CVE-2006-0300

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.

References

http://docs.info.apple.com/article.html?artnum=305214

http://docs.info.apple.com/article.html?artnum=305391

http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html

http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html

http://lists.gnu.org/archive/html/bug-tar/2006-02/msg00051.html

http://secunia.com/advisories/18973

http://secunia.com/advisories/18976

http://secunia.com/advisories/18999

http://secunia.com/advisories/19016

http://secunia.com/advisories/19093

http://secunia.com/advisories/19130

http://secunia.com/advisories/19152

http://secunia.com/advisories/19236

http://secunia.com/advisories/20042

http://secunia.com/advisories/24479

http://secunia.com/advisories/24966

http://securityreason.com/securityalert/480

http://securityreason.com/securityalert/543

http://securitytracker.com/id?1015705

http://sunsolve.sun.com/search/document.do?assetkey=1-26-241646-1

http://www.debian.org/security/2006/dsa-987

http://www.gentoo.org/security/en/glsa/glsa-200603-06.xml

http://www.novell.com/linux/security/advisories/2006_05_sr.html

http://www.openpkg.org/security/OpenPKG-SA-2006.006-tar.html

http://www.osvdb.org/23371

http://www.redhat.com/support/errata/RHSA-2006-0232.html

http://www.securityfocus.com/archive/1/430299/100/0/threaded

http://www.securityfocus.com/bid/16764

http://www.trustix.org/errata/2006/0010

http://www.us-cert.gov/cas/techalerts/TA07-072A.html

http://www.us-cert.gov/cas/techalerts/TA07-109A.html

http://www.vupen.com/english/advisories/2006/0684

http://www.vupen.com/english/advisories/2007/0930

http://www.vupen.com/english/advisories/2007/1470

http://www.vupen.com/english/advisories/2008/2518

http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:046

https://exchange.xforce.ibmcloud.com/vulnerabilities/24855

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5252

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5978

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5993

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6094

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9295

https://usn.ubuntu.com/257-1/

Details

Source: MITRE

Published: 2006-02-24

Updated: 2018-10-19

Risk Information

CVSS v2

Base Score: 5.1

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 4.9

Severity: MEDIUM

Tenable Plugins

View all (21 total)

IDNameProductFamilySeverity
127428NewStart CGSL MAIN 4.05 : tar Multiple Vulnerabilities (NS-SA-2019-0153)NessusNewStart CGSL Local Security Checks
high
127307NewStart CGSL MAIN 4.06 : tar Multiple Vulnerabilities (NS-SA-2019-0089)NessusNewStart CGSL Local Security Checks
high
111125Solaris 10 (x86) : 139100-07NessusSolaris Local Security Checks
medium
111115Solaris 10 (sparc) : 139099-07NessusSolaris Local Security Checks
medium
108007Solaris 10 (x86) : 139100-04NessusSolaris Local Security Checks
medium
107509Solaris 10 (sparc) : 139099-04NessusSolaris Local Security Checks
medium
35001Solaris 9 (x86) : 118192-05NessusSolaris Local Security Checks
medium
34997Solaris 9 (sparc) : 118191-05NessusSolaris Local Security Checks
medium
34107Solaris 10 (x86) : 139100-04 (deprecated)NessusSolaris Local Security Checks
medium
34106Solaris 10 (sparc) : 139099-04 (deprecated)NessusSolaris Local Security Checks
medium
25081Mac OS X Multiple Vulnerabilities (Security Update 2007-004)NessusMacOS X Local Security Checks
critical
3947Mac OS X < 10.4.9 Multiple Vulnerabilities (Security Update 2007-003)Nessus Network MonitorWeb Clients
high
3947Mac OS X < 10.4.9 Multiple Vulnerabilities (Security Update 2007-003)Nessus Network MonitorWeb Clients
high
24811Mac OS X < 10.4.9 Multiple Vulnerabilities (Security Update 2007-003)NessusMacOS X Local Security Checks
critical
22853Debian DSA-987-1 : tar - buffer overflowNessusDebian Local Security Checks
medium
21988CentOS 4 : tar (CESA-2006:0232)NessusCentOS Local Security Checks
medium
21437FreeBSD : gtar -- invalid headers buffer overflow (6107efb9-aae3-11da-aea1-000854d03344)NessusFreeBSD Local Security Checks
medium
21065Ubuntu 5.04 / 5.10 : tar vulnerability (USN-257-1)NessusUbuntu Local Security Checks
medium
21044GLSA-200603-06 : GNU tar: Buffer overflowNessusGentoo Local Security Checks
medium
21005RHEL 4 : tar (RHSA-2006:0232)NessusRed Hat Local Security Checks
medium
20964Mandrake Linux Security Advisory : tar (MDKSA-2006:046)NessusMandriva Local Security Checks
medium