[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 780/06 - Ubuntu Security Notice: USN-385-1 - tar vulnerability



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

 UNIRAS (UK Government CERT) Briefing - 780/06 dated 28.11.06 time 13:30
 UNIRAS is part of NISCC (the UK National Infrastructure Security
 Co-ordination Centre)
______________________________________________________________________________

 UNIRAS material is available from the NISCC website at www.niscc.gov.uk
______________________________________________________________________________

Title
=====

Ubuntu Security Notice: USN-385-1 - tar vulnerability

Detail
======

Teemu Salmela discovered that tar still handled the deprecated 
GNUTYPE_NAMES record type.  This record type could be used to create 
symlinks that would be followed while unpacking a tar archive.  If a 
user or an automated system were tricked into unpacking a specially 
crafted tar file, arbitrary files could be overwritten with user 
privileges.



=========================================================== 
Ubuntu Security Notice USN-385-1          November 27, 2006
tar vulnerability
CVE-2006-6097
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  tar                                      1.15.1-2ubuntu0.2

Ubuntu 6.06 LTS:
  tar                                      1.15.1-2ubuntu2.1

Ubuntu 6.10:
  tar                                      1.15.91-2ubuntu0.3

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Teemu Salmela discovered that tar still handled the deprecated 
GNUTYPE_NAMES record type.  This record type could be used to create 
symlinks that would be followed while unpacking a tar archive.  If a 
user or an automated system were tricked into unpacking a specially 
crafted tar file, arbitrary files could be overwritten with user 
privileges.


Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu0.2.diff.gz
      Size/MD5:    29654 155f4628f9fef19aa20e3927a857fd0d
    http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu0.2.dsc
      Size/MD5:      574 22006def60be25510613a955ca7e90d2
    http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1.orig.tar.gz
      Size/MD5:  2204322 d87021366fe6488e9dc398fcdcb6ed7d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu0.2_amd64.deb
      Size/MD5:   531932 d507bfc76276c9cc43ebf56f9d69038a

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu0.2_i386.deb
      Size/MD5:   519858 ed19ee38f074d841366737e880a5c626

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu0.2_powerpc.deb
      Size/MD5:   533886 5d0d477d0bbe5589f5a3181144099c92

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu0.2_sparc.deb
      Size/MD5:   525056 1fa9aa25fbbc81c4fcf767c28b4eb991

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu2.1.diff.gz
      Size/MD5:    30078 32b5ca833a90aa5bcbc3941a07dbf81a
    http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu2.1.dsc
      Size/MD5:      574 c68c40e5d79b9afd13626694b0bcb2d4
    http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1.orig.tar.gz
      Size/MD5:  2204322 d87021366fe6488e9dc398fcdcb6ed7d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu2.1_amd64.deb
      Size/MD5:   532022 ddcb1e2e8770645f683b462b095ff851

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu2.1_i386.deb
      Size/MD5:   519384 be7fa1ac67587e1ef574ed457e967454

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu2.1_powerpc.deb
      Size/MD5:   533876 4b9404feef3aaaf23cf28abd1432517b

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.1-2ubuntu2.1_sparc.deb
      Size/MD5:   523654 1164fe3b20e4f530df21258907f3cd9d

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.91-2ubuntu0.3.diff.gz
      Size/MD5:    16849 1776a8a649f3fec68c6990accd5f47c8
    http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.91-2ubuntu0.3.dsc
      Size/MD5:      596 58f9bea1622976afa48a7eb61e8945e8
    http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.91.orig.tar.gz
      Size/MD5:  2016367 e2338a16b0464ec03826e000dae990a0

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.91-2ubuntu0.3_amd64.deb
      Size/MD5:   361636 9580b1e23dc58caf6af9543dbe045dca

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.91-2ubuntu0.3_i386.deb
      Size/MD5:   346396 4bb2868d5fc2855a8242c6c89c7afb12

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.91-2ubuntu0.3_powerpc.deb
      Size/MD5:   365486 79ddf1293d8e759fd96fee0c612d6000

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/t/tar/tar_1.15.91-2ubuntu0.3_sparc.deb
      Size/MD5:   348136 ffdb48742e8bc415682f18d6c74f70c2



______________________________________________________________________________

NISCC values your feedback.

1. Which of the following most reflects the value of the briefing to you?
(Place an 'X' next to your choice)

Very useful:__ Useful:__ Not useful:__ 

2. If you did not find it useful, why not?


3. Any other comments? How could we improve our briefings?


Thank you for your contribution.
______________________________________________________________________________

For additional information or assistance, please contact our help desk
by telephone.  You may send Not Protectively Marked information via
e-mail to uniras@xxxxxxxxxxxxx

Office hours:

Mon - Fri: 08:30 - 17:00 hours
Tel: +44 (0) 870 487 0748 and follow the voice prompts
Fax: +44 (0) 870 487 0749

On-call duty officer outside office hours:
Tel: +44 (0) 870 487 0748 and follow the voice prompts

______________________________________________________________________________

UNIRAS wishes to acknowledge the contributions of Ubuntu for the
information contained in this briefing.
______________________________________________________________________________

This notice contains information released by the original author.
Some of the information may have changed since it was released. If the
vulnerability affects you, it may be prudent to retrieve the advisory
from the site of the original source to ensure that you receive the most
current information concerning that problem.

Reference to any specific commercial product, process, or service by
trade name, trademark manufacturer, or otherwise, does not constitute or
imply its endorsement, recommendation, or favouring by UNIRAS or NISCC.
The views and opinions of authors expressed within this notice shall not
be used for advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors
or omissions contained within this briefing notice. In particular, they
shall not be liable for any loss or damage whatsoever, arising from or
in connection with the usage of information contained within this
notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams
(FIRST) and has contacts with other international Incident Response
Teams (IRTs) in order to foster cooperation and coordination in incident
prevention, to prompt rapid reaction to incidents, and to promote
information sharing amongst its members and the community at large.
______________________________________________________________________________

<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBRWw5j2l7oeQsXfKvEQJieQCgjtR/zojenWRzwV4nXqmCwjM7amYAoLjo
6PdG8Brb8tA+ylbbCPI9WsGc
=/DF7
-----END PGP SIGNATURE-----


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________