CVE-2006-0300

NameCVE-2006-0300
DescriptionBuffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, web search, more)
ReferencesDSA-987-1
NVD severitymedium (attack range: remote)
Debian Bugs354091
Debian/oldoldstablenot vulnerable.
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
dpkg (PTS)squeeze, squeeze (security)1.15.11fixed
squeeze (lts)1.15.12fixed
wheezy1.16.16fixed
wheezy (security)1.16.17fixed
jessie (security), jessie1.17.26fixed
stretch, sid1.18.4fixed
tar (PTS)squeeze1.23-3fixed
wheezy1.26+dfsg-0.1fixed
jessie1.27.1-2fixed
stretch, sid1.28-2.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
dpkgsource(unstable)(not affected)
tarsource(unstable)1.15.1-3high354091
tarsourcesarge1.14-2.1mediumDSA-987-1
tarsourcewoody(not affected)

Notes

- dpkg <not-affected> (has completely different tar implementation)

Search for package or bug name: Reporting problems