CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:P/A:P
EPSS
Percentile
86.6%
CentOS Errata and Security Advisory CESA-2006:0749-01
The GNU tar program saves many files together in one archive and can
restore individual files (or all of the files) from that archive.
Teemu Salmela discovered a path traversal flaw in the way GNU tar extracted
archives. A malicious user could create a tar archive that could write to
arbitrary files to which the user running GNU tar has write access.
(CVE-2006-6097)
Users of tar should upgrade to this updated package, which contains a
replacement backported patch to correct this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-December/075593.html
Affected packages:
tar
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 2 | i386 | tar | < 1.13.25-6.AS21.1 | tar-1.13.25-6.AS21.1.i386.rpm |