CVE-2010-0624

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2010-0624
Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character.

6.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036668.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037395.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037401.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038134.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038149.html
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
http://osvdb.org/62950
http://secunia.com/advisories/38869
http://secunia.com/advisories/38988
http://secunia.com/advisories/39008
http://security.gentoo.org/glsa/glsa-201111-11.xml
http://www.agrs.tu-berlin.de/index.php?id=78327 Exploit
http://www.mandriva.com/security/advisories?name=MDVSA-2010:065
http://www.redhat.com/support/errata/RHSA-2010-0141.html
http://www.redhat.com/support/errata/RHSA-2010-0142.html
http://www.redhat.com/support/errata/RHSA-2010-0144.html
http://www.redhat.com/support/errata/RHSA-2010-0145.html
http://www.securityfocus.com/archive/1/514503/100/0/threaded
http://www.ubuntu.com/usn/USN-2456-1
http://www.vupen.com/english/advisories/2010/0628
http://www.vupen.com/english/advisories/2010/0629
http://www.vupen.com/english/advisories/2010/0639
http://www.vupen.com/english/advisories/2010/0687
http://www.vupen.com/english/advisories/2010/0728
http://www.vupen.com/english/advisories/2010/0729
http://www.vupen.com/english/advisories/2010/1107
https://bugzilla.redhat.com/show_bug.cgi?id=564368 Patch
https://issues.rpath.com/browse/RPL-3219
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10277
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6907
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gnu:cpio:*:*:*:*:*:*:*:*
cpe:2.3:a:gnu:cpio:1.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:cpio:1.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:cpio:1.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:cpio:1.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:cpio:2.4-2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:cpio:2.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:cpio:2.5.90:*:*:*:*:*:*:*
cpe:2.3:a:gnu:cpio:2.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:cpio:2.7:*:*:*:*:*:*:*
cpe:2.3:a:gnu:cpio:2.8:*:*:*:*:*:*:*
cpe:2.3:a:gnu:cpio:2.9:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:*:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.13:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.13.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.13.11:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.13.14:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.13.16:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.13.17:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.13.18:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.13.19:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.13.25:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.14:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.14.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.14.90:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.15:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.15.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.15.90:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.15.91:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.16:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.16.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.17:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.18:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.19:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.20:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.21:*:*:*:*:*:*:*
History

No history.

Information

Published : 2010-03-15 13:28

Updated : 2024-02-28 11:41

NVD link : CVE-2010-0624

Mitre link : CVE-2010-0624

CVE.ORG link : CVE-2010-0624

JSON object : View

Products Affected

gnu

  • cpio
  • tar
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024