ID |
CVE-2006-6097
|
Summary |
GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216. |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 4.0 (as of 17-10-2018 - 21:46) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
HIGH |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
NONE |
PARTIAL |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:H/Au:N/C:N/I:P/A:P
|
oval
via4
|
accepted | 2013-04-29T04:10:18.270-04:00 | class | vulnerability | contributors | name | Aharon Chernin | organization | SCAP.com, LLC |
name | Dragos Prisaca | organization | G2, Inc. |
| definition_extensions | comment | The operating system installed on the system is Red Hat Enterprise Linux 3 | oval | oval:org.mitre.oval:def:11782 |
comment | CentOS Linux 3.x | oval | oval:org.mitre.oval:def:16651 |
comment | The operating system installed on the system is Red Hat Enterprise Linux 4 | oval | oval:org.mitre.oval:def:11831 |
comment | CentOS Linux 4.x | oval | oval:org.mitre.oval:def:16636 |
comment | Oracle Linux 4.x | oval | oval:org.mitre.oval:def:15990 |
| description | GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216. | family | unix | id | oval:org.mitre.oval:def:10963 | status | accepted | submitted | 2010-07-09T03:56:16-04:00 | title | GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216. | version | 29 |
|
redhat
via4
|
advisories | bugzilla | id | 1618237 | title | CVE-2006-6097 security flaw |
| oval | OR | comment | Red Hat Enterprise Linux must be installed | oval | oval:com.redhat.rhba:tst:20070304026 |
AND | comment | Red Hat Enterprise Linux 4 is installed | oval | oval:com.redhat.rhba:tst:20070304025 |
comment | tar is earlier than 0:1.14-12.RHEL4 | oval | oval:com.redhat.rhsa:tst:20060749001 |
comment | tar is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20060232002 |
|
|
| rhsa | id | RHSA-2006:0749 | released | 2006-12-19 | severity | Moderate | title | RHSA-2006:0749: tar security update (Moderate) |
|
| rpms | - tar-0:1.13.25-15.RHEL3
- tar-0:1.13.25-6.AS21.1
- tar-0:1.14-12.RHEL4
- tar-debuginfo-0:1.13.25-15.RHEL3
- tar-debuginfo-0:1.14-12.RHEL4
|
|
refmap
via4
|
apple | APPLE-SA-2007-03-13 | bid | 21235 | bugtraq | - 20061201 rPSA-2006-0222-1 tar
- 20070330 VMSA-2007-0002 VMware ESX security updates
| cert | TA07-072A | confirm | | debian | DSA-1223 | freebsd | FreeBSD-SA-06:26 | fulldisc | 20061121 GNU tar directory traversal | gentoo | GLSA-200612-10 | mandriva | MDKSA-2006:219 | misc | https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=216937 | openpkg | OpenPKG-SA-2006.038 | sectrack | 1017423 | secunia | - 23115
- 23117
- 23142
- 23146
- 23163
- 23173
- 23198
- 23209
- 23314
- 23443
- 23514
- 23911
- 24479
- 24636
| sgi | 20061202-01-P | slackware | SSA:2006-335-01 | sreason | 1918 | trustix | 2006-0068 | ubuntu | USN-385-1 | vupen | - ADV-2006-4717
- ADV-2006-5102
- ADV-2007-0930
- ADV-2007-1171
|
|
statements
via4
|
contributor | Mark J Cox | lastmodified | 2007-03-14 | organization | Red Hat | statement | Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. |
|
Last major update |
17-10-2018 - 21:46 |
Published |
24-11-2006 - 18:07 |
Last modified |
17-10-2018 - 21:46 |