Pardus: 2010-42: tar/cpio: Buffer Overflow
Posted by Benjamin D. Thomas   
A vulnerability has been fixed in GNU tar, which can potentially be exploited by malicious people to compromise a vulnerable system.
------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-42            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2010-03-29
  Severity: 3
      Type: Local
------------------------------------------------------------------------

Summary
======
A vulnerability has been fixed in GNU tar,  which  can  potentially  be
exploited by malicious people to compromise a vulnerable system.


Description
==========
CVE-2010-0624:

Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c
in the rmt client functionality in GNU tar before  1.23  and  GNU  cpio
before 2.11 allows remote rmt servers to  cause  a  denial  of  service
(memory corruption) or possibly execute arbitrary code by sending  more
data than was requested, related to archive filenames that contain a  :
(colon) character.


Affected packages:

    tar-1.21-18-4, all before 2009

    cpio-2.9-9-5, all before 2009

    cpio-2.9-9-4, all before 2008

    tar-1.20-17-4, all before 2008



Resolution
=========
There  are update(s)  for  tar-1.21-18-4,  cpio-2.9-9-5,  cpio-2.9-9-4,
tar-1.20-17-4. You can update them via Package Manager or with a single
command from console:

    pisi up tar-1.21-18-4 cpio-2.9-9-5 cpio-2.9-9-4 tar-1.20-17-4

References
=========
  * http://bugs.pardus.org.tr/show_bug.cgi?id435
  * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0624
  * https://bugzilla.redhat.com/show_bug.cgi?idV4368

------------------------------------------------------------------------