From owner-freebsd-security@FreeBSD.ORG  Tue Nov 28 19:56:20 2006
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id B764016A47B
	for <freebsd-security@freebsd.org>;
	Tue, 28 Nov 2006 19:56:20 +0000 (UTC) (envelope-from sem@FreeBSD.org)
Received: from mail.ciam.ru (ns.ciam.ru [213.247.195.75])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B82F043EF5
	for <freebsd-security@freebsd.org>;
	Tue, 28 Nov 2006 19:51:08 +0000 (GMT) (envelope-from sem@FreeBSD.org)
Received: from [87.240.16.199] (helo=[192.168.0.4])
	by mail.ciam.ru with esmtpa (Exim 4.x)
	id 1Gp8z1-000GuN-II; Tue, 28 Nov 2006 22:51:11 +0300
Message-ID: <456C9318.4070702@FreeBSD.org>
Date: Tue, 28 Nov 2006 22:50:48 +0300
From: Sergey Matveychuk <sem@FreeBSD.org>
User-Agent: Thunderbird 1.5.0.8 (X11/20061113)
MIME-Version: 1.0
To: Josh Paetzel <josh@tcbug.org>
References: <456C6F30.2090904@FreeBSD.org> <200611281333.32259.josh@tcbug.org>
In-Reply-To: <200611281333.32259.josh@tcbug.org>
Content-Type: text/plain; charset=KOI8-R
Content-Transfer-Encoding: 7bit
Cc: freebsd-security@freebsd.org
Subject: Re: GNU Tar vulnerability
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Nov 2006 19:56:20 -0000

Josh Paetzel wrote:
> On Tuesday 28 November 2006 11:17, Sergey Matveychuk wrote:
>> Please, note: http://secunia.com/advisories/23115/
>>
>> A port maintainer CC'ed.
> 
> This is one of those things where the impact is hard to determine 
> because the link doesn't really give much info.  Ok, you can 
> overwrite arbitrary files.....ANY file?  Or just files that the user 
> running gtar has write access to?  If it's the first case then that's 
> huge.  If it's the second case then who really cares.
> 

I'm sure it's the second case.
I think it should care root mostly. But any users dislike too if there
is a chance to lost their .login, .bashrc etc.

An exploit is available on SecurityFocus.

-- 
Dixi.
Sem.