Published: 24/02/2006 Updated: 19/10/2018

CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9

VMScore: 454

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Buffer overflow in tar 1.14 up to and including 1.15.90 allows user-assisted malicious users to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu tar 1.14.1
gnu tar 1.15
gnu tar 1.15.1
gnu tar 1.15.90
gnu tar 1.14

Debian Bug report logs - #354091 tar: buffer overflow [CVE-2006-0300] Package: tar; Maintainer for tar is Bdale Garbee <bdale@gagcom>; Source for tar is src:tar (PTS, buildd, popcon) Reported by: Martin Pitt <martinpitt@ubuntucom> Date: Thu, 23 Feb 2006 10:48:01 UTC Severity: critical Tags: patch, security Found ...

Jim Meyering discovered that tar did not properly verify the validity of certain header fields in a GNU tar archive By tricking an user into processing a specially crafted tar archive, this could be exploited to execute arbitrary code with the privileges of the user ...

NVD-CWE-Other http://lists.gnu.org/archive/html/bug-tar/2006-02/msg00051.html http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:046 http://www.securityfocus.com/bid/16764 http://www.osvdb.org/23371 http://secunia.com/advisories/18976 http://secunia.com/advisories/18973 http://www.trustix.org/errata/2006/0010 http://secunia.com/advisories/18999 http://www.debian.org/security/2006/dsa-987 http://www.openpkg.org/security/OpenPKG-SA-2006.006-tar.html http://www.redhat.com/support/errata/RHSA-2006-0232.html http://www.novell.com/linux/security/advisories/2006_05_sr.html http://securitytracker.com/id?1015705 http://secunia.com/advisories/19093 http://secunia.com/advisories/19130 http://secunia.com/advisories/19152 http://www.gentoo.org/security/en/glsa/glsa-200603-06.xml http://secunia.com/advisories/19236 http://secunia.com/advisories/19016 http://docs.info.apple.com/article.html?artnum=305214 http://secunia.com/advisories/20042 http://secunia.com/advisories/24479 http://docs.info.apple.com/article.html?artnum=305391 http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html http://secunia.com/advisories/24966 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html http://www.us-cert.gov/cas/techalerts/TA07-072A.html http://www.us-cert.gov/cas/techalerts/TA07-109A.html http://securityreason.com/securityalert/480 http://securityreason.com/securityalert/543 http://sunsolve.sun.com/search/document.do?assetkey=1-26-241646-1 http://www.vupen.com/english/advisories/2006/0684 http://www.vupen.com/english/advisories/2007/0930 http://www.vupen.com/english/advisories/2007/1470 http://www.vupen.com/english/advisories/2008/2518 https://exchange.xforce.ibmcloud.com/vulnerabilities/24855 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9295 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6094 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5993 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5978 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5252 https://usn.ubuntu.com/257-1/http://www.securityfocus.com/archive/1/430299/100/0/threaded https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=354091 https://usn.ubuntu.com/257-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-0300

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect