FreeBSD Security Advisory (FreeBSD-SA-07:10.gtar.asc) Network Vulnerability

Summary

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-07:10.gtar.asc

Solution

Upgrade your system to the appropriate stable release or security branch dated after the correction date https://secure1.securityspace.com/smysecure/catid.html?in=FreeBSD-SA-07:10.gtar.asc

Insight

GNU tar (gtar) is a utility to create and extract tape archives, commonly known as tar files. GNU tar is included in FreeBSD 5.x as /usr/bin/gtar. Insufficient sanity checking of paths containing '.' and '..' allows gtar to overwrite arbitrary files on the system.

Severity

Classification

CVE CVE-2007-4131

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

FreeBSD Ports: cgiwrap
FreeBSD Ports: bugzilla
django -- multiple vulnerabilities
FreeBSD Ports: bind96
FreeBSD Ports: cacti

Take action and discover your vulnerabilities