CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
46.8%
star is an enhanced tape archiver, much like tar, that is recognized for it’s speed as well as it’s enhanced mt/rmt support.
A suid root vulnerability exists in versions of star that are configured to use ssh for remote tape access.
Attackers with local user level access could potentially gain root level access.
There is no known workaround at this time.
All star users should upgrade to the latest version:
# emerge sync
# emerge -pv ">=app-arch/star-1.5_alpha46"
# emerge ">=app-arch/star-1.5_alpha46"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | app-arch/star | < 1.5_alpha46 | UNKNOWN |