[Full-disclosure] rPSA-2007-0172-1 tar

From: rPath Update Announcements <announce-noreply_at_nospam>
Date: Sat Aug 25 2007 - 13:24:16 GMT
To: security-announce@lists.rpath.com, update-announce@lists.rpath.com

rPath Security Advisory: 2007-0172-1
Published: 2007-08-25
Products: rPath Linux 1
Rating: Severe
Exposure Level Classification:

Indirect User Deterministic Vulnerability Updated Versions:

tar=/conary.rpath.com@rpl:devel//1/1.15.1-7.2-1

References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1267 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0399 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4131 https://issues.rpath.com/browse/RPL-1631

Description:

Previous versions of the tar package are vulnerable to an attack in which unpacking an intentionally-malformed tar archive can overwrite arbitrary files to which the user running tar has write access. If the attacking user knows the name of a vulnerable binary file and overwrites it, this allows the attacker to place arbitrary code on the system which is likely to be run. If root is running tar, this includes any file on the system, which would elevate this to an indirect non-deterministic remote root unauthorized access vulnerability.

Copyright 2007 rPath, Inc.
This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

This message: [ Message body ]
Next message: Joxean Koret: "[Full-disclosure] SIDVault LDAP Server Remote Buffer Overflow"
Previous message: security_at_nospam: "[Full-disclosure] n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]