Описание
Cool Projects TarDiff allows remote attackers to execute arbitrary commands via shell metacharacters in the name of a (1) tar file or (2) file within a tar file.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| tardiff | fixed | 0.1-5 | package |
Примечания
https://anonscm.debian.org/cgit/collab-maint/tardiff.git/commit/?id=9bd6a07bc204472ac27242cea16f89943b43003a
Assignment is done for injection through file names and tar file name itself
First part was addressed in 0.1-3 but does not contain the fix for the tar
file name itself.
https://anonscm.debian.org/cgit/collab-maint/tardiff.git/commit/?id=a18e8df51511df276e61dbccdbe1714fc53af965
Связанные уязвимости
Cool Projects TarDiff allows remote attackers to execute arbitrary commands via shell metacharacters in the name of a (1) tar file or (2) file within a tar file.
Cool Projects TarDiff allows remote attackers to execute arbitrary commands via shell metacharacters in the name of a (1) tar file or (2) file within a tar file.
Cool Projects TarDiff allows remote attackers to execute arbitrary commands via shell metacharacters in the name of a (1) tar file or (2) file within a tar file.