Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameMDVSA-2013:253First vendor Publication2013-10-18
VendorMandrivaLast vendor Modification2013-10-18
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score6.8Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Updated libtar packages fixes security vulnerability:

Two heap-based buffer overflow flaws were found in the way libtar handled certain archives. If a user were tricked into expanding a specially-crafted archive, it could cause the libtar executable or an application using libtar to crash or, potentially, execute arbitrary code (CVE-2013-4397).

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2013:253

CWE : Common Weakness Enumeration

idName
CWE-189Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:20857
 
Oval ID: oval:org.mitre.oval:def:20857
Title: DSA-2817-1 libtar - Multiple integer overflows
Description: Timo Warns reported multiple integer overflow vulnerabilities in libtar, a library for manipulating tar archives, which can result in the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-2817-1
CVE-2013-4397
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/Linux 7
Debian GNU/kFreeBSD 6.0
Debian GNU/kFreeBSD 7
Product(s): libtar
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application8
Os1

Nessus® Vulnerability Scanner

DateDescription
2014-02-23Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201402-19.nasl - Type : ACT_GATHER_INFO
2013-12-16Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2817.nasl - Type : ACT_GATHER_INFO
2013-11-11Name : The remote Fedora host is missing a security update.
File : fedora_2013-18877.nasl - Type : ACT_GATHER_INFO
2013-10-21Name : The remote Fedora host is missing a security update.
File : fedora_2013-18808.nasl - Type : ACT_GATHER_INFO
2013-10-20Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-253.nasl - Type : ACT_GATHER_INFO
2013-10-20Name : The remote Fedora host is missing a security update.
File : fedora_2013-18785.nasl - Type : ACT_GATHER_INFO
2013-10-13Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-1418.nasl - Type : ACT_GATHER_INFO
2013-10-11Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1418.nasl - Type : ACT_GATHER_INFO
2013-10-11Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-1418.nasl - Type : ACT_GATHER_INFO
2013-10-11Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20131010_libtar_on_SL6_x.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
DateInformations
2014-02-17 11:44:05
  • Multiple Updates
2013-10-18 21:27:29
  • Multiple Updates
2013-10-18 17:21:54
  • First insertion