[mdlug] Fwd: tar advisory
God of Lemmings
god_of_lemmings at usol.com
Fri Aug 24 19:08:20 EDT 2007
look here.
http://www.securityfocus.com/bid/25417
Begin forwarded message:
> From: "Carl T. Miller" <millerc at cantonpl.org>
> Date: August 24, 2007 9:09:39 AM EST
> To: "MDLUG List" <mdlug at mdlug.org>
> Subject: [mdlug] tar advisory
> Reply-To: "MDLUG's Main discussion list" <mdlug at mdlug.org>
>
> Does anyone know more about the newly discover problem with
> tar? I just read the description from Red Hat for the new
> version of tar, and it said someone could craft a tar archive
> to extract files to an arbitrary location with the permissions
> of the user.
>
> Near as I know nobody is exploiting this. But it would be
> good to make sure you have the latest version of tar on your
> hosts. And if you're running an unsupported version of Linux,
> don't extract unknown tarballs as root. Extract them first as
> a user, then take a look at them.
>
> c
>
>
> _______________________________________________
> mdlug mailing list
> mdlug at mdlug.org
> http://mdlug.org/mailman/listinfo/mdlug
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 1273 bytes
Desc: not available
URL: <http://mdlug.org/pipermail/mdlug/attachments/20070824/39a2d81e/attachment-0001.bin>
More information about the mdlug
mailing list