Test ID:	1.3.6.1.4.1.25623.1.0.56339
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-257-1 (tar)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to tar announced via advisory USN-257-1. A security issue affects the following Ubuntu releases: Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: tar Jim Meyering discovered that tar did not properly verify the validity of certain header fields in a GNU tar archive. By tricking an user into processing a specially crafted tar archive, this could be exploited to execute arbitrary code with the privileges of the user. The tar version in Ubuntu 4.10 is not affected by this vulnerability. Solution: The problem can be corrected by upgrading the affected package to version 1.14-2ubuntu0.1 (for Ubuntu 5.04), or 1.15.1-2ubuntu0.1 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes. https://secure1.securityspace.com/smysecure/catid.html?in=USN-257-1 Risk factor : High CVSS Score: 5.1
Cross-Ref:	BugTraq ID: 16764 Common Vulnerability Exposure (CVE) ID: CVE-2006-0300 1015705 http://securitytracker.com/id?1015705 16764 http://www.securityfocus.com/bid/16764 18973 http://secunia.com/advisories/18973 18976 http://secunia.com/advisories/18976 18999 http://secunia.com/advisories/18999 19016 http://secunia.com/advisories/19016 19093 http://secunia.com/advisories/19093 19130 http://secunia.com/advisories/19130 19152 http://secunia.com/advisories/19152 19236 http://secunia.com/advisories/19236 20042 http://secunia.com/advisories/20042 2006-0010 http://www.trustix.org/errata/2006/0010 23371 http://www.osvdb.org/23371 241646 http://sunsolve.sun.com/search/document.do?assetkey=1-26-241646-1 24479 http://secunia.com/advisories/24479 24966 http://secunia.com/advisories/24966 480 http://securityreason.com/securityalert/480 543 http://securityreason.com/securityalert/543 ADV-2006-0684 http://www.vupen.com/english/advisories/2006/0684 ADV-2007-0930 http://www.vupen.com/english/advisories/2007/0930 ADV-2007-1470 http://www.vupen.com/english/advisories/2007/1470 ADV-2008-2518 http://www.vupen.com/english/advisories/2008/2518 APPLE-SA-2007-03-13 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html APPLE-SA-2007-04-19 http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html DSA-987 http://www.debian.org/security/2006/dsa-987 FLSA:183571-2 http://www.securityfocus.com/archive/1/430299/100/0/threaded GLSA-200603-06 http://www.gentoo.org/security/en/glsa/glsa-200603-06.xml MDKSA-2006:046 http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:046 OpenPKG-SA-2006.006 http://www.openpkg.org/security/OpenPKG-SA-2006.006-tar.html RHSA-2006:0232 http://www.redhat.com/support/errata/RHSA-2006-0232.html SUSE-SR:2006:005 http://www.novell.com/linux/security/advisories/2006_05_sr.html TA07-072A http://www.us-cert.gov/cas/techalerts/TA07-072A.html TA07-109A http://www.us-cert.gov/cas/techalerts/TA07-109A.html USN-257-1 https://usn.ubuntu.com/257-1/ [Bug-tar] 20060220 tar 1.15.90 released http://lists.gnu.org/archive/html/bug-tar/2006-02/msg00051.html gnu-tar-pax-headers-bo(24855) https://exchange.xforce.ibmcloud.com/vulnerabilities/24855 http://docs.info.apple.com/article.html?artnum=305214 http://docs.info.apple.com/article.html?artnum=305391 oval:org.mitre.oval:def:5252 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5252 oval:org.mitre.oval:def:5978 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5978 oval:org.mitre.oval:def:5993 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5993 oval:org.mitre.oval:def:6094 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6094 oval:org.mitre.oval:def:9295 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9295
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.