CVE-2006-0300
published 2006-02-24CVE-2006-0300: Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via…
PriorityP420medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EPSS
5.05%
91.2th percentile
Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | dpkg | < tar 1.15.1-3 (bookworm) | tar 1.15.1-3 (bookworm) |
| debian | tar | < tar 1.15.1-3 (bookworm) | tar 1.15.1-3 (bookworm) |
| gnu | tar | — | — |
| gnu | tar | — | — |
| gnu | tar | — | — |
| gnu | tar | — | — |
| gnu | tar | — | — |
| gnu | tar | >= 0 < 1.15.1-3 | 1.15.1-3 |
| gnu | tar | >= 0 < 1.15.1-3 | 1.15.1-3 |
| gnu | tar | >= 0 < 1.15.1-3 | 1.15.1-3 |
| gnu | tar | >= 0 < 1.15.1-3 | 1.15.1-3 |
CVSS provenance
nvdv2.05.1MEDIUMAV:N/AC:H/Au:N/C:P/I:P/A:P
osv5.1MEDIUM
vendor_debian5.1LOW
vendor_redhat5.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
tar vulnerability
vendor_ubuntu·2006-02-23
CVE-2006-0300 tar vulnerability
Title: tar vulnerability
Summary: tar vulnerability
Jim Meyering discovered that tar did not properly verify the validity
of certain header fields in a GNU tar archive. By tricking an user
into processing a specially crafted tar archive, this could be
exploited to execute arbitrary code with the privileges of the user.
The tar version in Ubuntu 4.10 is not affected by this vulnerability.
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2006-0300: dpkg - Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to ca...
vendor_debian·2006·CVSS 5.1
CVE-2006-0300 [MEDIUM] CVE-2006-0300: dpkg - Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to ca...
Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
Red Hat
security flaw
vendor_redhat·2005-06-17·CVSS 5.1
CVE-2006-0300 [MEDIUM] security flaw
security flaw
Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.
GHSA
GHSA-v2qx-rhmh-m93w: Buffer overflow in tar 1
ghsa_unreviewed·2022-05-01
CVE-2006-0300 [MEDIUM] GHSA-v2qx-rhmh-m93w: Buffer overflow in tar 1
Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.
OSV
CVE-2006-0300: Buffer overflow in tar 1
osv·2006-02-24·CVSS 5.1
CVE-2006-0300 [MEDIUM] CVE-2006-0300: Buffer overflow in tar 1
Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.
No detection rules found.
Exploit-DB
Apple iCal 3.0.1 - 'COUNT' Integer Overflow
exploitdb·2008-04-21
CVE-2008-2006 Apple iCal 3.0.1 - 'COUNT' Integer Overflow
Apple iCal 3.0.1 - 'COUNT' Integer Overflow
---
source: https://www.securityfocus.com/bid/28629/info
Apple iCal is prone to an integer-overflow vulnerability because it fails to ensure that integer values aren't overrun.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
This issue affects iCal 3.0.1 running on Mac OS X 10.5.1; previous versions may also be affected.
BEGIN:VCALENDAR
X-WR-TIMEZONE:America/Buenos_Aires
PRODID:-//Apple Inc.//iCal 3.0//EN
CALSCALE:GREGORIAN
X-WR-CALNAME: Vulnerable
VERSION:2.0
X-WR-RELCALID:10DE4203-4FA5-4E23-AE4D-9DAE3157C9E5
METHOD:PUBLISH
BEGIN:VTIMEZONE
TZID:America/Buenos_Aires
BEGIN:DAYLIGHT
TZOFFSETFROM:-0300
TZOFFSETTO:-
Exploit-DB
Apple iCal 3.0.1 - 'TRIGGER' Denial of Service
exploitdb·2008-04-21
CVE-2008-2006 Apple iCal 3.0.1 - 'TRIGGER' Denial of Service
Apple iCal 3.0.1 - 'TRIGGER' Denial of Service
---
source: https://www.securityfocus.com/bid/28632/info
Apple iCal is prone to a denial-of-service vulnerability because it fails to handle specially crafted files.
An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
This issue affects iCal 3.0.1 running on Mac OS X 10.5.1; previous versions may also be affected.
BEGIN:VCALENDAR
X-WR-CALNAME:Fake event
PRODID:-//Apple Inc.//iCal 3.0//EN
CALSCALE:GREGORIAN
VERSION:2.0
METHOD:PUBLISH
BEGIN:VTIMEZONE
TZID:America/Buenos_Aires
BEGIN:DAYLIGHT
TZOFFSETFROM:-0300
TZOFFSETTO:-0300
DTSTART:19991003T000000
RDATE:19991003T000000
TZNAME:ARST
END:DAYLIGHT
BEGIN:STANDARD
TZOFFSETFROM:-0300
TZOFFSETTO:-0300
DTSTART:20000303T000000
RDATE:20000303T0
Bugzilla
CVE-2006-0300 security flaw
bugzilla·2018-08-16·CVSS 5.1
CVE-2006-0300 [MEDIUM] CVE-2006-0300 security flaw
CVE-2006-0300 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.
Bugzilla
Multiple tar issues (CVE-2005-1918, CVE-2006-0300)
bugzilla·2006-03-02·CVSS 5.0
CVE-2005-1918 [MEDIUM] Multiple tar issues (CVE-2005-1918, CVE-2006-0300)
Multiple tar issues (CVE-2005-1918, CVE-2006-0300)
There are two separate issues that affect different subsets of our products.
I. RHL 7.3, RHL 9, FC1 & FC2: tar archive path traversal issue
CVE-2005-1918: "The original patch for a GNU tar directory traversal
vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses
an 'incorrect optimization' that allows user-complicit attackers to over-
write arbitrary files via a crafted tar file, probably involving '/../'
sequences with a leading '/'."
This vulnerability appears to only affect tar-1.13.25 releases, which
these four distros use.
Red Hat issued RHSA-2006:0195-01 for RHEL 2.1 and RHEL 3:
"In 2002, a path traversal flaw was found in the way GNU tar extracted
archives. A malicious user could create a tar archive that cou
Bugzilla
CVE-2006-0300 GNU tar heap overlfow bug
bugzilla·2006-02-16·CVSS 5.1
CVE-2006-0300 [MEDIUM] CVE-2006-0300 GNU tar heap overlfow bug
CVE-2006-0300 GNU tar heap overlfow bug
Jim Meyering discovered and silently fixed a buffer overflow bug in GNU
tar. It looks exploitable. There is a public mail message about it here:
http://lists.gnu.org/archive/html/bug-tar/2005-06/msg00029.html
My limited testing has shown this issue to only affect tar versions 1.14
and above.
Upstream has asked we not announce this issue until they release an update.
Discussion:
Created attachment 124746
Patch extracted from upstream CVS
---
Created attachment 124747
Testcase generator from Jim
---
(In reply to comment #6)
> Peter, Can you create a RHTS test for this issue.
done.
---
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For
Bugzilla
CVE-2006-0300 GNU tar heap overlfow bug
bugzilla·2006-02-16·CVSS 5.1
CVE-2006-0300 [MEDIUM] CVE-2006-0300 GNU tar heap overlfow bug
CVE-2006-0300 GNU tar heap overlfow bug
+++ This bug was initially created as a clone of Bug #181772 +++
Jim Meyering discovered and silently fixed a buffer overflow bug in GNU
tar. It looks exploitable. There is a public mail message about it here:
http://lists.gnu.org/archive/html/bug-tar/2005-06/msg00029.html
My limited testing has shown this issue to only affect tar versions 1.14
and above.
Upstream has asked we not announce this issue until they release an update.
