CVE-2002-1216

Related Files

OpenPKG Security Advisory 2006.38

Posted Dec 8, 2006

Authored by OpenPKG Foundation | Site openpkg.org

OpenPKG Security Advisory OpenPKG-SA-2006.038 - The archive format utility GNU tar, versions up to and including 1.16, allows user-assisted attackers to overwrite arbitrary files via a TAR format file that contains a "GNUTYPE_NAMES" record with a symbolic link.

tags | advisory, arbitrary

advisories | CVE-2006-6097, CVE-2002-1216

SHA-256 | b3316815129634db7a89691f0f6a4712f63cc700167db955981aaf3a818c1b27

Download | Favorite | View

Mandriva Linux Security Advisory 2006.219

Posted Dec 1, 2006

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory MDKSA-2006-219-1 - GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216.

tags | advisory, arbitrary

systems | linux, mandriva

advisories | CVE-2006-6097, CVE-2002-1216

SHA-256 | 5c1c3a1aa46e6ec5047fe0c7bac640cae31a993d8472dad6d9b0a1e8ee9485e6

Download | Favorite | View