Test ID:	1.3.6.1.4.1.25623.1.0.56339
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-257-1 (tar)
Summary:	Ubuntu USN-257-1 (tar)
Description:	The remote host is missing an update to tar announced via advisory USN-257-1. A security issue affects the following Ubuntu releases: Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: tar Jim Meyering discovered that tar did not properly verify the validity of certain header fields in a GNU tar archive. By tricking an user into processing a specially crafted tar archive, this could be exploited to execute arbitrary code with the privileges of the user. The tar version in Ubuntu 4.10 is not affected by this vulnerability. Solution: The problem can be corrected by upgrading the affected package to version 1.14-2ubuntu0.1 (for Ubuntu 5.04), or 1.15.1-2ubuntu0.1 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-257-1 Risk factor : High
Cross-Ref:	BugTraq ID: 16764 Common Vulnerability Exposure (CVE) ID: CVE-2006-0300 http://lists.gnu.org/archive/html/bug-tar/2006-02/msg00051.html http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html Debian Security Information: DSA-987 (Google Search) http://www.debian.org/security/2006/dsa-987 http://www.securityfocus.com/archive/1/archive/1/430299/100/0/threaded http://www.gentoo.org/security/en/glsa/glsa-200603-06.xml http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:046 http://www.openpkg.org/security/OpenPKG-SA-2006.006-tar.html http://www.redhat.com/support/errata/RHSA-2006-0232.html http://sunsolve.sun.com/search/document.do?assetkey=1-26-241646-1 SuSE Security Announcement: SUSE-SR:2006:005 (Google Search) http://www.novell.com/linux/security/advisories/2006_05_sr.html http://www.trustix.org/errata/2006/0010 http://www.ubuntulinux.org/support/documentation/usn/usn-257-1 Cert/CC Advisory: TA07-072A http://www.us-cert.gov/cas/techalerts/TA07-072A.html Cert/CC Advisory: TA07-109A http://www.us-cert.gov/cas/techalerts/TA07-109A.html http://www.securityfocus.com/bid/16764 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5252 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5978 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5993 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6094 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9295 http://www.vupen.com/english/advisories/2006/0684 http://www.vupen.com/english/advisories/2007/0930 http://www.vupen.com/english/advisories/2007/1470 http://www.vupen.com/english/advisories/2008/2518 http://www.osvdb.org/23371 http://securitytracker.com/id?1015705 http://secunia.com/advisories/18976 http://secunia.com/advisories/18973 http://secunia.com/advisories/18999 http://secunia.com/advisories/19093 http://secunia.com/advisories/19130 http://secunia.com/advisories/19152 http://secunia.com/advisories/19236 http://secunia.com/advisories/19016 http://secunia.com/advisories/20042 http://secunia.com/advisories/24479 http://secunia.com/advisories/24966 http://securityreason.com/securityalert/480 http://securityreason.com/securityalert/543 XForce ISS Database: gnu-tar-pax-headers-bo(24855) http://xforce.iss.net/xforce/xfdb/24855
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: