FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
0809ce7d-f672-4924-9b3b-7c74bc279b83gtar -- GNU TAR safer_name_suffix Remote Denial of Service Vulnerability

SecurityFocus reports:

GNUs tar and cpio utilities are prone to a denial-of-service vulnerability because of insecure use of the alloca() function.

Successfully exploiting this issue allows attackers to crash the affected utilities and possibly to execute code but this has not been confirmed.


Discovery 2007-11-14
Entry 2009-01-15
gtar
< 1.19

26445
CVE-2007-4476
http://www.securityfocus.com/bid/26445/
c175d72f-3773-11df-8bb8-0211d880e350gtar -- buffer overflow in rmt client

Jakob Lell reports:

The rmt client implementation of GNU Tar/Cpio contains a heap-based buffer overflow which possibly allows arbitrary code execution.

The problem can be exploited when using an untrusted/compromised rmt server.


Discovery 2010-03-24
Entry 2010-03-24
gtar
< 1.22_3

CVE-2010-0624
http://www.agrs.tu-berlin.de/index.php?id=78327
6107efb9-aae3-11da-aea1-000854d03344gtar -- invalid headers buffer overflow

GNU tar is vulnerable to a buffer overflow, caused by improper bounds checking of the PAX extended headers. By tricking an user into processing a specially crafted tar archive, this could be exploited to execute arbitrary code with the privileges of the user.


Discovery 2006-02-22
Entry 2006-03-03
gtar
< 1.15.1_2

16764
CVE-2006-0300
3dd7eb58-80ae-11db-b4ec-000854d03344gtar -- GNUTYPE_NAMES directory traversal vulnerability

Teemu Salmela reports:

There is a tar record type, called GNUTYPE_NAMES (an obsolete GNU extension), that allows the creation of symbolic links pointing to arbitrary locations in the filesystem, which makes it possible to create/overwrite arbitrary files.


Discovery 2006-11-21
Entry 2006-11-30
gtar
< 1.16_2

21235
CVE-2006-6097
http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0344.html
d944719e-42f4-4864-89ed-f045b541919fgtar -- Directory traversal vulnerability

Red Hat reports:

A path traversal flaw was discovered in the way GNU tar extracted archives. A malicious user could create a tar archive that could write to arbitrary files to which the user running GNU tar had write access.

Red Hat credits Dmitry V. Levin for reporting the issue.


Discovery 2007-08-23
Entry 2007-09-01
gtar
< 1.18_1

25417
CVE-2007-4131
http://rhn.redhat.com/errata/RHSA-2007-0860.html
https://bugzilla.redhat.com/show_bug.cgi?id=251921