USN-506-1: tar vulnerability
28 August 2007
- tar -
Dmitry V. Levin discovered that tar did not correctly detect the ".."
file path element when unpacking archives. If a user or an automated
system were tricked into unpacking a specially crafted tar file, arbitrary
files could be overwritten with user privileges.