CVE-2006-6097

Name of the Vulnerable Software and Affected Versions GNU tar versions 1.15.1 through 1.16

Description The issue allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE NAMES record with a symbolic link. This is due to improper handling by the extract archive function in extract.c and the extract mangle function in mangle.c.

Recommendations For GNU tar versions 1.15.1 through 1.16, consider restricting the use of tar files that contain GNUTYPE NAMES records with symbolic links until a patch is available. As a temporary workaround, avoid using the extract archive function and extract mangle function in extract.c and mangle.c, respectively, to minimize the risk of exploitation.