CVE-2006-6097

Currently unrated

Key Information:

Vendor: Gnu
Status: Tar
Vendor: CVE Published:; 24 November 2006

Summary

GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216.

References

http://secunia.com/advisories/23117

third-party-advisoryx_refsource_SECUNIA

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

https://issues.rpath.com/browse/RPL-821

x_refsource_CONFIRM

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 24, 2006
Vulnerability Reserved
Nov 24, 2006