Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 313333 (CVE-2010-0624)

Summary: <app-arch/tar-1.23: arbitrary code execution (CVE-2010-0624)
Product: Gentoo Security Reporter: Stefan Behte (RETIRED) <craig>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: base-system, jaak
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugzilla.redhat.com/show_bug.cgi?id=564368
Whiteboard: A2 [glsa]
Package list:
Runtime testing required: ---

Description Stefan Behte (RETIRED) gentoo-dev Security 2010-04-06 03:29:41 UTC 
CVE-2010-0624 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0624):
  Heap-based buffer overflow in the rmt_read__ function in
  lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23
  and GNU cpio before 2.11 allows remote rmt servers to cause a denial
  of service (memory corruption) or possibly execute arbitrary code by
  sending more data than was requested, related to archive filenames
  that contain a : (colon) character.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2010-04-06 03:30:31 UTC 
The original advisory has a nice explanation:
http://www.agrs.tu-berlin.de/index.php?id=78327
Comment 2 Stefan Behte (RETIRED) gentoo-dev Security 2010-04-11 14:02:50 UTC 
CVE-2010-0624 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0624):
  Heap-based buffer overflow in the rmt_read__ function in
  lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23
  and GNU cpio before 2.11 allows remote rmt servers to cause a denial
  of service (memory corruption) or possibly execute arbitrary code by
  sending more data than was requested, related to archive filenames
  that contain a : (colon) character.
Comment 3 Jeremy Olexa (darkside) (RETIRED) archtester gentoo-dev Security 2010-07-02 23:41:39 UTC 
FYI: bug 309001 shouldn't be a blocker because vapier added a workaround in 1.23-r2
Comment 4 Tobias Heinlein (RETIRED) gentoo-dev 2010-07-03 06:18:17 UTC 
Okay, thanks, we'll move forward then.

Arches, please test and mark stable:
=app-arch/tar-1.23-r2
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
Comment 5 Christian Faulhammer (RETIRED) gentoo-dev 2010-07-03 07:51:38 UTC 
x86 stable
Comment 6 Jeremy Olexa (darkside) (RETIRED) archtester gentoo-dev Security 2010-07-03 12:24:28 UTC 
*** Bug 304191 has been marked as a duplicate of this bug. ***
Comment 7 Samuli Suominen (RETIRED) gentoo-dev 2010-07-05 21:08:24 UTC 
ppc64 stable
Comment 8 Jeroen Roovers (RETIRED) gentoo-dev 2010-07-05 21:58:00 UTC 
Stable for HPPA.
Comment 9 Raúl Porcel (RETIRED) gentoo-dev 2010-07-10 11:18:37 UTC 
alpha/arm/ia64/m68k/s390/sh/sparc stable
Comment 10 Richard Freeman gentoo-dev 2010-07-11 21:10:03 UTC 
amd64 stable
Comment 11 Joe Jezak (RETIRED) gentoo-dev 2010-07-18 20:26:25 UTC 
Marked ppc stable.
Comment 12 Tim Sammut (RETIRED) gentoo-dev 2011-01-02 03:40:21 UTC 
Thanks, folks. GLSA request filed.
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2011-11-20 18:17:17 UTC 
This issue was resolved and addressed in
 GLSA 201111-11 at http://security.gentoo.org/glsa/glsa-201111-11.xml
by GLSA coordinator Alex Legler (a3li).