Permissions, Privileges, and Access Controls
The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 22.214.171.124, Antiy Labs AVL SDK 126.96.36.199, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 188.8.131.52, Comodo Antivirus 7424, Emsisoft Anti-Malware 184.108.40.206, F-Prot Antivirus 220.127.116.11, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 18.104.22.168, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 22.214.171.124, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 126.96.36.199, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 188.8.131.52, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20184.108.40.206 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 220.127.116.114, Trend Micro HouseCall 18.104.22.1684, VBA32 22.214.171.124, and VirusBuster 126.96.36.199 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
CWE-264 - Permissions Privileges and Access Controls
CWE 264 (permissions, privileges, and access controls) is not a weakness in and of itself, rather it is a category of weaknesses related to the management of permissions, privileges, and other security features used to perform access control. If not addressed, the weaknesses in this category allow attackers to gain privileges for an unintended sphere of control, access sensitive information, and execute arbitrary commands.