From owner-freebsd-security@FreeBSD.ORG Tue Nov 28 19:33:55 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D7DC416A5A9; Tue, 28 Nov 2006 19:33:55 +0000 (UTC) (envelope-from josh@tcbug.org) Received: from rwcrmhc13.comcast.net (rwcrmhc13.comcast.net [216.148.227.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id A2EE843CEF; Tue, 28 Nov 2006 19:33:48 +0000 (GMT) (envelope-from josh@tcbug.org) Received: from gimpy (c-24-118-173-219.hsd1.mn.comcast.net[24.118.173.219]) by comcast.net (rwcrmhc13) with ESMTP id <20061128193351m1300bp62fe>; Tue, 28 Nov 2006 19:33:52 +0000 From: Josh Paetzel To: freebsd-security@freebsd.org Date: Tue, 28 Nov 2006 13:33:32 -0600 User-Agent: KMail/1.9.4 References: <456C6F30.2090904@FreeBSD.org> In-Reply-To: <456C6F30.2090904@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200611281333.32259.josh@tcbug.org> Cc: Sergey Matveychuk Subject: Re: GNU Tar vulnerability X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Nov 2006 19:33:56 -0000 On Tuesday 28 November 2006 11:17, Sergey Matveychuk wrote: > Please, note: http://secunia.com/advisories/23115/ > > A port maintainer CC'ed. This is one of those things where the impact is hard to determine because the link doesn't really give much info. Ok, you can overwrite arbitrary files.....ANY file? Or just files that the user running gtar has write access to? If it's the first case then that's huge. If it's the second case then who really cares. -- Thanks, Josh Paetzel