|
|
Subscribe / Log in / New account

tardiff: two vulnerabilities

Package(s):tardiff CVE #(s):CVE-2015-0857 CVE-2015-0858
Created:May 2, 2016 Updated:July 28, 2016
Description: From the Debian advisory:

CVE-2015-0857: Rainer Mueller and Florian Weimer discovered that tardiff is prone to shell command injections via shell meta-characters in filenames in tar files or via shell meta-characters in the tar filename itself.

CVE-2015-0858: Florian Weimer discovered that tardiff uses predictable temporary directories for unpacking tarballs. A malicious user can use this flaw to overwrite files with permissions of the user running the tardiff command line tool.

Alerts:
Debian-LTS DLA-564-1 tardiff 2016-07-28
Debian DSA-3562-1 tardiff 2016-05-01
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds