|
| From: | cherepan at mccme dot ru |
| Subject: | [Bug binutils/17533] objdump/ar/... crash on malformed ar file |
| Date: | Tue, 04 Nov 2014 16:51:33 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=17533 --- Comment #7 from Alexander Cherepanov <cherepan at mccme dot ru> --- The danger is in overwriting sensitive files (e.g. authorized_keys) by an unconscious user or by an automatic process while extracting the contents of an archive. For similar examples please see https://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-4131 (tar) and https://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-4651 (patch). Both absolute and relative paths could be used for the attack. BTW creation of hidden files (with names starting with a dot) could also be viewed as undesirable. -- You are receiving this mail because: You are on the CC list for the bug.
| [Prev in Thread] | Current Thread | [Next in Thread] |