Mailing the story:

Gnu Tar "GNUTYPE_NAMES" Record Handling Directory Traversal ...

  • FrSIRT (Posted by on CST)
  • Story Type: Security; Groups: GNU
A vulnerability has been identified in GNU Tar, which could be exploited by malicious people to conduct directory traversal attacks. This flaw is due to errors in the "extract_archive()" and "extract_mangle()" functions when processing a "GNUTYPE_NAMES" record with a symbolic link, which could be exploited by attackers to overwrite arbitrary files by tricking a user into extracting a specially crafted archive.
What is your name?

What is your E-Mail address?

What is the email address of the recipient?

Add a special note from yourself?