FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
d944719e-42f4-4864-89ed-f045b541919fgtar -- Directory traversal vulnerability

Red Hat reports:

A path traversal flaw was discovered in the way GNU tar extracted archives. A malicious user could create a tar archive that could write to arbitrary files to which the user running GNU tar had write access.

Red Hat credits Dmitry V. Levin for reporting the issue.


Discovery 2007-08-23
Entry 2007-09-01
gtar
< 1.18_1

25417
CVE-2007-4131
http://rhn.redhat.com/errata/RHSA-2007-0860.html
https://bugzilla.redhat.com/show_bug.cgi?id=251921
c175d72f-3773-11df-8bb8-0211d880e350gtar -- buffer overflow in rmt client

Jakob Lell reports:

The rmt client implementation of GNU Tar/Cpio contains a heap-based buffer overflow which possibly allows arbitrary code execution.

The problem can be exploited when using an untrusted/compromised rmt server.


Discovery 2010-03-24
Entry 2010-03-24
gtar
< 1.22_3

CVE-2010-0624
http://www.agrs.tu-berlin.de/index.php?id=78327
0809ce7d-f672-4924-9b3b-7c74bc279b83gtar -- GNU TAR safer_name_suffix Remote Denial of Service Vulnerability

SecurityFocus reports:

GNUs tar and cpio utilities are prone to a denial-of-service vulnerability because of insecure use of the alloca() function.

Successfully exploiting this issue allows attackers to crash the affected utilities and possibly to execute code but this has not been confirmed.


Discovery 2007-11-14
Entry 2009-01-15
gtar
< 1.19

26445
CVE-2007-4476
http://www.securityfocus.com/bid/26445/