Heap-based Buffer Overflow in GNU Tar and GNU Cpio
CVE-2010-0624

Currently unrated

Key Information:

Vendor: Gnu
Status: Tar; Cpio
Vendor: CVE Published:; 15 March 2010

Summary

The vulnerability exists in the rmt_read__ function of lib/rtapelib.c within the rmt client functionality of GNU Tar and GNU Cpio. By exploiting this flaw, remote rmt servers can send excessive data beyond what was requested, potentially leading to denial of service due to memory corruption or the possibility of executing arbitrary code. Notably, this issue is associated with archive filenames that include a colon (:) character, which can trigger the overflow.

References

http://www.redhat.com/support/errata/RHSA-2010-0142.html

vendor-advisoryx_refsource_REDHAT

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

Timeline

Vulnerability published
Mar 15, 2010
Vulnerability Reserved
Feb 11, 2010