[CLOSE] OSVDB ID : 56054 - Disclosed: 2009-06-28

Description:

The GNU Stream Editor (sed) contains a flaw that may allow a local attacker to gain access to sensitive information or manipulate arbitrary user's date. The issue is due to utils.c (ck_mkstemp) not setting a restrictive umask on temporary files.

[CLOSE] OSVDB ID : 6509 - Disclosed: 2001-07-02

Description:

(Description Provided by CVE) : GNU tar 1.13.19 and other versions before 1.13.25 allows remote attackers to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security check.

[CLOSE] OSVDB ID : 8967 - Disclosed: 2001-07-02

Description:

(Description Provided by CVE) : Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows local users to overwrite arbitrary files during archive extraction via a tar file whose filenames contain a .. (dot dot).

[CLOSE] OSVDB ID : 18704 - Disclosed: 2005-08-04

Description:

(Description Provided by CVE) : Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.

[CLOSE] OSVDB ID : 9063 - Disclosed: 2001-07-02

Description:

(Description Provided by CVE) : Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a (1) "/.." or (2) "./.." string, which removes the leading slash but leaves the "..", a variant of CVE-2001-1267.

[CLOSE] OSVDB ID : 30721 - Disclosed: 2006-11-21

Description:

(Description Provided by CVE) : GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216.

[CLOSE] OSVDB ID : 23371 - Disclosed: 2006-02-22

Description:

A remote overflow exists in GNU Tar. GNU Tar fails to properly handle PAX extended headers resulting in a buffer overflow. With a specially crafted .tar archive, an attacker can cause arbitrary command execution when the victim lists the tar contents or extracts the archive.

[CLOSE] OSVDB ID : 62950 - Disclosed: 2010-03-10

Description:

GNU tar is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a heap overflow. With a specially crafted response or file, a remote attacker can potentially cause arbitrary code execution.

[CLOSE] OSVDB ID : 42149 - Disclosed: 2007-09-06

Description:

(Description Provided by CVE) : Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."

[CLOSE] OSVDB ID : 38183 - Disclosed: 2007-08-13

Description:

(Description Provided by CVE) : Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.

[CLOSE] OSVDB ID : 19409 - Disclosed: 2005-09-14

Description:

(Description Provided by CVE) : The sort_offline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.

[CLOSE] OSVDB ID : 68810 - Disclosed: 2010-09-28

Description:

(Description Provided by CVE) : The (1) texmacs and (2) tm_mupad_help scripts in TeXmacs 1.0.7.4 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

[CLOSE] OSVDB ID : 3950 - Disclosed: 2003-03-04

Description:

The GNU Transport Layer Security Library contains a flaw that may allow a malicious user to disclose sensitive information about the information protected by the security features of the GNU Transport Layer Security Library. It is currently undocumented as to what exact conditions must be met to cause this condition. It is possible that the flaw may allow and attackers the ability to decrypted protected data resulting in a loss of information confidentiality.

[CLOSE] OSVDB ID : 74393 - Disclosed: 2009-08-14

Description:

(Description Provided by CVE) : The (1) configure and (2) config.guess scripts in GNU troff (aka groff) 1.20.1 on Openwall GNU/*/Linux (aka Owl) improperly create temporary files upon a failure of the mktemp function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file.

[CLOSE] OSVDB ID : 74389 - Disclosed: 2009-08-14

Description:

(Description Provided by CVE) : The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3) contrib/groffer/perl/roff2.pl scripts in GNU troff (aka groff) 1.21 and earlier use an insufficient number of X characters in the template argument to the tempfile function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2004-0969.

[CLOSE] OSVDB ID : 74392 - Disclosed: 2009-08-14

Description:

(Description Provided by CVE) : The (1) configure and (2) config.guess scripts in GNU troff (aka groff) 1.20.1 on Openwall GNU/*/Linux (aka Owl) improperly create temporary files upon a failure of the mktemp function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file.

