Ubuntu USN-709-1 (tar) Network Vulnerability

Summary

The remote host is missing an update to tar announced via advisory USN-709-1.

Solution

The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: tar 1.15.1-2ubuntu2.3 Ubuntu 7.10: tar 1.18-2ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. https://secure1.securityspace.com/smysecure/catid.html?in=USN-709-1

Insight

Dmitry V. Levin discovered a buffer overflow in tar. If a user or automated system were tricked into opening a specially crafted tar file, an attacker could crash tar or possibly execute arbitrary code with the privileges of the user invoking the program.

Severity

Classification

CVE CVE-2007-4476
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Ubuntu Update for cvs USN-1371-1
Ubuntu Update for cupsys vulnerabilities USN-598-1
Ubuntu Update for apturl, Epiphany, gecko-sharp, gnome-python-extras, liferea, rhythmbox, totem, ubufox, yelp update USN-930-2
Ubuntu Update for Firefox 3.5 and Xulrunner vulnerabilities USN-921-1
Ubuntu Update for exim4 USN-1135-1

Take action and discover your vulnerabilities