drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Überschreiben von Dateien in tar (Aktualisierung)
Name: |
Überschreiben von Dateien in tar (Aktualisierung) |
|
ID: |
TLSA-2006-42 |
|
Distribution: |
TurboLinux |
|
Plattformen: |
Turbolinux FUJI, Turbolinux 10 Server, Turbolinux 10 Server x64 Edition, Turbolinux Appliance Server 2.0, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux 8 Server, Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal, Turbolinux Appliance Server 1.0 Hosting Edition, Turbolinux Appliance Server 1.0 Workgroup Edition |
|
Datum: |
Do, 1. März 2007, 03:50 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6097 |
|
Applikationen: |
GNU Tar |
|
Update von: |
Überschreiben von Dateien in tar |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2006-42 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp --------------------------------------------------------------------------
Original released date: 29 Nov 2006 Last revised: 28 Feb 2007
Package: tar
Summary: Symlink attack in tar
More information: The program saves many files together into a single tape or disk archive, and can restore individual files from the archive. It includes multivolume support, the ability to archive sparse files, automatic archive compression/decompression, remote archives and special features that allow 'tar' to be used for incremental and full backups.
The tar allows attackers to overwrite arbitrary files via a symbolic link attack.
Impact: This vulnerability may allow attackers to overwrite arbitrary files via a symbolic link attack.
Affected Products: - Turbolinux Appliance Server 2.0 - Turbolinux FUJI - Turbolinux 10 Server x64 Edition - Turbolinux Appliance Server 1.0 Hosting Edition - Turbolinux Appliance Server 1.0 Workgroup Edition - Turbolinux 10 Server - Turbolinux Home - Turbolinux 10 F... - Turbolinux 10 Desktop - Turbolinux Multimedia - Turbolinux Personal - Turbolinux 8 Server
<Turbolinux Appliance Server 2.0>
Source Packages Size: MD5
tar-1.14-6.src.rpm 1499598 46607d1691590338e528587d43e11314
Binary Packages Size: MD5
tar-1.14-6.i586.rpm 478186 a5708ea755c109ecc860c6efb1498173
<Turbolinux FUJI>
Source Packages Size: MD5
tar-1.16-2.src.rpm 2594582 9fd6474c9690a437632687b864f4606a
Binary Packages Size: MD5
tar-1.16-2.i686.rpm 826969 3cdfa5de64f94d6e32c4d9c73f676c97
<Turbolinux 10 Server x64 Edition>
Source Packages Size: MD5
tar-1.14-6.src.rpm 1499598 46f10bcc2642c6da3d3ca3c0f6509c10
Binary Packages Size: MD5
tar-1.14-6.x86_64.rpm 485823 2fbf7e84f1791ec583912e36eb31fde6
<Turbolinux Appliance Server 1.0 Hosting Edition>
Source Packages Size: MD5
tar-1.13.17-9.src.rpm 1141263 095bd191239424535dbf2736bdc8ca9f
Binary Packages Size: MD5
tar-1.13.17-9.i586.rpm 288645 12f45fd723af6a240acf0e3e5a21ea6d
<Turbolinux Appliance Server 1.0 Workgroup Edition>
Source Packages Size: MD5
tar-1.13.17-9.src.rpm 1141263 ae1bd3a85b75d2ecae162ed722b9fce3
Binary Packages Size: MD5
tar-1.13.17-9.i586.rpm 288848 e524e0bf4334a589b46cb76e8f8f5404
<Turbolinux 10 Server>
Source Packages Size: MD5
tar-1.14-6.src.rpm 1499598 46607d1691590338e528587d43e11314
Binary Packages Size: MD5
tar-1.14-6.i586.rpm 478186 a5708ea755c109ecc860c6efb1498173
<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal>
Source Packages Size: MD5
tar-1.13.25-4.src.rpm 1322276 63e97bec0dcd76dd4ceaaed9ddb5d858
Binary Packages Size: MD5
tar-1.13.25-4.i586.rpm 443242 dcf1a287b48e04b11e6fae8b98ba8839
<Turbolinux 8 Server>
Source Packages Size: MD5
tar-1.13.17-9.src.rpm 1141263 3eb112019547963d558cce1a857972e7
Binary Packages Size: MD5
tar-1.13.17-9.i586.rpm 288849 bed4e18322b78c36910a23c4525d720a
References:
CVE [CVE-2006-6097] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6097
-------------------------------------------------------------------------- Revision History 29 Nov 2006 Initial release 28 Feb 2007 Expect FUJI products released --------------------------------------------------------------------------
Copyright(C) 2007 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFF5R6rK0LzjOqIJMwRAvlLAJ4iFblgUV+L+PBFz7XyZ6HDHciZUACgiNc/ 3lXmb8uFmya0sDZr4wuWqfE= =+Ryo -----END PGP SIGNATURE-----
|
|
|
|