[CLOSE] OSVDB ID : 74386 - Disclosed: 2009-08-14

Description:

(Description Provided by CVE) : The (1) contrib/eqn2graph/eqn2graph.sh, (2) contrib/grap2graph/grap2graph.sh, and (3) contrib/pic2graph/pic2graph.sh scripts in GNU troff (aka groff) 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to overwrite arbitrary files via a symlink attack on a file in a temporary directory, a different vulnerability than CVE-2004-1296.

[CLOSE] OSVDB ID : 74385 - Disclosed: 2009-08-14

Description:

(Description Provided by CVE) : The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) contrib/gdiffmk/tests/runtests.in scripts in GNU troff (aka groff) 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file.

[CLOSE] OSVDB ID : 74387 - Disclosed: 2009-08-14

Description:

(Description Provided by CVE) : The (1) contrib/eqn2graph/eqn2graph.sh, (2) contrib/grap2graph/grap2graph.sh, and (3) contrib/pic2graph/pic2graph.sh scripts in GNU troff (aka groff) 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to overwrite arbitrary files via a symlink attack on a file in a temporary directory, a different vulnerability than CVE-2004-1296.

[CLOSE] OSVDB ID : 74390 - Disclosed: 2009-08-14

Description:

(Description Provided by CVE) : The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3) contrib/groffer/perl/roff2.pl scripts in GNU troff (aka groff) 1.21 and earlier use an insufficient number of X characters in the template argument to the tempfile function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2004-0969.

[CLOSE] OSVDB ID : 74391 - Disclosed: 2009-08-14

Description:

(Description Provided by CVE) : The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3) contrib/groffer/perl/roff2.pl scripts in GNU troff (aka groff) 1.21 and earlier use an insufficient number of X characters in the template argument to the tempfile function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2004-0969.

[CLOSE] OSVDB ID : 74382 - Disclosed: 2009-07-24

Description:

(Description Provided by CVE) : contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document.

[CLOSE] OSVDB ID : 74388 - Disclosed: 2009-08-14

Description:

(Description Provided by CVE) : The (1) contrib/eqn2graph/eqn2graph.sh, (2) contrib/grap2graph/grap2graph.sh, and (3) contrib/pic2graph/pic2graph.sh scripts in GNU troff (aka groff) 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to overwrite arbitrary files via a symlink attack on a file in a temporary directory, a different vulnerability than CVE-2004-1296.

[CLOSE] OSVDB ID : 74384 - Disclosed: 2009-08-14

Description:

(Description Provided by CVE) : The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) contrib/gdiffmk/tests/runtests.in scripts in GNU troff (aka groff) 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file.

[CLOSE] OSVDB ID : 74383 - Disclosed: 2009-08-14

Description:

(Description Provided by CVE) : The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) contrib/gdiffmk/tests/runtests.in scripts in GNU troff (aka groff) 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file.

[CLOSE] OSVDB ID : 11130 - Disclosed: 2004-09-30

Description:

(Description Provided by CVE) : The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

[CLOSE] OSVDB ID : 73111 - Disclosed: 2009-07-24

Description:

(Description Provided by CVE) : contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file.

[CLOSE] OSVDB ID : 1479 - Disclosed: 2000-07-26

Description:

(Description Provided by CVE) : GNU userv 1.0.0 and earlier does not properly perform file descriptor swapping, which can corrupt the USERV_GROUPS and USERV_GIDS environmental variables and allow local users to bypass some access restrictions.

[CLOSE] OSVDB ID : 6982 - Disclosed: 2002-12-10

Description:

wget contains a flaw that may allow a remote malicious user to write arbitrary files to the system. The issue is triggered when an NLST response from the server contains directory path information. It is possible that the flaw may allow arbitrary files to be written resulting in a loss of integrity.

[CLOSE] OSVDB ID : 12639 - Disclosed: 2004-12-09

Description:

(Description Provided by CVE) : wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a ".." that resolves to the IP address of the malicious server, which bypasses wget's filtering for ".." sequences.