Path traversal in Tar - CVE-2016-6321
Published: December 10, 2016 / Updated: July 28, 2020
Vulnerability identifier: #VU32213
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2016-6321
CWE-ID: CWE-22
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: GNU
Affected software:
Tar
Tar
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to manipulate data.
Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.
How to mitigate CVE-2016-6321
Install update from vendor's website.
Sources
- http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d
- http://lists.gnu.org/archive/html/bug-tar/2016-10/msg00016.html
- http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html
- http://seclists.org/fulldisclosure/2016/Oct/102
- http://seclists.org/fulldisclosure/2016/Oct/96
- http://www.debian.org/security/2016/dsa-3702
- http://www.securityfocus.com/bid/93937
- http://www.ubuntu.com/usn/USN-3132-1
- https://security.gentoo.org/glsa/201611-19
- https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt