from that archive. Jim Meyering discovered a buffer overflow bug in the way GNU tar extracts malformed archives. By tricking a user into extracting a malicious tar archive, it is possible to execute arbitrary code as the user running tar. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2006-0300 to this issue. Users of tar should upgrade to this updated package, which contains a backported patch to correct this issue.
    last seen 2019-01-16
    modified 2018-11-16
    plugin id 21005
    published 2006-03-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21005
    title RHEL 4 : tar (RHSA-2006:0232)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_118191.NASL
    description SunOS 5.9: gtar patch. Date this patch was last updated by Sun : Apr/19/10
    last seen 2018-09-02
    modified 2014-08-30
    plugin id 34997
    published 2008-12-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34997
    title Solaris 9 (sparc) : 118191-05
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2007-004.NASL
    description The remote host is running a version of Mac OS X 10.4 that does not have Security Update 2007-004 applied. This update fixes security flaws in the following applications : AFP Client AirPort CarbonCore diskdev_cmds fetchmail ftpd gnutar Help Viewer HID Family Installer Kerberos Libinfo Login Window network_cmds SMB System Configuration URLMount Video Conference WebDAV
    last seen 2019-01-16
    modified 2018-07-14
    plugin id 25081
    published 2007-04-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25081
    title Mac OS X Multiple Vulnerabilities (Security Update 2007-004)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-987.NASL
    description Jim Meyering discovered several buffer overflows in GNU tar, which may lead to the execution of arbitrary code through specially crafted tar archives.
    last seen 2019-01-16
    modified 2018-08-10
    plugin id 22853
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22853
    title Debian DSA-987-1 : tar - buffer overflow
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_X86_118192.NASL
    description SunOS 5.9_x86: gtar patch. Date this patch was last updated by Sun : Apr/19/10
    last seen 2018-09-02
    modified 2014-08-30
    plugin id 35001
    published 2008-12-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35001
    title Solaris 9 (x86) : 118192-05
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_139100-07.NASL
    description SunOS 5.10_x86: gtar patch. Date this patch was last updated by Sun : Jul/16/18
    last seen 2018-10-31
    modified 2018-10-29
    plugin id 111125
    published 2018-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111125
    title Solaris 10 (x86) : 139100-07
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_139099-04.NASL
    description SunOS 5.10: gtar patch. Date this patch was last updated by Sun : Apr/19/10
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 107509
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107509
    title Solaris 10 (sparc) : 139099-04
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_139099-07.NASL
    description SunOS 5.10: gtar patch. Date this patch was last updated by Sun : Jul/16/18
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 111115
    published 2018-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111115
    title Solaris 10 (sparc) : 139099-07
oval via4
  • accepted 2009-06-15T04:00:39.412-04:00
    class vulnerability
    contributors
    name Michael Wood
    organization Hewlett-Packard
    definition_extensions
    comment Solaris 10 (x86) is installed
    oval oval:org.mitre.oval:def:1926
    description Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.
    family unix
    id oval:org.mitre.oval:def:5252
    status accepted
    submitted 2009-04-30T11:23:00.000-04:00
    title Security Vulnerability in GNU tar May Lead to Arbitrary Code Execution or Denial of Service (DoS)
    version 31
  • accepted 2009-06-15T04:00:53.458-04:00
    class vulnerability
    contributors
    name Michael Wood
    organization Hewlett-Packard
    definition_extensions
    comment Solaris 10 (SPARC) is installed
    oval oval:org.mitre.oval:def:1440
    description Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.
    family unix
    id oval:org.mitre.oval:def:5978
    status accepted
    submitted 2009-04-30T11:23:00.000-04:00
    title Security Vulnerability in GNU tar May Lead to Arbitrary Code Execution or Denial of Service (DoS)
    version 31
  • accepted 2009-06-15T04:00:54.861-04:00
    class vulnerability
    contributors
    name Michael Wood
    organization Hewlett-Packard
    definition_extensions
    comment Solaris 9 (SPARC) is installed
    oval oval:org.mitre.oval:def:1457
    description Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.
    family unix
    id oval:org.mitre.oval:def:5993
    status accepted
    submitted 2009-04-30T11:23:00.000-04:00
    title Security Vulnerability in GNU tar May Lead to Arbitrary Code Execution or Denial of Service (DoS)
    version 32
  • accepted 2009-06-15T04:01:00.185-04:00
    class vulnerability
    contributors
    name Michael Wood
    organization Hewlett-Packard
    definition_extensions
    comment Solaris 9 (x86) is installed
    oval oval:org.mitre.oval:def:1683
    description Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.
    family unix
    id oval:org.mitre.oval:def:6094
    status accepted
    submitted 2009-04-30T11:23:00.000-04:00
    title Security Vulnerability in GNU tar May Lead to Arbitrary Code Execution or Denial of Service (DoS)
    version 32
  • accepted 2013-04-29T04:18:40.860-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    description Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.
    family unix
    id oval:org.mitre.oval:def:9295
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.
    version 23
redhat via4
advisories
bugzilla
id 181772
title CVE-2006-0300 GNU tar heap overlfow bug
oval
AND
comment Red Hat Enterprise Linux 4 is installed
oval oval:com.redhat.rhsa:tst:20060016001
rhsa
id RHSA-2006:0232
released 2006-03-01
severity Moderate
title RHSA-2006:0232: tar security update (Moderate)
refmap via4
apple
  • APPLE-SA-2007-03-13
  • APPLE-SA-2007-04-19
bid 16764
cert
  • TA07-072A
  • TA07-109A
confirm
debian DSA-987
fedora FLSA:183571-2
gentoo GLSA-200603-06
mandriva MDKSA-2006:046
mlist [Bug-tar] 20060220 tar 1.15.90 released
openpkg OpenPKG-SA-2006.006
osvdb 23371
sectrack 1015705
secunia
  • 18973
  • 18976
  • 18999
  • 19016
  • 19093
  • 19130
  • 19152
  • 19236
  • 20042
  • 24479
  • 24966
sreason
sunalert 241646
suse SUSE-SR:2006:005
trustix 2006-0010
ubuntu USN-257-1
vupen
  • ADV-2006-0684
  • ADV-2007-0930
  • ADV-2007-1470
  • ADV-2008-2518
xf gnu-tar-pax-headers-bo(24855)
Last major update 07-03-2011 - 21:29
Published 23-02-2006 - 19:02
Last modified 19-10-2018 - 11:44
Back to Top