CVE-2006-6097

Impact:
Moderate
Public Date:
2006-11-21
Bugzilla:
1618237: CVE-2006-6097 security flaw

The MITRE CVE dictionary describes this issue as:

GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216.

Find out more about CVE-2006-6097 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 3 (tar) RHSA-2006:0749 2006-12-19
Red Hat Enterprise Linux 4 (tar) RHSA-2006:0749 2006-12-19
Red Hat Enterprise Linux 2.1 (tar) RHSA-2006:0749 2006-12-19

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.