Note: This is an archival copy of Security Sun Alert 241646 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1019583.1.
Solaris 9 Operating System
Solaris 10 Operating System
Date of Workaround Release
Date of Resolved Release
Security vulnerability in the GNU tar utility (see gtar(1)):
A security vulnerability in the GNU tar utility (see gtar(1)) bundled with Solaris 9 and Solaris 10 may allow a local or remote unprivileged user who provides a specially crafted tar archive to cause the execution of arbitrary code or a program crash. The ability to cause a program crash is a type of Denial of Service (DoS).
Additional information regarding this issue is available at:
This issue can occur in the following releases:
Note 2: OpenSolaris distributions may include additional bug fixes above and beyond the build from which it was derived.
To determine the base build of OpenSolaris, the following command can be used:
$ uname -v3. Symptoms
There are no predictable symptoms that would indicate the described issue has been exploited on a system.
Until the patches for this issue can be applied, users should avoid using gtar(1) with archives from untrusted sources.
This issue is addressed in the following releases:
Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
28-Apr-2009: Updated Contributing Factors and Resolution sections. Resolved.
This solution has no attachment