February 22nd, 2006, 19:54 PM
Old and Cranky
Tar on Red Hat Enterprise Linux Lets Remote Users Write Files
Description: A vulnerability was reported in Tar on Red Hat Enterprise Linux. A remote user can cause files to be written to the target user's system.
The Red Hat backported security patch for an older vulnerability (CVE-2002-0399) did not properly correct the original vulnerability.
The original vulnerability was a path traversal flaw in the extraction of GNU tar archives. A remote user can create a specially crafted archive that, when extracted by the target user, will write arbitrary files with the privileges of the target user.
Impact: A remote user may be able to cause files to be written to the target user's system with the privileges of the target user.
Solution: Red Hat has issued the following fixes:
*Visit the link for updates, patches, and filenames.*