Saturday, August 25, 2007

GNU tar exploit

Bad news:

GNU Tar is prone to a directory-traversal vulnerability. This issue occurs because the application fails to validate user-supplied data.

A successful attack can allow the attacker to overwrite files on a computer in the context of the user running the affected application. Successful exploits may aid in further attacks.
Malicious tarballs possible. Hey ho. At least they've patched rsync.

No comments: