TAR archive
Ulf Härnhammar of Secunia Research found a format string flaw in
vim's help tags processor. If a user were tricked into executing the
helptags command on malicious data, it could result in the execution
of arbitrary code as the user running vim (CVE-2008-2953).
A flaw was found in how tar.vim handled TAR archive browsing. If a
user were to open a special TAR archive using the plugin, it could
result in the execution of arbitrary code as the user running vim
(CVE-2008-3074).
A flaw was found in how zip.vim handled ZIP archive browsing. If a
Ulf Härnhammar of Secunia Research found a format string flaw in
vim's help tags processor. If a user were tricked into executing the
helptags command on malicious data, it could result in the execution
of arbitrary code as the user running vim (CVE-2008-2953).
A flaw was found in how tar.vim handled TAR archive browsing. If a
user were to open a special TAR archive using the plugin, it could
result in the execution of arbitrary code as the user running vim
(CVE-2008-3074).
A flaw was found in how zip.vim handled ZIP archive browsing. If a
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
Windows binary:
md5sum: 745c3250e5254eaf6e65fcfc4172070f
Compressed Tar archive for 32-bit Linux
md5sum: 65a454749d15d4863401619d7ff5566e
Linux RPM version for 32-bit Linux
md5sum: d80adc73b1500bdb0cb24d1b0733bcff
Problem Description:
Two heap-based buffer overflow flaws were discovered in libarchive. If
a user were tricked into expanding a specially-crafted ISO 9660
CD-ROM image or tar archive with an application using libarchive,
it could cause the application to crash or, potentially, execute
arbitrary code with the privileges of the user running the application
(CVE-2011-1777, CVE-2011-1778).
The updated packages have been patched to correct these issues.
The Common Vulnerabilities and Exposures project has assigned the
name CVE-2007-4091 this issue.
tar < TSL 3.0.5 > < TSL 3.0 > < TSL 2.2 >
- SECURITY Fix: A vulnerability has been reported in GNU tar, caused
due to an input validation error when extracting tar archives. This
can be exploited to extract files to arbitrary locations outside the
specified directory with the permissions of the user running GNU tar
by using the "//.." directory traversal sequence in a specially
crafted tar archive.
* The vendor reported a Divide-by-zero error in the PE ("Portable
Executable"; Windows .exe) file handling of ClamAV (CVE-2008-6680).
* Jeffrey Thomas Peckham found a flaw in libclamav/untar.c, possibly
resulting in an infinite loop when processing TAR archives in clamd
and clamscan (CVE-2009-1270).
* Martin Olsen reported a vulnerability in the CLI_ISCONTAINED macro
in libclamav/others.h, when processing UPack archives
(CVE-2009-1371).
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
Windows binary:
md5sum: 509c7b323a8ac42c0a92b0a1446bb0f8
Compressed Tar archive for 32-bit Linux
md5sum: 9d189e72f8111e44b27f1ee92edf265e
Linux RPM version for 32-bit Linux
md5sum: 0957c5258d033d0107517df64bfea240
Problem Description:
A heap-based buffer overflow flaw was discovered in libarchive. If
a user were tricked into expanding a specially-crafted ISO 9660
CD-ROM image or tar archive with an application using libarchive,
it could cause the application to crash or, potentially, execute
arbitrary code with the privileges of the user running the application
(CVE-2011-1778).
The updated packages have been patched to correct these issues.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4131
https://issues.rpath.com/browse/RPL-1631
Description:
Previous versions of the tar package are vulnerable to an attack in
which unpacking an intentionally-malformed tar archive can overwrite
arbitrary files to which the user running tar has write access. If the
attacking user knows the name of a vulnerable binary file and overwrites
it, this allows the attacker to place arbitrary code on the system which
is likely to be run. If root is running tar, this includes any file on
the system, which would elevate this to an indirect non-deterministic
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4131
https://issues.rpath.com/browse/RPL-1631
Description:
Previous versions of the tar package are vulnerable to an attack in
which unpacking an intentionally-malformed tar archive can overwrite
arbitrary files to which the user running tar has write access. If the
attacking user knows the name of a vulnerable binary file and overwrites
it, this allows the attacker to place arbitrary code on the system which
is likely to be run. If root is running tar, this includes any file on
the system, which would elevate this to an indirect non-deterministic
in a Denial of Service.
Background
==========
GNU cpio copies files into or out of a cpio or tar archive.
Affected packages
=================
-------------------------------------------------------------------
~ http://www.vmware.com/download/ws/ws5.html
~ Release notes:
~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
~ Windows binary
~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3
~ Compressed Tar archive for 32-bit Linux
~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb
~ Linux RPM version for 32-bit Linux
~ md5sum: c222b6db934deb9c1bb79b16b25a3202
~ VMware Server 1.0.5
II. Description
~~~~~~~~~~~~~~~
The parsing engine can be bypassed by a specially crafted and formated
TAR archive.
III. Impact
~~~~~~~~~~~
A general description of the impact and nature of AV Bypasses/evasions
can be read at :
``When one edits a *.tar file, this plugin will handle displaying a
contents page. Select a file to edit by moving the cursor atop
the desired file, then hit the <return> key. After editing, one may
also write to the file. Currently, one may not make a new file in
tar archives via the plugin.''
-- Vim online help (``pi_tar.txt'')
3.4.2.3.1. Vulnerability
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
Windows binary:
md5sum: 4c6a6653b7296240197aac048591c659
Compressed Tar archive for 32-bit Linux
md5sum: 8fc15d72031489cf5cd5d47b966787e6
Linux RPM version for 32-bit Linux
md5sum: f0872fe447ac654a583af16b2f4bba3f
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
Windows binary:
md5sum: 745c3250e5254eaf6e65fcfc4172070f
Compressed Tar archive for 32-bit Linux
md5sum: 65a454749d15d4863401619d7ff5566e
Linux RPM version for 32-bit Linux
md5sum: d80adc73b1500bdb0cb24d1b0733bcff
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
Windows binary:
md5sum: 509c7b323a8ac42c0a92b0a1446bb0f8
Compressed Tar archive for 32-bit Linux
md5sum: 9d189e72f8111e44b27f1ee92edf265e
Linux RPM version for 32-bit Linux
md5sum: 0957c5258d033d0107517df64bfea240
II. Description
~~~~~~~~~~~~~~~
The parsing engine can be bypassed by a specially crafted and formated
TAR archive.
III. Impact
~~~~~~~~~~~
A general description of the impact and nature of AV Bypasses/evasions
can be read at :
https://issues.rpath.com/browse/RPL-1631
https://issues.rpath.com/browse/RPL-1669
Description:
Previous versions of star, an archival program, are vulnerable to an
attack in which unpacking an intentionally-malformed tar archive can
overwrite arbitrary files to which the user running tar has write access.
If unpacked by a superuser, this can lead to arbitrary code execution at
root permission levels.
- ---
scripts. This could lead to the execution of arbitrary code.
CVE-2008-3074
Jan Minar discovered that the tar plugin of vim did not properly
sanitise the filenames in the tar archive or the name of the
archive file itself, making it prone to arbitrary code execution.
CVE-2008-3075
Jan Minar discovered that the zip plugin of vim did not properly
|
