Your submission was sent successfully! Close

CVE-2010-0624

Published: 15 March 2010

Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character.

Priority

Low

Status

Package Release Status
cpio
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(2.11-4ubuntu1)
Patches:
Vendor: https://rhn.redhat.com/errata/RHSA-2010-0143.html
Upstream: http://git.savannah.gnu.org/cgit/paxutils.git/diff/lib/rtapelib.c?id=9bc39283e4cc6ab9e5913ccbf766998eab4ff093
tar
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(1.23-3)
Patches:
Vendor: https://rhn.redhat.com/errata/RHSA-2010-0142.html
Upstream: http://git.savannah.gnu.org/cgit/paxutils.git/diff/lib/rtapelib.c?id=9bc39283e4cc6ab9e5913ccbf766998eab4ff093