Test ID:	1.3.6.1.4.1.25623.1.0.57704
Category:	Slackware Local Security Checks
Title:	Slackware: Security Advisory (SSA:2006-335-01)
Summary:	The remote host is missing an update for the 'tar' package(s) announced via the SSA:2006-335-01 advisory.
Description:	Summary: The remote host is missing an update for the 'tar' package(s) announced via the SSA:2006-335-01 advisory. Vulnerability Insight: New tar packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and 11.0 to fix a security issue. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: [link moved to references] Here are the details from the Slackware 11.0 ChangeLog: +--------------------------+ patches/packages/tar-1.16-i486-1_slack11.0.tgz: Upgraded to tar-1.16. This fixes an issue where files may be extracted outside of the current directory, possibly allowing a malicious tar archive, when extracted, to overwrite any of the user's files (in the case of root, any file on the system). For more information, see: [link moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'tar' package(s) on Slackware 8.1, Slackware 9.0, Slackware 9.1, Slackware 10.0, Slackware 10.1, Slackware 10.2, Slackware 11.0. Solution: Please install the updated package(s). CVSS Score: 4.0 CVSS Vector: AV:N/AC:H/Au:N/C:N/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-6097 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html BugTraq ID: 21235 http://www.securityfocus.com/bid/21235 Bugtraq: 20061201 rPSA-2006-0222-1 tar (Google Search) http://www.securityfocus.com/archive/1/453286/100/0/threaded Bugtraq: 20070330 VMSA-2007-0002 VMware ESX security updates (Google Search) http://www.securityfocus.com/archive/1/464268/100/0/threaded Cert/CC Advisory: TA07-072A http://www.us-cert.gov/cas/techalerts/TA07-072A.html Debian Security Information: DSA-1223 (Google Search) http://www.debian.org/security/2006/dsa-1223 FreeBSD Security Advisory: FreeBSD-SA-06:26 http://security.freebsd.org/advisories/FreeBSD-SA-06:26.gtar.asc http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050812.html http://security.gentoo.org/glsa/glsa-200612-10.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:219 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=216937 http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.038.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10963 RedHat Security Advisories: RHSA-2006:0749 http://rhn.redhat.com/errata/RHSA-2006-0749.html http://securitytracker.com/id?1017423 http://secunia.com/advisories/23115 http://secunia.com/advisories/23117 http://secunia.com/advisories/23142 http://secunia.com/advisories/23146 http://secunia.com/advisories/23163 http://secunia.com/advisories/23173 http://secunia.com/advisories/23198 http://secunia.com/advisories/23209 http://secunia.com/advisories/23314 http://secunia.com/advisories/23443 http://secunia.com/advisories/23514 http://secunia.com/advisories/23911 http://secunia.com/advisories/24479 http://secunia.com/advisories/24636 SGI Security Advisory: 20061202-01-P ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.469379 http://securityreason.com/securityalert/1918 http://www.trustix.org/errata/2006/0068/ http://www.ubuntu.com/usn/usn-385-1 http://www.vupen.com/english/advisories/2006/4717 http://www.vupen.com/english/advisories/2006/5102 http://www.vupen.com/english/advisories/2007/0930 http://www.vupen.com/english/advisories/2007/1171
Copyright	Copyright (C) 2012 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.