what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2007-4476

Status Candidate

Overview

Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."

Related Files

Ubuntu Security Notice 709-1
Posted Jan 16, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-709-1 - Dmitry V. Levin discovered a buffer overflow in tar. If a user or automated system were tricked into opening a specially crafted tar file, an attacker could crash tar or possibly execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2007-4476
SHA-256 | 7957633c70c439ce956f85c4340dbf6c8fbbbcd468241cc2022efea145a58822
Ubuntu Security Notice 650-1
Posted Oct 3, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 650-1 - A buffer overflow was discovered in cpio. If a user were tricked into opening a crafted cpio archive, an attacker could cause a denial of service via application crash, or possibly execute code with the privileges of the user invoking the program.

tags | advisory, denial of service, overflow
systems | linux, ubuntu
advisories | CVE-2007-4476
SHA-256 | cc2e0d30e067041417172ae7fe859eda11e0ad3a215aaabcfa689d1c421a6c78
Debian Linux Security Advisory 1566-1
Posted May 2, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1566-1 - Dmitry Levin discovered a vulnerability in path handling code used by the cpio archive utility. The weakness could enable a denial of service (crash) or potentially the execution of arbitrary code if a vulnerable version of cpio is used to extract or to list the contents of a maliciously crafted archive.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2007-4476
SHA-256 | b4bab381c166de7c08c0647965e2834878fc042ba7affd0458a39442a6060403
Debian Linux Security Advisory 1438-1
Posted Dec 29, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1438-1 - Several vulnerabilities have been discovered in GNU Tar. A directory traversal vulnerability enables attackers using specially crafted archives to extract contents outside the directory tree created by tar. A stack-based buffer overflow in the file name checking code may lead to arbitrary code execution when processing maliciously crafted archives.

tags | advisory, overflow, arbitrary, vulnerability, code execution
systems | linux, debian
advisories | CVE-2007-4131, CVE-2007-4476
SHA-256 | cdb091cdc7a22e2e70fc77812d2d98bb673e8958c2eb906c42c3d283d52a525e
Mandriva Linux Security Advisory 2007.233
Posted Nov 29, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Buffer overflow in the safer_name_suffix function in GNU cpio has unspecified attack vectors and impact, resulting in a crashing stack. This problem is originally found in tar, but affects cpio too, due to similar code fragments. Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file. This is an old issue, affecting only Mandriva Corporate Server 4 and Mandriva Linux 2007.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2007-4476, CVE-2005-1229
SHA-256 | e60da58de41a61167889be1fbdba3d6aad13e83dca878b9c731631571b545a6a
Gentoo Linux Security Advisory 200711-18
Posted Nov 15, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200711-18 - A buffer overflow vulnerability in the safer_name_suffix() function in GNU cpio has been discovered. Versions less than 2.9-r1 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2007-4476
SHA-256 | fd33823e7ab97166450f1a66072fa2b17bed42995063e54812d268d94e68b1aa
Mandriva Linux Security Advisory 2007.197
Posted Oct 16, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A buffer overflow in GNU tar has unspecified attack vectors and impact, resulting in a crashing stack.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2007-4476
SHA-256 | d6ca54d22cddc8887b5129f6edc2abd3964ee5f3bd49e9a2c3792ad6fd25eb7b
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close