[tar] [CVE-2007-4476] Buffer overflow
Bug #180299 reported by
disabled.user
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Fedora |
Fix Released
|
Low
|
|||
tar (Debian) |
Fix Released
|
Unknown
|
|||
tar (Gentoo Linux) |
Fix Released
|
High
|
|||
tar (Ubuntu) |
Fix Released
|
Low
|
Unassigned | ||
Dapper |
Fix Released
|
Undecided
|
Jamie Strandboge | ||
Gutsy |
Fix Released
|
Undecided
|
Jamie Strandboge |
Bug Description
Binary package hint: tar
References:
DSA-1438-1 (http://
Bug #161173
Quoting:
'Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."'
I'm reporting this issue for tar, since I didn't found any correspoding USN.
CVE References
Changed in tar: | |
status: | Unknown → Fix Released |
Changed in tar: | |
status: | Unknown → Fix Released |
Changed in tar (Gentoo Linux): | |
importance: | Unknown → High |
Changed in fedora: | |
importance: | Unknown → Low |
status: | Confirmed → Fix Released |
To post a comment you must log in.
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-4476
to the following vulnerability:
Bug in the safer_name_suffix function in GNU tar may lead to a "crashing
stack". It can be used to crash tar while extracting archive containing file
with long name containing unsafe prefix.
Affected function is also part of cpio source code.
References:
http:// www.novell. com/linux/ security/ advisories/ 2007_18_ sr.html lists.gnu. org/archive/ html/bug- cpio/2007- 08/msg00002. html
http://