diff options
author | Christian Weisgerber <naddy@FreeBSD.org> | 2006-11-30 20:33:54 +0000 |
---|---|---|
committer | Christian Weisgerber <naddy@FreeBSD.org> | 2006-11-30 20:33:54 +0000 |
commit | 8ba6afd880c3bb7a23dc58c4e7952ebd54248aaf (patch) | |
tree | 9d55e939105f65034366f7cbba57dbaeda0dfa0b /security/vuxml/vuln.xml | |
parent | 7680f28ec53accf87d5b3c180b4df594dcdb0864 (diff) | |
download | ports-8ba6afd880c3bb7a23dc58c4e7952ebd54248aaf.tar.gz ports-8ba6afd880c3bb7a23dc58c4e7952ebd54248aaf.zip |
Notes
Diffstat (limited to 'security/vuxml/vuln.xml')
-rw-r--r-- | security/vuxml/vuln.xml | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 2d69f92f61ff..a54836a54f2b 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,37 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="3dd7eb58-80ae-11db-b4ec-000854d03344"> + <topic>gtar -- GNUTYPE_NAMES directory traversal vulnerability</topic> + <affects> + <package> + <name>gtar</name> + <range><lt>1.16_2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Teemu Salmela reports:</p> + <blockquote cite="http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0344.html"> + <p>There is a tar record type, called GNUTYPE_NAMES (an + obsolete GNU extension), that allows the creation of + symbolic links pointing to arbitrary locations in the + filesystem, which makes it possible to create/overwrite + arbitrary files.</p> + </blockquote> + </body> + </description> + <references> + <bid>21235</bid> + <cvename>CVE-2006-6097</cvename> + <url>http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0344.html</url> + </references> + <dates> + <discovery>2006-11-21</discovery> + <entry>2006-11-30</entry> + </dates> + </vuln> + <vuln vid="a8af7d70-8007-11db-b280-0008743bf21a"> <topic>kronolith -- arbitrary local file inclusion vulnerability</topic> <affects> |