Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-709-1: tar vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-709-1: tar vulnerability
# 1  
Old 01-15-2009
USN-709-1: tar vulnerability
Referenced CVEs:
CVE-2007-4476


Description:
=========================================================== Ubuntu Security Notice USN-709-1 January 15, 2009 tar vulnerability CVE-2007-4476 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: tar 1.15.1-2ubuntu2.3 Ubuntu 7.10: tar 1.18-2ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Dmitry V. Levin discovered a buffer overflow in tar. If a user or automatated system were tricked into opening a specially crafted tar file, an attacker could crash tar or possibly execute arbitrary code with the privileges of the user invoking the program.





More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT SUSE

bf_tar

BF_TAR(1)																 BF_TAR(1)

NAME

       bf_tar - shell script to write a tar file of a bogofilter directory to stdout

SYNOPSIS

       bf_tar [-r] [-R] bogofilter_directory

DESCRIPTION

       bf_tar bundles a bogofilter working directory in tar format and copies it to standard output (your console, or where you redirect it, see
       EXAMPLES below).

OPTIONS

       The -r option causes bf_tar to remove inactive log files after the archive has been written successfully. The default is to leave log
       files.

       The -R option causes bf_tar to remove inactive log files before the archive is written. This may reduce chances that the resulting archive
       is recoverable should it become damaged. The archive may be smaller though. The default is to leave log files.

EXIT STATUS

       The script exits with status code 0 if everything went well, and nonzero if it encountered trouble.

EXAMPLES

       o  bf_tar ~/.bogofilter > outfile.tar

	  Writes a standard .tar file containing the essential files from ~/.bogofilter to outfile.tar.

       o  bf_tar ~/.bogofilter | gzip -9 -c > outfile.tar.gz

	  Writes a gzipped .tar.gz file containing the essential files from ~/.bogofilter to outfile.tar.gz.

       o  bf_tar `pwd`/mydirectory > outfile.tar

	  Prepend $(pwd)/ or `pwd`/ if you want to specify an absolute path instead of a relative path.

NOTES

       This script is meant for use with Berkeley DB based bogofilter versions.

       This script requires a SUSv2 compliant pax utility.

       This script expects a SUSv2 compliant shell. Solaris systems should have the SUNWxcu4 package installed (when bogofilter is configured) so
       that /usr/xpg4/bin/sh can be used.

								    07/23/2007								 BF_TAR(1)