Executive Summary

Summary
Title Sun Alert 241646 Security Vulnerability in GNU tar May Lead to Arbitrary Code Execution or Denial of Service (DoS)
Informations
Name SUN-241646 First vendor Publication 2008-09-08
Vendor Sun Last vendor Modification 2009-04-30
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:P/I:P/A:P)
Cvss Base Score 5.1 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity High
Cvss Expoit Score 4.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Solaris 9 Operating System Solaris 10 Operating System OpenSolaris

A security vulnerability in the GNU tar utility (see gtar(1)) bundled with Solaris 9 and Solaris 10 may allow a local or remote unprivileged user who provides a specially crafted tar archive to cause the execution of arbitrary code or a program crash. The ability to cause a program crash  is a type of Denial of Service (DoS).

Additional information regarding this issue is available at:
State: Resolved
First released: 08-Sep-2008
Sun Alert Link:http://sunsolve.sun.com/search/document.do?assetkey=1-66-241646-1

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_241646_security_vulnerability

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:5252
 
Oval ID: oval:org.mitre.oval:def:5252
Title: Security Vulnerability in GNU tar May Lead to Arbitrary Code Execution or Denial of Service (DoS)
Description: Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.
Family: unix Class: vulnerability
Reference(s): CVE-2006-0300
 Version: 1
Platform(s): Sun Solaris 10
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5978
 
Oval ID: oval:org.mitre.oval:def:5978
Title: Security Vulnerability in GNU tar May Lead to Arbitrary Code Execution or Denial of Service (DoS)
Description: Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.
Family: unix Class: vulnerability
Reference(s): CVE-2006-0300
 Version: 1
Platform(s): Sun Solaris 10
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5993
 
Oval ID: oval:org.mitre.oval:def:5993
Title: Security Vulnerability in GNU tar May Lead to Arbitrary Code Execution or Denial of Service (DoS)
Description: Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.
Family: unix Class: vulnerability
Reference(s): CVE-2006-0300
 Version: 1
Platform(s): Sun Solaris 9
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6094
 
Oval ID: oval:org.mitre.oval:def:6094
Title: Security Vulnerability in GNU tar May Lead to Arbitrary Code Execution or Denial of Service (DoS)
Description: Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.
Family: unix Class: vulnerability
Reference(s): CVE-2006-0300
 Version: 1
Platform(s): Sun Solaris 9
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9295
 
Oval ID: oval:org.mitre.oval:def:9295
Title: Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.
Description: Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.
Family: unix Class: vulnerability
Reference(s): CVE-2006-0300
 Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 5

OpenVAS Exploits

Date Description
2009-11-17 Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-06-03 Name : Solaris Update for gtar 118191-03
File : nvt/gb_solaris_118191_03.nasl
2009-06-03 Name : Solaris Update for gtar 118192-03
File : nvt/gb_solaris_118192_03.nasl
2009-06-03 Name : Solaris Update for gtar source 118193-02
File : nvt/gb_solaris_118193_02.nasl
2009-06-03 Name : Solaris Update for gtar source 118194-02
File : nvt/gb_solaris_118194_02.nasl
2009-06-03 Name : Solaris Update for gtar 139099-02
File : nvt/gb_solaris_139099_02.nasl
2009-06-03 Name : Solaris Update for gtar 139100-02
File : nvt/gb_solaris_139100_02.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200603-06 (tar)
File : nvt/glsa_200603_06.nasl
2008-09-04 Name : FreeBSD Ports: gtar
File : nvt/freebsd_gtar.nasl
2008-01-17 Name : Debian Security Advisory DSA 987-1 (tar)
File : nvt/deb_987_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
23371 GNU tar PAX Extended Headers Handling Overflow

A remote overflow exists in GNU Tar. GNU Tar fails to properly handle PAX extended headers resulting in a buffer overflow. With a specially crafted .tar archive, an attacker can cause arbitrary command execution when the victim lists the tar contents or extracts the archive.

Snort® IPS/IDS

Date Description
2014-11-16 GNU tar PAX extended headers handling overflow attempt
RuleID : 32089 - Revision : 2 - Type : FILE-OTHER
2014-11-16 GNU tar PAX extended headers handling overflow attempt
RuleID : 32088 - Revision : 3 - Type : FILE-OTHER
2014-11-16 GNU tar PAX extended headers handling overflow attempt
RuleID : 32087 - Revision : 3 - Type : FILE-OTHER
2014-01-10 GNU tar PAX extended headers handling overflow attempt
RuleID : 16053 - Revision : 10 - Type : FILE-OTHER

Nessus® Vulnerability Scanner

Date Description
2008-12-02 Name : The remote host is missing Sun Security Patch number 118191-05
File : solaris9_118191.nasl - Type : ACT_GATHER_INFO
2008-12-02 Name : The remote host is missing Sun Security Patch number 118192-05
File : solaris9_x86_118192.nasl - Type : ACT_GATHER_INFO
2008-09-08 Name : The remote host is missing Sun Security Patch number 139099-04
File : solaris10_139099.nasl - Type : ACT_GATHER_INFO
2008-09-08 Name : The remote host is missing Sun Security Patch number 139100-04
File : solaris10_x86_139100.nasl - Type : ACT_GATHER_INFO
2007-04-21 Name : The remote host is missing a Mac OS X update that fixes a security issue.
File : macosx_SecUpd2007-004.nasl - Type : ACT_GATHER_INFO
2007-03-13 Name : The remote host is missing a Mac OS X update which fixes a security issue.
File : macosx_10_4_9.nasl - Type : ACT_GATHER_INFO
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-987.nasl - Type : ACT_GATHER_INFO
2006-07-05 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2006-0232.nasl - Type : ACT_GATHER_INFO
2006-05-13 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_6107efb9aae311daaea1000854d03344.nasl - Type : ACT_GATHER_INFO
2006-03-13 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200603-06.nasl - Type : ACT_GATHER_INFO
2006-03-13 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-257-1.nasl - Type : ACT_GATHER_INFO
2006-03-06 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2006-0232.nasl - Type : ACT_GATHER_INFO
2006-02-22 Name : The remote Mandrake Linux host is missing a security update.
File : mandrake_MDKSA-2006-046.nasl - Type : ACT_GATHER_INFO