Symbolic Link Vulnerability in GNU Tar by Free Software Foundation
CVE-2006-6097

Currently unrated

Key Information:

Vendor: Gnu
Status: Tar
Vendor: CVE Published:; 24 November 2006

Summary

GNU Tar versions 1.16, 1.15.1, and potentially others, are susceptible to a file overwrite vulnerability that can be exploited by user-assisted attackers. This occurs through a crafted tar file, which incorporates a GNUTYPE_NAMES record featuring a symbolic link. The flawed handling in the extract_archive function within extract.c and the extract_mangle function in mangle.c allows attackers to overwrite arbitrary files, posing a serious risk to affected systems.

References

http://secunia.com/advisories/23117

third-party-advisoryx_refsource_SECUNIA

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

https://issues.rpath.com/browse/RPL-821

x_refsource_CONFIRM

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 24, 2006
Vulnerability Reserved
Nov 24, 2006