Orange Business Services
Vigil@nce Vigil@nce Vigil@nce
we track for your security since 1999
 home presentation vulnerabilities documentation contact  
subscriber area subscriber area
free access free access
Vigil@nce team describes computer vulnerabilities impacting your systems, and offers solutions to correct them.
recent vulnerabilities recent vulnerabilities
tracked products tracked products
RSS feed RSS feed
vulnerability

vulnerability alert CVE-2010-0624

GNU tar, cpio: buffer overflow via rmt

Synthesis of the vulnerability

An attacker, owning a malicious rmt server, or inviting the victim to open a malicious file with GNU tar or cpio, can generate an overflow, leading to code execution.
Severity: 2/4.
Creation date: 10/03/2010.

Description of the vulnerability

The GNU tar and cpio archive management tools support the rmt (Remote Magnetic Tape) protocol. If the file name contains ':' (for example "site:b.tar"), tar automatically connects via rsh/ssh on the site to download the archive, using the rmt protocol.

The rmt_read__() function of the file lib/rtapelib.c reads the archive data via rmt. However, this function does not check the size announced by the rmt server. A malicious server can thus return large data, in order to generate a buffer overflow in tar or cpio.

An attacker, owning a malicious rmt server, or inviting the victim to open a malicious file with GNU tar or cpio, can therefore generate an overflow, leading to code execution.

Complete Vigil@nce bulletin

Access to the complete Vigil@nce bulletin

Characteristics

Title: GNU tar, cpio: buffer overflow via rmt.
Keywords: GNU Magnetic Remote Tape buffer cpio overflow rmt_read__.
Identifiers: BID-38628, CVE-2010-0624, FEDORA-2010-4267, FEDORA-2010-4274, FEDORA-2010-4302, FEDORA-2010-4306, FEDORA-2010-4309, FEDORA-2010-4321, MDVSA-2010:065, RHSA-2010:0141-01, RHSA-2010:0142-01, RHSA-2010:0143-01, RHSA-2010:0144-01, RHSA-2010:0145-01, SUSE-SR:2010:011, VIGILANCE-VUL-9511.

Information sources

Publications and announces

Solutions for this vulnerability

Patch or workaround

Computer vulnerabilities tracking service

The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
The Vigil@nce vulnerability database contains several thousand vulnerabilities.
This bulletin is published by the Vigil@nce team, which tracks computer vulnerabilities impacting systems and applications.
Security vulnerability alerts



















France Télécom Copyright 1999-2010 Vigil@nce. Vigil@nce is a service from Orange Business Services. Site map. Legal notice. Version française