#VU32213 Path traversal in Tar - CVE-2016-6321
Published: December 10, 2016 / Updated: July 28, 2020
Vulnerability identifier: #VU32213
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2016-6321
CWE-ID: CWE-22
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Tar
Tar
Software vendor:
GNU
GNU
Description
The vulnerability allows a remote non-authenticated attacker to manipulate data.
Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.
Remediation
Install update from vendor's website.
External links
- http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d
- http://lists.gnu.org/archive/html/bug-tar/2016-10/msg00016.html
- http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html
- http://seclists.org/fulldisclosure/2016/Oct/102
- http://seclists.org/fulldisclosure/2016/Oct/96
- http://www.debian.org/security/2016/dsa-3702
- http://www.securityfocus.com/bid/93937
- http://www.ubuntu.com/usn/USN-3132-1
- https://security.gentoo.org/glsa/201611-19
- https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt