Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

S-100: GNU Tar Vulnerabilities

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) S-100: GNU Tar Vulnerabilities
# 1  
Old 01-03-2008
S-100: GNU Tar Vulnerabilities
Several vulnerabilities have been discovered in GNU Tar. The risk is MEDIUM. May lead to arbitrary code execution when processing maliciously crafted archives.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread

6 More Discussions You Might Find Interesting

1. AIX

GNU TAR vs NATIVE AIX TAR

Hello, Getting this very strange error, made tar/zip through gnu tar GNU Tar ( successful tar and zip without any errors ) /opt/freeware/bin/tar cvf - /oraapp| gzip > /backup/bkp_15_6_16_oraapp.tgz GNU unTar error root@test8:/>gunzip < /config1/bkp_15_6_16_oraapp.tgz |... (5 Replies)
Discussion started by: filosophizer
5 Replies

2. Emergency UNIX and Linux Support

extraction of directory and below using gnu tar

i need to restore everything in a certain directory and lower. I have a tgz archive of all of the files, and i need to restore everything in /user/home/xxxx/ and below. this is a users home directory. this is a dumb question and i know when i see the answer i am going to say DUH, but i am... (2 Replies)
Discussion started by: frankkahle
2 Replies

3. UNIX for Advanced & Expert Users

GNU tar automatic gz detection/decompression

I stumbled on this feature on a SLES10 system yesterday... if you tar tf filename.tar.gz or tar xf filename.tar.gz it automatically gunzips the data for you. Has this feature been around for a while? I have 1.12 on my system, which doesn't, but the 1.20 manual mentions it... (3 Replies)
Discussion started by: Annihilannic
3 Replies

4. UNIX for Dummies Questions & Answers

Problems with GNU tar installation

Hi all, Need some help here. I've been trying to install GNU tar version 1.12 into my Solaris 9 machine. steps that I have done was: -untar the package file -run "./configure" -run "make" command (got stuck at this point) Got the following error messages after hitting the make... (2 Replies)
Discussion started by: suffer0
2 Replies

5. Solaris

GNU tar on SUN 9

I downloaded GNUtar from sunfreeware.con and installed it on a sparc running sun 9. Performed pkgadd -d on the required lib and tar file and everything seemed to be ok. I tried to extract a file from a tar created using the sun version with no success. Tar ran for several hours working on the... (6 Replies)
Discussion started by: thumper
6 Replies

6. UNIX for Dummies Questions & Answers

gnu tar on Solaris 8

Here is how I got where I am: I tried untarring tomcat and at the end of the untar I get the following: So I downloaded GNU tar and did a pkgadd -d, which installed the package. But when I run /usr/local/bin/tar, I get this message: (1 Reply)
Discussion started by: dangral
1 Replies
Login or Register to Ask a Question

LEARN ABOUT HPUX

ftpconversions

ftpconversions(4)					     Kernel Interfaces Manual						 ftpconversions(4)

NAME

       ftpconversions - ftpd conversions database

SYNOPSIS

DESCRIPTION

       The  conversions  known	by and their attributes are stored in an ASCII file that is structured as below.  Each line in the file provides a
       description for a single conversion.  Fields are separated by colons (:).

       Field   Description
       1       strip prefix
       2       strip postfix
       3       addon prefix
       4       addon postfix
       5       external command
       6       types
       7       options
       8       description

       strip postfix and addon postfix can be the file extensions or or or The file extensions the ftp server supports and the action that the ftp
       server performs is summarized in the table below. This feature is supported only when using the command.
		     |			  |
       True Filename | Specified Filename | Action
       --------------+--------------------+---------------------------------------
       filename.Z    | filename 	  | Decompress file before transmitting
       filename      | filename.Z	  | Compress filename before transmitting
       filename      | filename.tar	  | Tar filename before transmitting
       filename      | filename.tar.Z	  | Tar and compress filename
		     |			  | before transmitting

       external  command field is used to specify the path of the program/script to be used to perform the action specified for the different file
       extensions as described in the above table.

       types field indicates the flags that must be checked before compressing, decompressing, tarring and untarring the  file	requested  by  the
       command.

       options field specifies the options for the program/script specified in the external command field.

       description is a short description of each conversion.

       NOTE:  The  HP-UX command does not support any option to do or If the user wants to perform any such action, he/she must then write his/her
       own program/script to do it and specify the pathname of the program/script in the external command field in the file. Also a  copy  of  the
       programs/scripts  used  to  perform  the conversions and the respective libraries used by the programs/scripts must be copied into the home
       directory of each of the and user accounts for the and users to be able to perform on-the-fly conversions.

WARNINGS

       The conversions mechanism does not currently support the strip prefix and addon prefix fields.

FILES

AUTHOR

       was developed by the Washington University, St. Louis, Missouri.

SEE ALSO

       ftpd(1M), ftpaccess(4).

																 ftpconversions(4)