OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: GNU Tar vulnerability

From: Sergey Matveychuk (semFreeBSD.org)
Date: Tue Nov 28 2006 - 13:50:48 CST


Josh Paetzel wrote:
> On Tuesday 28 November 2006 11:17, Sergey Matveychuk wrote:
>> Please, note: http://secunia.com/advisories/23115/
>>
>> A port maintainer CC'ed.
>
> This is one of those things where the impact is hard to determine
> because the link doesn't really give much info. Ok, you can
> overwrite arbitrary files.....ANY file? Or just files that the user
> running gtar has write access to? If it's the first case then that's
> huge. If it's the second case then who really cares.
>

I'm sure it's the second case.
I think it should care root mostly. But any users dislike too if there
is a chance to lost their .login, .bashrc etc.

An exploit is available on SecurityFocus.

--
Dixi.
Sem.
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"