|Summary:||app-arch/tar: buffer overflow (CVE-2006-0300)|
|Product:||Gentoo Security||Reporter:||Tavis Ormandy (RETIRED) <taviso>|
|Component:||Vulnerabilities||Assignee:||Gentoo Security <security>|
|Package list:||Runtime testing required:||---|
Description Tavis Ormandy (RETIRED) 2006-02-16 07:01:08 UTC
This issue is not public.
Comment 1 Tavis Ormandy (RETIRED) 2006-02-16 07:01:30 UTC
Created attachment 79933 [details, diff] patch from RedHat
Comment 2 Tavis Ormandy (RETIRED) 2006-02-16 07:02:09 UTC
Created attachment 79934 [details] demonstration script to reproduce issue
Comment 3 Tavis Ormandy (RETIRED) 2006-02-16 07:02:47 UTC
Created attachment 79935 [details] malformed tar archive
Comment 4 Tavis Ormandy (RETIRED) 2006-02-16 07:05:00 UTC
Upstream has been informed and has requested non-disclosure until a new version can be prepared for release.
Comment 5 Thierry Carrez (RETIRED) 2006-02-16 12:40:09 UTC
Comment 6 Tavis Ormandy (RETIRED) 2006-02-22 00:34:58 UTC
This issue is public
Comment 7 Tavis Ormandy (RETIRED) 2006-02-22 00:47:53 UTC
base-system: no new release from upstream yet, this issue is pretty serious, could you patch our package?
Comment 8 SpanKY 2006-02-22 16:20:07 UTC
i heard from a little birdie that the RedHat patch was not correct ...
Comment 9 Thierry Carrez (RETIRED) 2006-02-26 03:39:08 UTC
Could you elaborate ? That's not what *my* little birdie told me. And this just can't wait :)
Comment 10 Thierry Carrez (RETIRED) 2006-03-06 09:44:28 UTC
vapier/base-system: please apply patch or tell us why you can't
Comment 11 Tavis Ormandy (RETIRED) 2006-03-07 10:03:08 UTC
This bug is fairly critical, do you have any update vapier/base-system guys? We really need to get a fix out asap, we're already late on this one.
Comment 12 solar (RETIRED) 2006-03-07 11:56:17 UTC
Added tar-1.15.1-r1 to the tree for CVE-2006-0300 tar-1.15.1: alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc x86 tar-1.15.1-r1: ~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 tar aborts correctly when using the demonstration script. I also tested a few tar.gz files and a few tar.bz2 files. tar is a vital program to a functioning gentoo system so arch maintainers are encouraged to test carefully.
Comment 13 Thierry Carrez (RETIRED) 2006-03-07 12:43:15 UTC
Arches please test and mark stable
Comment 14 Jeroen Roovers (RETIRED) 2006-03-07 13:12:16 UTC
Verified, revision tested and marked stable for hppa.
Comment 15 Gustavo Zacarias (RETIRED) 2006-03-07 13:43:47 UTC
Comment 16 Tim Yamin (RETIRED) 2006-03-07 16:17:08 UTC
Comment 17 AJ Armstrong 2006-03-07 19:48:07 UTC
Tested app-arch/tar-1.15.1-r1 for amd64. Builds and runs. Apparently properly errors on demo script with: "/bin/tar: memory exhausted /bin/tar: Error is not recoverable: exiting now" Able to properly untar from tar.bz2 a large archive (kernel sources), retar with gzip, untar, retar without compression and untar, with no apparent errors (kernel builds). Happy to do additional regression tests (this is, after all, a pretty critical app) if someone can suggest them, otherwise I'd recommend stable on amd64.
Comment 18 Mike Doty (RETIRED) 2006-03-07 19:57:08 UTC
Comment 19 Mark Loeser (RETIRED) 2006-03-07 20:38:13 UTC
Comment 20 Markus Rothe (RETIRED) 2006-03-07 23:33:58 UTC
stable on ppc64
Comment 21 Matti Bickel (RETIRED) 2006-03-08 05:01:15 UTC
Builds and runs on ppc. Regression-test as in #17: passed Also run the demoscript, output while untaring the malformed archive: pluto ~ # /bin/tar tf z.tar /bin/tar: Extended header GNU.sparse.numblocks=4294967296 is out of range /bin/tar: Malformed extended header: excess GNU.sparse.offset=1048576 big /bin/tar: Error exit delayed from previous errors Recommend stable marks on ppc.
Comment 22 Jose Luis Rivero (yoswink) (RETIRED) 2006-03-08 17:40:46 UTC
Comment 23 Thierry Carrez (RETIRED) 2006-03-09 09:41:04 UTC
ppc please mark stable, following comment #21
Comment 24 Tobias Scherbaum (RETIRED) 2006-03-09 11:57:22 UTC
Comment 25 Thierry Carrez (RETIRED) 2006-03-10 13:00:28 UTC
Comment 26 Joshua Kinard 2006-04-23 09:51:26 UTC
Stable on mips.