FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gtar -- GNUTYPE_NAMES directory traversal vulnerability

Affected packages
gtar < 1.16_2


VuXML ID 3dd7eb58-80ae-11db-b4ec-000854d03344
Discovery 2006-11-21
Entry 2006-11-30

Teemu Salmela reports:

There is a tar record type, called GNUTYPE_NAMES (an obsolete GNU extension), that allows the creation of symbolic links pointing to arbitrary locations in the filesystem, which makes it possible to create/overwrite arbitrary files.


Bugtraq ID 21235
CVE Name CVE-2006-6097