Vulnerability in GNU "tar"

Aug 24, 2007

Linux distributor Red Hat has discovered a vulnerability in the GNU "tar" program that could allow attackers to overwrite files.

Red Hat describes the vulnerability as a directory traversal error, stating that attackers could use manipulated archvies to exploit the bug. "../" directory entries give the attacker the ability to overwrite files for which the executing user has write permissions. The security hole is due to faulty "contains_dot_dot()" function in the "names.c" file. Both Red Hat and the Secunia security service have classified the vulnerability as moderate.

The error affects GNU tar version 1.18 and older. An update and a patch by Red Hat are already available. Other distributions can be expected to follow suit. Users are advised to update their systems.

Related content

comments powered by Disqus

Issue 171/2015

Buy this issue as a PDF

Digital Issue: Price $9.99
(incl. VAT)

News

Tag Cloud

Administration Community Events Hardware Linux Linux New Media Linux Pro Magazine Mobile Programming Software Ubuntu Web Development Windows free software open source
njobs Europe
What:
Where:
Country:
Njobs Netherlands Njobs Deutschland Njobs United Kingdom Njobs Italia Njobs France Njobs Espana Njobs Poland
Njobs Austria Njobs Denmark Njobs Belgium Njobs Czech Republic Njobs Mexico Njobs India Njobs Colombia