Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:STC:DL:GNU-TAR-PAX-BOF |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
GNU Tar PAX Extended Headers Handling Buffer Overflow |
Release Date |
2011/06/30 |
Update Number |
1948 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: GNU Tar PAX Extended Headers Handling Buffer Overflow
This signature detects attempts to exploit a known vulnerability in GNU Tar archive utility. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.
Extended Description
GNU Tar is prone to a buffer overflow when handling invalid headers. Successful exploitation could potentially lead to arbitrary code execution, but this has not been confirmed. Tar 1.14 through 1.15.90 are affected; other versions may also be vulnerable.
Affected Products
- Apple mac_os_x 10.4.0
- Apple mac_os_x 10.4.1
- Apple mac_os_x 10.4.2
- Apple mac_os_x 10.4.3
- Apple mac_os_x 10.4.4
- Apple mac_os_x 10.4.5
- Apple mac_os_x 10.4.6
- Apple mac_os_x 10.4.7
- Apple mac_os_x 10.4.8
- Apple mac_os_x 10.4.9
- Apple mac_os_x_server 10.4.0
- Apple mac_os_x_server 10.4.1
- Apple mac_os_x_server 10.4.2
- Apple mac_os_x_server 10.4.3
- Apple mac_os_x_server 10.4.4
- Apple mac_os_x_server 10.4.5
- Apple mac_os_x_server 10.4.6
- Apple mac_os_x_server 10.4.7
- Apple mac_os_x_server 10.4.8
- Apple mac_os_x_server 10.4.9
- Avaya interactive_response 2.0
- Avaya interactive_response 3.0
- Avaya s8300 R2.0.0
- Avaya s8300 R2.0.1
- Avaya s8500 R2.0.0
- Avaya s8500 R2.0.1
- Avaya s8700 R2.0.0
- Avaya s8700 R2.0.1
- Avaya s8710 R2.0.0
- Avaya s8710 R2.0.1
- Debian linux 3.1.0
- Debian linux 3.1.0 Alpha
- Debian linux 3.1.0 Amd64
- Debian linux 3.1.0 Arm
- Debian linux 3.1.0 Hppa
- Debian linux 3.1.0 Ia-32
- Debian linux 3.1.0 Ia-64
- Debian linux 3.1.0 M68k
- Debian linux 3.1.0 Mips
- Debian linux 3.1.0 Mipsel
- Debian linux 3.1.0 Ppc
- Debian linux 3.1.0 S/390
- Debian linux 3.1.0 Sparc
- Gentoo linux
- Gnu tar 1.14
- Gnu tar 1.14.90
- Gnu tar 1.15
- Gnu tar 1.15.1
- Gnu tar 1.15.90
- Openpkg openpkg 2.3.0
- Openpkg openpkg 2.4.0
- Openpkg openpkg 2.5.0
- Openpkg openpkg Current
- Red_hat desktop 4.0.0
- Red_hat enterprise_linux_as 4
- Red_hat enterprise_linux_es 4
- Red_hat enterprise_linux_ws 4
- Red_hat fedora Core1
- Red_hat fedora Core2
- Red_hat fedora Core3
- Red_hat linux 7.3.0 I386
- Red_hat linux 9.0.0 I386
- Sun opensolaris Build Snv 01
- Sun opensolaris Build Snv 02
- Sun opensolaris Build Snv 13
- Sun opensolaris Build Snv 19
- Sun opensolaris Build Snv 22
- Sun opensolaris Build Snv 36
- Sun opensolaris Build Snv 39
- Sun opensolaris Build Snv 59
- Sun opensolaris Build Snv 64
- Sun opensolaris Build Snv 67
- Sun opensolaris Build Snv 68
- Sun opensolaris Build Snv 80
- Sun solaris 10 Sparc
- Sun solaris 10 X86
- Sun solaris 9 Sparc
- Sun solaris 9 X86
- Suse linux_personal 10.0.0 OSS
- Suse linux_personal 9.3.0
- Suse linux_personal 9.3.0 X86 64
- Suse linux_professional 10.0.0 OSS
- Suse linux_professional 9.3.0
- Suse linux_professional 9.3.0 X86 64
- Trustix secure_enterprise_linux 2.0.0
- Trustix secure_linux 2.2.0
- Trustix secure_linux 3.0.0
- Ubuntu ubuntu_linux 5.0.0 4 Amd64
- Ubuntu ubuntu_linux 5.0.0 4 I386
- Ubuntu ubuntu_linux 5.0.0 4 Powerpc
- Ubuntu ubuntu_linux 5.10.0 Amd64
- Ubuntu ubuntu_linux 5.10.0 I386
- Ubuntu ubuntu_linux 5.10.0 Powerpc
References
- BugTraq: 16764
- CVE: CVE-2006-0300