New Search

GNU tar 1.16 and 1.15.1 and possibly other versions allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c a variant of CVE-2002-1216.

oval:org.mitre.oval:def:10963

GNU tar 1.16 and 1.15.1 and possibly other versions allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c a variant of CVE-2002-1216.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • CentOS Linux 3
  • Red Hat Enterprise Linux 4
  • Oracle Linux 4
  • CentOS Linux 4
  • Red Hat Enterprise Linux 3
Class:
vulnerability
Reference(s):
  • CVE-2006-6097
Product(s):