GNU Tar vulnerability
Sergey Matveychuk
sem at FreeBSD.org
Tue Nov 28 11:56:20 PST 2006
Josh Paetzel wrote:
> On Tuesday 28 November 2006 11:17, Sergey Matveychuk wrote:
>> Please, note: http://secunia.com/advisories/23115/
>>
>> A port maintainer CC'ed.
>
> This is one of those things where the impact is hard to determine
> because the link doesn't really give much info. Ok, you can
> overwrite arbitrary files.....ANY file? Or just files that the user
> running gtar has write access to? If it's the first case then that's
> huge. If it's the second case then who really cares.
>
I'm sure it's the second case.
I think it should care root mostly. But any users dislike too if there
is a chance to lost their .login, .bashrc etc.
An exploit is available on SecurityFocus.
--
Dixi.
Sem.
More information about the freebsd-security
mailing list