Foresight: star - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

Is Mandatory Access Control Too Much Security For Enterprise's Linux?

	Yes, too difficult to configure and manage.
	No. You can never have enough security.
	Yes. Standard Linux security settings work for us.
	No. Industry demands will demand SELinux.
	Don't know.

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

Emily Ratliff: OS Security

DanWalsh LiveJournal

Security Bloggers Network

Latest Newsletters

Linux Security Week: September 1st, 2008

Linux Advisory Watch: August 29th, 2008

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Foresight: star

User Rating:

How can I rate this item?

Posted by Bill Keys

Previous versions of star, an archival program, are vulnerable to an attack in which unpacking an intentionally-malformed tar archive can overwrite arbitrary files to which the user running tar has write access. If unpacked by a superuser, this can lead to arbitrary code execution at root permission levels.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Foresight Linux Essential Advisory: 2007-0051-1
Published: 2007-09-06

Rating: Severe

Updated Versions:
    star=/conary.rpath.com at rpl:devel//1/1.5a60-4.3-1
    group-dist=/foresight.rpath.org at fl:1-devel//1/1.3.2-0.17-1

References:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4134
    https://issues.rpath.com/browse/RPL-1631
    https://issues.rpath.com/browse/RPL-1669

Description:
    Previous versions of star, an archival program, are vulnerable to an
    attack in which unpacking an intentionally-malformed tar archive can
    overwrite arbitrary files to which the user running tar has write access.
    If unpacked by a superuser, this can lead to arbitrary code execution at
    root permission levels.

- ---

Copyright 2007 Foresight Linux Project
This file is distributed under the terms of the MIT License.
A copy is available at http://www.foresightlinux.org/permanent/mit-license.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (GNU/Linux)

iQIVAwUBRuCz1NfwEn07iAtZAQI7mRAAhIkKbD3WYxgDhfrJd77Xp10B/WGEhTyl
+Yi7tNvWgVYgtpclEqdirkdNChi99/zxWl/MzAbzyZ1Or8izGEhllq6V/p4pEw8m
r2QmLtweljmdpcu1sSUBXZfsPwOqPIxK4IyXZC6+z5z7tWBGK9m3VPHKPiBN/BTS
m2xy+Udia0H3hILNWHsDYxV6fdeUzYCiBmrgw0+fM5zrkqodM9eHACQZaDS9mbh9
Fgo9XtxsXLoscEEyDyp4HPe1P9ENCaxqFG1AW6EEdvWv1i3F2qazp8CDzoKEfGTC
DM0K+in+j5CHWvHVfiZcEdQTB+j3Rkor+XLi5MBiZ0ivbrowcBo7KbNtHpUNiqlg
QsLvPRkRUoIIgfcp/ythmUWW2CaaOTZEs30hHZRVI1vf5MIjfKcePQu5XQssNty5
bp/9jKdby3NTe2fkw1vtQqU/2us+cRhxjTQHGs+otpduO7iwQtlWd51ouVdq8a/Q
RKrJk2OqQAG1YIXslTSWkQPpZzFMG3YXvb5CYg/jQnVW/VjLKyFIU5Tbn6+iZvFI
iLJ7WDm3jY3gSvHVecj8Sltl/BxCPf4EHypkQKzE+khvPVkuNVCmnDOexQ8QzH/r
P4W9amhDwuC9PIoSeR7GDbPcziBBFXA2a6JenWL0pp7QUbxZoY8CfeX05s9iGSPu
x+kduCNICvg=
=cMlR
-----END PGP SIGNATURE-----

< Prev		Next >

Partner:

Latest Features

Review: Hacking Exposed Linux, Third Edition

Security Features of Firefox 3.0

Review: The Book of Wireless

April 2008 Open Source Tool of the Month: sudo

Open Source Tool of March: ZoneMinder

Meet the Anti-Nmap: PSAD

Open Source Tool of February: Nmap!

Yesterday's Edition

New Firefox Plug-In Double-Checks So-Called Unsafe Sites

Google Chrome Flaws Come Soon After Browser Release

QuickLinks: Comunity , HOWTOs , Blogs , Features , Book Reviews , Networking ,
Security Projects , Latest News , Newsletters , SELinux , Privacy , Home,
Hardening , About Us, Advertise, Legal Notice, RSS, Guardian Digital