tar
Page content
- Author: voroskoi
- Vulnerable: 1.15.1-4
- Unaffected: 1.15.1-5siwenna1
Teemu Salmela has reported a security issue in GNU tar, which can be exploited by malicious people to overwrite arbitrary files. The security issue is caused due to the “extract_archive()” function in extract.c and the “extract_mangle()” function in mangle.c still processing the deprecated “GNUTYPE_NAMES” record type containing symbolic links. This can be exploited to overwrite arbitrary files by e.g. tricking a user into unpacking a specially crafted tar file.
- Bug Tracker URL: http://bugs.frugalware.org/task/1496