Symbolic Link Vulnerability in GNU Tar by Free Software Foundation
CVE-2006-6097

Currently unrated

Key Information:

Vendor

Gnu
Status
Tar
Vendor
CVE Published:
24 November 2006

What is CVE-2006-6097?

GNU Tar versions 1.16, 1.15.1, and potentially others, are susceptible to a file overwrite vulnerability that can be exploited by user-assisted attackers. This occurs through a crafted tar file, which incorporates a GNUTYPE_NAMES record featuring a symbolic link. The flawed handling in the extract_archive function within extract.c and the extract_mangle function in mangle.c allows attackers to overwrite arbitrary files, posing a serious risk to affected systems.

References

http://secunia.com/advisories/23117
third-party-advisoryx_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/...
vdb-entrysignaturex_refsource_OVAL
https://issues.rpath.com/browse/RPL-821
x_refsource_CONFIRM

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.