Re: GNU Tar vulnerability

看板FB_security作者時間19年前 (2006/11/29 04:02), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串3/4 (看更多)
Josh Paetzel wrote: > On Tuesday 28 November 2006 11:17, Sergey Matveychuk wrote: >> Please, note: http://secunia.com/advisories/23115/ >> >> A port maintainer CC'ed. > > This is one of those things where the impact is hard to determine > because the link doesn't really give much info. Ok, you can > overwrite arbitrary files.....ANY file? Or just files that the user > running gtar has write access to? If it's the first case then that's > huge. If it's the second case then who really cares. > I'm sure it's the second case. I think it should care root mostly. But any users dislike too if there is a chance to lost their .login, .bashrc etc. An exploit is available on SecurityFocus. -- Dixi. Sem. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 sem. 的文章
文章代碼(AID): #15R9Mx00 (FB_security)
更多 sem. 的文章
文章代碼(AID): #15R9Mx00 (FB_security)