Description of problem:
GNU tar contains a flaw, that makes tar overwrite an arbitrairy file when
extracting a crafted archive.
See the original advisory for details.
Steps to Reproduce:
# crafting a symlink
gcc -o tarxyz tarxyz.c
./tarxyz > xyz.tar
# cleaning environment up
rm -f xyz
# adding files, relative to xyz/
mkdir -p xyz/home/$USER
echo "Hello" > xyz/home/$USER/hello.txt
tar -rf xyz.tar xyz/home/$USER
rm -rf xyz # so symlink to / can be created
$TAR -xf xyz.tar
All supported RHEL (2.1--4) and FC (5,6) releases are vulnerable
Kees Cook (of Ubuntu) reported an issue to upstream and proposed a patch.
See this thread:
Ping on this issue.
Can we get some updated packages. The patch looks to be rather simple.
I dunno how to filed RHSA-2006:0749, concretely built for AS21.1.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.