Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 313333 (CVE-2010-0624) - <app-arch/tar-1.23: arbitrary code execution (CVE-2010-0624)
Summary: <app-arch/tar-1.23: arbitrary code execution (CVE-2010-0624)
Status: RESOLVED FIXED
Alias: CVE-2010-0624
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: A2 [glsa]
Keywords:
: 304191 (view as bug list)
Depends on:
Blocks:
 
Reported: 2010-04-06 03:29 UTC by Stefan Behte (RETIRED)
Modified: 2011-11-20 18:17 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2010-04-06 03:29:41 UTC
CVE-2010-0624 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0624):
  Heap-based buffer overflow in the rmt_read__ function in
  lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23
  and GNU cpio before 2.11 allows remote rmt servers to cause a denial
  of service (memory corruption) or possibly execute arbitrary code by
  sending more data than was requested, related to archive filenames
  that contain a : (colon) character.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2010-04-06 03:30:31 UTC
The original advisory has a nice explanation:
http://www.agrs.tu-berlin.de/index.php?id=78327
Comment 2 Stefan Behte (RETIRED) gentoo-dev Security 2010-04-11 14:02:50 UTC
CVE-2010-0624 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0624):
  Heap-based buffer overflow in the rmt_read__ function in
  lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23
  and GNU cpio before 2.11 allows remote rmt servers to cause a denial
  of service (memory corruption) or possibly execute arbitrary code by
  sending more data than was requested, related to archive filenames
  that contain a : (colon) character.

Comment 3 Jeremy Olexa (darkside) (RETIRED) archtester gentoo-dev Security 2010-07-02 23:41:39 UTC
FYI: bug 309001 shouldn't be a blocker because vapier added a workaround in 1.23-r2
Comment 4 Tobias Heinlein (RETIRED) gentoo-dev 2010-07-03 06:18:17 UTC
Okay, thanks, we'll move forward then.

Arches, please test and mark stable:
=app-arch/tar-1.23-r2
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
Comment 5 Christian Faulhammer (RETIRED) gentoo-dev 2010-07-03 07:51:38 UTC
x86 stable
Comment 6 Jeremy Olexa (darkside) (RETIRED) archtester gentoo-dev Security 2010-07-03 12:24:28 UTC
*** Bug 304191 has been marked as a duplicate of this bug. ***
Comment 7 Samuli Suominen (RETIRED) gentoo-dev 2010-07-05 21:08:24 UTC
ppc64 stable
Comment 8 Jeroen Roovers (RETIRED) gentoo-dev 2010-07-05 21:58:00 UTC
Stable for HPPA.
Comment 9 Raúl Porcel (RETIRED) gentoo-dev 2010-07-10 11:18:37 UTC
alpha/arm/ia64/m68k/s390/sh/sparc stable
Comment 10 Richard Freeman gentoo-dev 2010-07-11 21:10:03 UTC
amd64 stable
Comment 11 Joe Jezak (RETIRED) gentoo-dev 2010-07-18 20:26:25 UTC
Marked ppc stable.
Comment 12 Tim Sammut (RETIRED) gentoo-dev 2011-01-02 03:40:21 UTC
Thanks, folks. GLSA request filed.
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2011-11-20 18:17:17 UTC
This issue was resolved and addressed in
 GLSA 201111-11 at http://security.gentoo.org/glsa/glsa-201111-11.xml
by GLSA coordinator Alex Legler (a3li).