Lucene search

RedhatCVE-2006-0300

HistoryFeb 24, 2006 - 12:02 a.m.

CVE-2006-0300

2006-02-2400:02:00

redhat

web.nvd.nist.gov

cve-2006-0300

buffer overflow

tar

denial of service

code execution

user-assisted attackers

application crash

pax extended headers

nvd

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

High

EPSS

0.294

Percentile

96.9%

JSON

Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.

Affected configurations

Nvd

Node

gnutarMatch1.14

gnutarMatch1.14.1

gnutarMatch1.15

gnutarMatch1.15.1

gnutarMatch1.15.90

VendorProductVersionCPE
gnutar1.14cpe:2.3:a:gnu:tar:1.14:*:*:*:*:*:*:*
gnutar1.14.1cpe:2.3:a:gnu:tar:1.14.1:*:*:*:*:*:*:*
gnutar1.15cpe:2.3:a:gnu:tar:1.15:*:*:*:*:*:*:*
gnutar1.15.1cpe:2.3:a:gnu:tar:1.15.1:*:*:*:*:*:*:*
gnutar1.15.90cpe:2.3:a:gnu:tar:1.15.90:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gnu	tar	1.14	cpe:2.3:a:gnu:tar:1.14:::::::*
gnu	tar	1.14.1	cpe:2.3:a:gnu:tar:1.14.1:::::::*
gnu	tar	1.15	cpe:2.3:a:gnu:tar:1.15:::::::*
gnu	tar	1.15.1	cpe:2.3:a:gnu:tar:1.15.1:::::::*
gnu	tar	1.15.90	cpe:2.3:a:gnu:tar:1.15.90:::::::*

References

docs.info.apple.com/article.html?artnum=305214

docs.info.apple.com/article.html?artnum=305391

lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html

lists.apple.com/archives/security-announce/2007/Mar/msg00002.html

lists.gnu.org/archive/html/bug-tar/2006-02/msg00051.html

secunia.com/advisories/18973

secunia.com/advisories/18976

secunia.com/advisories/18999

secunia.com/advisories/19016

secunia.com/advisories/19093

secunia.com/advisories/19130

secunia.com/advisories/19152

secunia.com/advisories/19236

secunia.com/advisories/20042

secunia.com/advisories/24479

secunia.com/advisories/24966

securityreason.com/securityalert/480

securityreason.com/securityalert/543

securitytracker.com/id?1015705

sunsolve.sun.com/search/document.do?assetkey=1-26-241646-1

www.debian.org/security/2006/dsa-987

www.gentoo.org/security/en/glsa/glsa-200603-06.xml

www.novell.com/linux/security/advisories/2006_05_sr.html

www.openpkg.org/security/OpenPKG-SA-2006.006-tar.html

www.osvdb.org/23371

www.redhat.com/support/errata/RHSA-2006-0232.html

www.securityfocus.com/archive/1/430299/100/0/threaded

www.securityfocus.com/bid/16764

www.trustix.org/errata/2006/0010

www.us-cert.gov/cas/techalerts/TA07-072A.html

www.us-cert.gov/cas/techalerts/TA07-109A.html

www.vupen.com/english/advisories/2006/0684

www.vupen.com/english/advisories/2007/0930

www.vupen.com/english/advisories/2007/1470

www.vupen.com/english/advisories/2008/2518

wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:046

exchange.xforce.ibmcloud.com/vulnerabilities/24855

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5252

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5978

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5993

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6094

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9295

usn.ubuntu.com/257-1/

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

High

EPSS

0.294

Percentile

96.9%

JSON

Related for CVE-2006-0300