Date: Tue, 28 Nov 2006 22:50:48 +0300 From: Sergey Matveychuk <sem@FreeBSD.org> To: Josh Paetzel <josh@tcbug.org> Cc: freebsd-security@freebsd.org Subject: Re: GNU Tar vulnerability Message-ID: <456C9318.4070702@FreeBSD.org> In-Reply-To: <200611281333.32259.josh@tcbug.org> References: <456C6F30.2090904@FreeBSD.org> <200611281333.32259.josh@tcbug.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Josh Paetzel wrote: > On Tuesday 28 November 2006 11:17, Sergey Matveychuk wrote: >> Please, note: http://secunia.com/advisories/23115/ >> >> A port maintainer CC'ed. > > This is one of those things where the impact is hard to determine > because the link doesn't really give much info. Ok, you can > overwrite arbitrary files.....ANY file? Or just files that the user > running gtar has write access to? If it's the first case then that's > huge. If it's the second case then who really cares. > I'm sure it's the second case. I think it should care root mostly. But any users dislike too if there is a chance to lost their .login, .bashrc etc. An exploit is available on SecurityFocus. -- Dixi. Sem.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?456C9318.4070702>