-- Additional comment from [email protected] on 2006-02-16 09:11 EST --
Created an attachment (id=124746)
Patch extracted from upstream CVS
-- Additional comment from [email protected] on 2006-02-16 09:13 EST --
Created an attachment (id=124747)
Testcase generator from Jim
Discussion:
*** Bug 182404 has been mar
http://docs.info.apple.com/article.html?artnum=305214http://docs.info.apple.com/article.html?artnum=305391http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2007/Mar/msg00002.htmlhttp://lists.gnu.org/archive/html/bug-tar/2006-02/msg00051.htmlhttp://secunia.com/advisories/18973http://secunia.com/advisories/18976http://secunia.com/advisories/18999http://secunia.com/advisories/19016http://secunia.com/advisories/19093http://secunia.com/advisories/19130http://secunia.com/advisories/19152http://secunia.com/advisories/19236http://secunia.com/advisories/20042http://secunia.com/advisories/24479http://secunia.com/advisories/24966http://securityreason.com/securityalert/480http://securityreason.com/securityalert/543http://securitytracker.com/id?1015705http://sunsolve.sun.com/search/document.do?assetkey=1-26-241646-1http://www.debian.org/security/2006/dsa-987http://www.gentoo.org/security/en/glsa/glsa-200603-06.xmlhttp://www.novell.com/linux/security/advisories/2006_05_sr.htmlhttp://www.openpkg.org/security/OpenPKG-SA-2006.006-tar.htmlhttp://www.osvdb.org/23371http://www.redhat.com/support/errata/RHSA-2006-0232.htmlhttp://www.securityfocus.com/archive/1/430299/100/0/threadedhttp://www.securityfocus.com/bid/16764http://www.trustix.org/errata/2006/0010http://www.us-cert.gov/cas/techalerts/TA07-072A.htmlhttp://www.us-cert.gov/cas/techalerts/TA07-109A.htmlhttp://www.vupen.com/english/advisories/2006/0684http://www.vupen.com/english/advisories/2007/0930http://www.vupen.com/english/advisories/2007/1470http://www.vupen.com/english/advisories/2008/2518http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:046https://exchange.xforce.ibmcloud.com/vulnerabilities/24855https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5252https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5978https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5993https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6094https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9295https://usn.ubuntu.com/257-1/http://docs.info.apple.com/article.html?artnum=305214http://docs.info.apple.com/article.html?artnum=305391http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2007/Mar/msg00002.htmlhttp://lists.gnu.org/archive/html/bug-tar/2006-02/msg00051.htmlhttp://secunia.com/advisories/18973http://secunia.com/advisories/18976http://secunia.com/advisories/18999http://secunia.com/advisories/19016http://secunia.com/advisories/19093http://secunia.com/advisories/19130http://secunia.com/advisories/19152http://secunia.com/advisories/19236http://secunia.com/advisories/20042http://secunia.com/advisories/24479http://secunia.com/advisories/24966http://securityreason.com/securityalert/480http://securityreason.com/securityalert/543http://securitytracker.com/id?1015705http://sunsolve.sun.com/search/document.do?assetkey=1-26-241646-1http://www.debian.org/security/2006/dsa-987http://www.gentoo.org/security/en/glsa/glsa-200603-06.xmlhttp://www.novell.com/linux/security/advisories/2006_05_sr.htmlhttp://www.openpkg.org/security/OpenPKG-SA-2006.006-tar.htmlhttp://www.osvdb.org/23371http://www.redhat.com/support/errata/RHSA-2006-0232.htmlhttp://www.securityfocus.com/archive/1/430299/100/0/threadedhttp://www.securityfocus.com/bid/16764http://www.trustix.org/errata/2006/0010http://www.us-cert.gov/cas/techalerts/TA07-072A.htmlhttp://www.us-cert.gov/cas/techalerts/TA07-109A.htmlhttp://www.vupen.com/english/advisories/2006/0684http://www.vupen.com/english/advisories/2007/0930http://www.vupen.com/english/advisories/2007/1470http://www.vupen.com/english/advisories/2008/2518http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:046https://exchange.xforce.ibmcloud.com/vulnerabilities/24855https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5252https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5978https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5993https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6094https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9295https://usn.ubuntu.com/257-1/
2006-02-24
Published