Computer Security
[EN] securityvulns.ru no-pyccku


GNU tar / cpio buffer overflow
Published:11.03.2010
Source:
SecurityVulns ID:10681
Type:client
Threat Level:
5/10
Description:Buffer overflow in rmt code implementation
Affected:SYMANTEC : Symantec Mail Security for Domino 7.5
 GNU : tar 1.23
 GNU : cpio 2.11
 SYMANTEC : Symantec Mail Security for Domino 8.0
 SYMANTEC : Symantec Mail Security for Microsoft Exchange 6.0
CVE:CVE-2010-0624 (Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character.)
Original documentdocumentJakob Lell, CVE-2010-0624: Heap-based buffer overflow in GNU Tar and GNU Cpio (11.03.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod