FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gtar -- buffer overflow in rmt client

Affected packages
gtar < 1.22_3

Details

VuXML ID c175d72f-3773-11df-8bb8-0211d880e350
Discovery 2010-03-24
Entry 2010-03-24

Jakob Lell reports:

The rmt client implementation of GNU Tar/Cpio contains a heap-based buffer overflow which possibly allows arbitrary code execution.

The problem can be exploited when using an untrusted/compromised rmt server.

References

CVE Name CVE-2010-0624
URL http://www.agrs.tu-berlin.de/index.php?id=78327