CVE - CVE-2006-6097

CVE-ID
CVE-2006-6097	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20061201 rPSA-2006-0222-1 tar URL:http://www.securityfocus.com/archive/1/453286/100/0/threaded BUGTRAQ:20070330 VMSA-2007-0002 VMware ESX security updates URL:http://www.securityfocus.com/archive/1/464268/100/0/threaded FULLDISC:20061121 GNU tar directory traversal URL:http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050812.html MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=216937 CONFIRM:https://issues.rpath.com/browse/RPL-821 CONFIRM:http://kb.vmware.com/KanisaPlatform/Publishing/817/2240267_f.SAL_Public.html CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2007-015.htm CONFIRM:http://docs.info.apple.com/article.html?artnum=305214 CONFIRM:http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html APPLE:APPLE-SA-2007-03-13 URL:http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html DEBIAN:DSA-1223 URL:http://www.debian.org/security/2006/dsa-1223 FREEBSD:FreeBSD-SA-06:26 URL:http://security.freebsd.org/advisories/FreeBSD-SA-06:26.gtar.asc GENTOO:GLSA-200612-10 URL:http://security.gentoo.org/glsa/glsa-200612-10.xml MANDRIVA:MDKSA-2006:219 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:219 OPENPKG:OpenPKG-SA-2006.038 URL:http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.038.html REDHAT:RHSA-2006:0749 URL:http://rhn.redhat.com/errata/RHSA-2006-0749.html SGI:20061202-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc SLACKWARE:SSA:2006-335-01 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.469379 TRUSTIX:2006-0068 URL:http://www.trustix.org/errata/2006/0068/ UBUNTU:USN-385-1 URL:http://www.ubuntu.com/usn/usn-385-1 CERT:TA07-072A URL:http://www.us-cert.gov/cas/techalerts/TA07-072A.html BID:21235 URL:http://www.securityfocus.com/bid/21235 OVAL:oval:org.mitre.oval:def:10963 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10963 VUPEN:ADV-2006-4717 URL:http://www.vupen.com/english/advisories/2006/4717 VUPEN:ADV-2006-5102 URL:http://www.vupen.com/english/advisories/2006/5102 VUPEN:ADV-2007-0930 URL:http://www.vupen.com/english/advisories/2007/0930 VUPEN:ADV-2007-1171 URL:http://www.vupen.com/english/advisories/2007/1171 SECTRACK:1017423 URL:http://securitytracker.com/id?1017423 SECUNIA:23115 URL:http://secunia.com/advisories/23115 SECUNIA:23142 URL:http://secunia.com/advisories/23142 SECUNIA:23117 URL:http://secunia.com/advisories/23117 SECUNIA:23173 URL:http://secunia.com/advisories/23173 SECUNIA:23163 URL:http://secunia.com/advisories/23163 SECUNIA:23209 URL:http://secunia.com/advisories/23209 SECUNIA:23146 URL:http://secunia.com/advisories/23146 SECUNIA:23198 URL:http://secunia.com/advisories/23198 SECUNIA:23314 URL:http://secunia.com/advisories/23314 SECUNIA:23443 URL:http://secunia.com/advisories/23443 SECUNIA:23514 URL:http://secunia.com/advisories/23514 SECUNIA:23911 URL:http://secunia.com/advisories/23911 SECUNIA:24479 URL:http://secunia.com/advisories/24479 SECUNIA:24636 URL:http://secunia.com/advisories/24636 SREASON:1918 URL:http://securityreason.com/securityalert/1918
Assigning CNA
N/A
Date Entry Created
20061124	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20061124)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Use of the Common Vulnerabilities and Exposures (CVE®) List and the associated references from this website are subject to the terms of use. CVE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 1999–2018, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. For more information, please contact us.