156578 – app-arch/tar "GNUTYPES_NAMES" Record Type Security Issue

Bug 156578 - app-arch/tar "GNUTYPES_NAMES" Record Type Security Issue

Summary: app-arch/tar "GNUTYPES_NAMES" Record Type Security Issue

Status:	RESOLVED DUPLICATE of bug 155901

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All All

Importance:	High normal (vote)
Assignee:	Gentoo Linux bug wranglers

URL:	http://secunia.com/advisories/23115/
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2006-11-29 00:25 UTC by Pavel Shirov
Modified:	2006-11-29 00:38 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Pavel Shirov 2006-11-29 00:25:04 UTC

Teemu Salmela has reported a security issue in GNU tar, which can be exploited by malicious people to overwrite arbitrary files.

The security issue is caused due to the "extract_archive()" function in extract.c and the "extract_mangle()" function in mangle.c still processing the deprecated "GNUTYPE_NAMES" record type containing symbolic links. This can be exploited to overwrite arbitrary files by e.g. tricking a user into unpacking a specially crafted tar file.

The security issue is reported in version 1.15.1 and 1.16. Other versions may also be affected.

One solution is for GNUTYPE_NAMES processing to be disabled by default.

Original Advisory:
http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0344.html

https://savannah.gnu.org/bugs/index.php?18355

Comment 1 Jakub Moc (RETIRED) gentoo-dev

2006-11-29 00:38:32 UTC


*** This bug has been marked as a duplicate of 155901 ***