exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Ubuntu Security Notice 385-1

Ubuntu Security Notice 385-1
Posted Dec 1, 2006
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 385-1 - Teemu Salmela discovered that tar still handled the deprecated GNUTYPE_NAMES record type. This record type could be used to create symlinks that would be followed while unpacking a tar archive. If a user or an automated system were tricked into unpacking a specially crafted tar file, arbitrary files could be overwritten with user privileges.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2006-6097
SHA-256 | fcb3556bbcfb9517e7e5d4212b8cb38c4837e251a5cefd0301edcc4662dd0723

Ubuntu Security Notice 385-1

Change Mirror Download
=========================================================== 
Ubuntu Security Notice USN-385-1 November 27, 2006
tar vulnerability
CVE-2006-6097
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
tar 1.15.1-2ubuntu0.2

Ubuntu 6.06 LTS:
tar 1.15.1-2ubuntu2.1

Ubuntu 6.10:
tar 1.15.91-2ubuntu0.3

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Teemu Salmela discovered that tar still handled the deprecated
GNUTYPE_NAMES record type. This record type could be used to create
symlinks that would be followed while unpacking a tar archive. If a
user or an automated system were tricked into unpacking a specially
crafted tar file, arbitrary files could be overwritten with user
privileges.


Updated packages for Ubuntu 5.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu0.2.diff.gz
Size/MD5: 29654 155f4628f9fef19aa20e3927a857fd0d
http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu0.2.dsc
Size/MD5: 574 22006def60be25510613a955ca7e90d2
http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1.orig.tar.gz
Size/MD5: 2204322 d87021366fe6488e9dc398fcdcb6ed7d

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu0.2_amd64.deb
Size/MD5: 531932 d507bfc76276c9cc43ebf56f9d69038a

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu0.2_i386.deb
Size/MD5: 519858 ed19ee38f074d841366737e880a5c626

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu0.2_powerpc.deb
Size/MD5: 533886 5d0d477d0bbe5589f5a3181144099c92

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu0.2_sparc.deb
Size/MD5: 525056 1fa9aa25fbbc81c4fcf767c28b4eb991

Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu2.1.diff.gz
Size/MD5: 30078 32b5ca833a90aa5bcbc3941a07dbf81a
http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu2.1.dsc
Size/MD5: 574 c68c40e5d79b9afd13626694b0bcb2d4
http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1.orig.tar.gz
Size/MD5: 2204322 d87021366fe6488e9dc398fcdcb6ed7d

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu2.1_amd64.deb
Size/MD5: 532022 ddcb1e2e8770645f683b462b095ff851

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu2.1_i386.deb
Size/MD5: 519384 be7fa1ac67587e1ef574ed457e967454

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu2.1_powerpc.deb
Size/MD5: 533876 4b9404feef3aaaf23cf28abd1432517b

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu2.1_sparc.deb
Size/MD5: 523654 1164fe3b20e4f530df21258907f3cd9d

Updated packages for Ubuntu 6.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.91-2ubuntu0.3.diff.gz
Size/MD5: 16849 1776a8a649f3fec68c6990accd5f47c8
http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.91-2ubuntu0.3.dsc
Size/MD5: 596 58f9bea1622976afa48a7eb61e8945e8
http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.91.orig.tar.gz
Size/MD5: 2016367 e2338a16b0464ec03826e000dae990a0

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.91-2ubuntu0.3_amd64.deb
Size/MD5: 361636 9580b1e23dc58caf6af9543dbe045dca

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.91-2ubuntu0.3_i386.deb
Size/MD5: 346396 4bb2868d5fc2855a8242c6c89c7afb12

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.91-2ubuntu0.3_powerpc.deb
Size/MD5: 365486 79ddf1293d8e759fd96fee0c612d6000

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.91-2ubuntu0.3_sparc.deb
Size/MD5: 348136 ffdb48742e8bc415682f18d6c74f70c2

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close