FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gtar -- GNU TAR safer_name_suffix Remote Denial of Service Vulnerability

Affected packages
gtar < 1.19

Details

VuXML ID 0809ce7d-f672-4924-9b3b-7c74bc279b83
Discovery 2007-11-14
Entry 2009-01-15

SecurityFocus reports:

GNUs tar and cpio utilities are prone to a denial-of-service vulnerability because of insecure use of the alloca() function.

Successfully exploiting this issue allows attackers to crash the affected utilities and possibly to execute code but this has not been confirmed.

[source]

References

Bugtraq ID 26445
CVE Name CVE-2007-4476
URL http://www.securityfocus.com/bid/26445/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.