USN-709-1: tar vulnerability

01-15-2009

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

USN-709-1: tar vulnerability

Referenced CVEs:
CVE-2007-4476

Description:
=========================================================== Ubuntu Security Notice USN-709-1 January 15, 2009 tar vulnerability CVE-2007-4476 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: tar 1.15.1-2ubuntu2.3 Ubuntu 7.10: tar 1.18-2ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Dmitry V. Levin discovered a buffer overflow in tar. If a user or automatated system were tricked into opening a specially crafted tar file, an attacker could crash tar or possibly execute arbitrary code with the privileges of the user invoking the program.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

tar.h(3HEAD) Headers tar.h(3HEAD) NAME
tar.h, tar - extended tar definitions SYNOPSIS
#include <tar.h> DESCRIPTION
The <tar.h> header defines header block definitions as follows. Name Description Value TMAGIC "ustar" ustar plus null byte TMAGLEN 6 length of the above TVERSION "00" 00 without a null byte TVERSLEN 2 length of the above Typeflag field definitions: Name Description Value REGTYPE '0' regular file AREGTYPE '' regular file LNKTYPE '1' link SYMTYPE '2' symbolic link CHRTYPE '3' character special BLKTYPE '4' block special DIRTYPE '5' directory FIFOTYPE '6' FIFO special CONTTYPE '7' reserved Mode field bit definitions (octal): Name Description Value TSUID 04000 set UID on execution TSGID 02000 set GID on execution TSVTX 01000 on directories, restricted deletion flag TUREAD 00400 read by owner TUWRITE 00200 write by owner special TUEXEC 00100 execute/search by owner TGREAD 00040 read by group TGWRITE 00020 write by group TGEXEC 00010 execute/search by group TOREAD 00004 read by other TOWRITE 00002 write by other TOEXEC 00001 execute/search by other ATTRIBUTES
See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Interface Stability |Standard | +-----------------------------+-----------------------------+ SEE ALSO
pax(1), attributes(5), standards(5) SunOS 5.10 10 Sep 2004 tar.h(3HEAD)

Security Advisories (RSS)

USN-709-1: tar vulnerability

LEARN ABOUT SUNOS

tar