GNU Tar GNUTYPE_NAMES Remote Directory Traversal Vulnerability
BID:21235
Info
GNU Tar GNUTYPE_NAMES Remote Directory Traversal Vulnerability
| Bugtraq ID: | 21235 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-6097 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 21 2006 12:00AM |
| Updated: | Mar 30 2007 03:53PM |
| Credit: | Teemu Salmela is credited with the discovery of this vulnerability. |
| Vulnerable: |
VMWare ESX Server 3.0.1 VMWare ESX Server 3.0 VMWare ESX Server 2.5.4 Patch 3 VMWare ESX Server 2.5.4 Patch 1 VMWare ESX Server 2.5.4 VMWare ESX Server 2.5.3 Patch 7 VMWare ESX Server 2.5.3 Patch 6 VMWare ESX Server 2.5.3 Patch 5 VMWare ESX Server 2.5.3 Patch 4 VMWare ESX Server 2.5.3 VMWare ESX Server 2.1.3 Patch 4 VMWare ESX Server 2.1.3 Patch 2 VMWare ESX Server 2.1.3 VMWare ESX Server 2.0.2 Patch 4 VMWare ESX Server 2.0.2 Patch 2 VMWare ESX Server 2.0.2 VMWare ESX Server 2.5.3 Patch 2 VMWare ESX Server 2.1.3 Patch 1 VMWare ESX Server 2.0.2 Patch 1 Ubuntu Ubuntu Linux 5.10 sparc Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Turbolinux Turbolinux FUJI Trustix Secure Linux 3.0 Trustix Secure Linux 2.2 Trustix Operating System Enterprise Server 2.0 Slackware Linux 10.2 Slackware Linux 10.1 Slackware Linux 10.0 Slackware Linux 9.1 Slackware Linux 9.0 Slackware Linux 8.1 Slackware Linux 11.0 SGI Advanced Linux Environment 3.0 rPath rPath Linux 1 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux WS 3 Redhat Enterprise Linux WS 2.1 IA64 Redhat Enterprise Linux WS 2.1 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux ES 2.1 IA64 Redhat Enterprise Linux ES 2.1 Redhat Enterprise Linux AS 4 Redhat Enterprise Linux AS 3 Redhat Enterprise Linux AS 2.1 IA64 Redhat Enterprise Linux AS 2.1 Redhat Desktop 4.0 Redhat Desktop 3.0 Redhat Advanced Workstation for the Itanium Processor 2.1 IA64 Redhat Advanced Workstation for the Itanium Processor 2.1 OpenPKG OpenPKG E1.0-Solid Mandriva Linux Mandrake 2006.0 x86_64 Mandriva Linux Mandrake 2006.0 Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 IPCop IPCop 1.4.12 IPCop IPCop 1.4.11 IPCop IPCop 1.4.10 GNU tar 1.15.91 GNU tar 1.16 GNU tar 1.15 Gentoo Linux FreeBSD FreeBSD 5.5 -STABLE FreeBSD FreeBSD 5.5 -RELEASE FreeBSD FreeBSD 5.4 -RELENG FreeBSD FreeBSD 5.4 -RELEASE FreeBSD FreeBSD 5.4 -PRERELEASE FreeBSD FreeBSD 5.3 -STABLE FreeBSD FreeBSD 5.3 -RELENG FreeBSD FreeBSD 5.3 -RELEASE FreeBSD FreeBSD 5.3 FreeBSD FreeBSD 5.2.1 -RELEASE FreeBSD FreeBSD 5.2 -RELENG FreeBSD FreeBSD 5.2 -RELEASE FreeBSD FreeBSD 5.2 FreeBSD FreeBSD 5.1 -RELENG FreeBSD FreeBSD 5.1 -RELEASE/Alpha FreeBSD FreeBSD 5.1 -RELEASE-p5 FreeBSD FreeBSD 5.1 -RELEASE FreeBSD FreeBSD 5.1 FreeBSD FreeBSD 5.0 -RELENG FreeBSD FreeBSD 5.0 -RELEASE-p14 FreeBSD FreeBSD 5.0 alpha FreeBSD FreeBSD 5.0 FreeBSD FreeBSD 4.11 -STABLE FreeBSD FreeBSD 4.11 -RELENG FreeBSD FreeBSD 4.11 -RELEASE-p3 FreeBSD FreeBSD 4.11 -RELEASE-p20 FreeBSD FreeBSD 4.11 -RELEASE FreeBSD FreeBSD 4.10 -RELENG FreeBSD FreeBSD 4.10 -RELEASE-p8 FreeBSD FreeBSD 4.10 -RELEASE FreeBSD FreeBSD 4.10 FreeBSD FreeBSD 4.9 -RELENG FreeBSD FreeBSD 4.9 -PRERELEASE FreeBSD FreeBSD 4.9 FreeBSD FreeBSD 4.8 -RELENG FreeBSD FreeBSD 4.8 -RELEASE-p7 FreeBSD FreeBSD 4.8 -PRERELEASE FreeBSD FreeBSD 4.8 FreeBSD FreeBSD 4.7 -STABLE FreeBSD FreeBSD 4.7 -RELENG FreeBSD FreeBSD 4.7 -RELEASE-p17 FreeBSD FreeBSD 4.7 -RELEASE FreeBSD FreeBSD 4.7 FreeBSD FreeBSD 4.6.2 FreeBSD FreeBSD 4.6 -STABLE FreeBSD FreeBSD 4.6 -RELENG FreeBSD FreeBSD 4.6 -RELEASE-p20 FreeBSD FreeBSD 4.6 -RELEASE FreeBSD FreeBSD 4.6 FreeBSD FreeBSD 4.5 -STABLEpre2002-03-07 FreeBSD FreeBSD 4.5 -STABLE FreeBSD FreeBSD 4.5 -RELENG FreeBSD FreeBSD 4.5 -RELEASE-p32 FreeBSD FreeBSD 4.5 -RELEASE FreeBSD FreeBSD 4.5 FreeBSD FreeBSD 4.4 -STABLE FreeBSD FreeBSD 4.4 -RELENG FreeBSD FreeBSD 4.4 -RELENG FreeBSD FreeBSD 4.4 -RELEASE-p42 FreeBSD FreeBSD 4.4 FreeBSD FreeBSD 4.3 -STABLE FreeBSD FreeBSD 4.3 -RELENG FreeBSD FreeBSD 4.3 -RELEASE-p38 FreeBSD FreeBSD 4.3 -RELEASE FreeBSD FreeBSD 4.3 FreeBSD FreeBSD 4.2 -STABLEpre122300 FreeBSD FreeBSD 4.2 -STABLEpre050201 FreeBSD FreeBSD 4.2 -STABLE FreeBSD FreeBSD 4.2 -RELEASE FreeBSD FreeBSD 4.2 FreeBSD FreeBSD 4.1.1 -STABLE FreeBSD FreeBSD 4.1.1 -RELEASE FreeBSD FreeBSD 4.1.1 FreeBSD FreeBSD 4.1 FreeBSD FreeBSD 4.0 .x FreeBSD FreeBSD 4.0 -RELENG FreeBSD FreeBSD 4.0 alpha FreeBSD FreeBSD 4.0 FreeBSD FreeBSD 5.4-STABLE FreeBSD FreeBSD 4.10-PRERELEASE Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Avaya SES 3.0 Avaya SES 2.0 Avaya S8710 CM 3.1 Avaya S8710 CM 2.0 Avaya S8700 CM 3.1 Avaya S8700 CM 2.0 Avaya S8500 CM 3.1 Avaya S8500 CM 2.0 Avaya S8300 CM 3.1 Avaya S8300 CM 2.0 Avaya Messaging Storage Server MM3.0 Avaya Messaging Storage Server 2.0 Avaya Messaging Storage Server 1.0 Avaya Messaging Storage Server Avaya Message Networking Avaya Intuity LX Avaya EMMC 0 Avaya CCS 3.0 Avaya CCS 2.0 Apple Mac OS X Server 10.4.8 Apple Mac OS X 10.4.8 |
| Not Vulnerable: |
VMWare ESX Server 2.5.4 Patch 5 VMWare ESX Server 2.5.3 Patch 8 VMWare ESX Server 2.1.3 Patch 5 VMWare ESX Server 2.0.2 Patch 5 IPCop IPCop 1.4.13 Apple Mac OS X Server 10.4.9 Apple Mac OS X 10.4.9 |
Discussion
GNU Tar GNUTYPE_NAMES Remote Directory Traversal Vulnerability
GNU Tar is prone to a vulnerability that may allow an attacker to place files and overwrite files in arbitrary locations on a vulnerable computer. These issues present themselves when the application processes malicious archives.
A successful attack can allow the attacker to place potentially malicious files and overwrite files on a computer in the context of the user running the affected application. Successful exploits may aid in further attacks.
GNU Tar is prone to a vulnerability that may allow an attacker to place files and overwrite files in arbitrary locations on a vulnerable computer. These issues present themselves when the application processes malicious archives.
A successful attack can allow the attacker to place potentially malicious files and overwrite files on a computer in the context of the user running the affected application. Successful exploits may aid in further attacks.
Exploit / POC
GNU Tar GNUTYPE_NAMES Remote Directory Traversal Vulnerability
Attackers may exploit this issue by creating a malicious 'tar' archive.
The following proof of concept is available:
Attackers may exploit this issue by creating a malicious 'tar' archive.
The following proof of concept is available:
Solution / Fix
GNU Tar GNUTYPE_NAMES Remote Directory Traversal Vulnerability
Solution:
Please see the referenced advisories for more information.
IPCop IPCop 1.4.12
Apple Mac OS X Server 10.4.8
FreeBSD FreeBSD 4.11 -STABLE
Solution:
Please see the referenced advisories for more information.
IPCop IPCop 1.4.12
-
IPCop IPCop 1.4.13
http://www.ipcop.org/modules.php?op=modload&name=Downloads&file=index& POSTNUKESID=961e0cc5ccfe96980893c48dc5387e87
Apple Mac OS X Server 10.4.8
-
Apple Mac OS X v10.4.9
http://www.apple.com/support/downloads/
FreeBSD FreeBSD 4.11 -STABLE
-
FreeBSD gtar.patch
http://security.FreeBSD.org/patches/SA-06:26/gtar.patch -
FreeBSD gtar.patch.asc
http://security.FreeBSD.org/patches/SA-06:26/gtar.patch.asc
References
GNU Tar GNUTYPE_NAMES Remote Directory Traversal Vulnerability
References:
References:
- GNU Homepage (GNU)
- IPCop 1.4.13 released (IPCop)
- RHSA-2006:0749-2: tar security update (Red Hat)
- ASA-2007-015 (Avaya)