Saturday, August 25, 2007

GNU tar exploit

Bad news:

GNU Tar is prone to a directory-traversal vulnerability. This issue occurs because the application fails to validate user-supplied data.

A successful attack can allow the attacker to overwrite files on a computer in the context of the user running the affected application. Successful exploits may aid in further attacks.
Malicious tarballs possible. Hey ho. At least they've patched rsync.

Posted by Peter Risdon at 7:24 pm

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)