#VU32213 Path traversal in Tar - CVE-2016-6321

Cybersecurity Help s.r.o.

Published: 2016-12-10 | Updated: 2020-07-28

Vulnerability identifier: #VU32213

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2016-6321

CWE-ID: CWE-22

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Tar
Client/Desktop applications / Software for archiving

Vendor: GNU

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Tar: 1.14 - 1.29

External links
https://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d
https://lists.gnu.org/archive/html/bug-tar/2016-10/msg00016.html
https://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html
https://seclists.org/fulldisclosure/2016/Oct/102
https://seclists.org/fulldisclosure/2016/Oct/96
https://www.debian.org/security/2016/dsa-3702
https://www.securityfocus.com/bid/93937
https://www.ubuntu.com/usn/USN-3132-1
https://security.gentoo.org/glsa/201611-19
https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Path traversal in GNU Tar

Gentoo update for Tar

Arch Linux update for tar

Path traversal in tar (Alpine package)