FreeBSD : gtar -- GNUTYPE_NAMES directory traversal vulnerability (3dd7eb58-80ae-11db-b4ec-000854d03344)
Medium Nessus Plugin ID 23759
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionTeemu Salmela reports :
There is a tar record type, called GNUTYPE_NAMES (an obsolete GNU extension), that allows the creation of symbolic links pointing to arbitrary locations in the filesystem, which makes it possible to create/overwrite arbitrary files.
SolutionUpdate the affected package.