GNU tar contains_dot_dot() Directory Traversal Bug Lets Remote Users Overwrite Files
|
|
SecurityTracker Alert ID: 1023277 |
|
SecurityTracker URL: http://securitytracker.com/id/1023277
|
|
CVE Reference:
CVE-2007-4131
(Links to External Site)
|
Date: Dec 4 2009
|
Impact:
Modification of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
A vulnerability was reported in GNU tar. A remote user can cause files to be overwritten on the target user's system.
A remote user can create a specially crafted tar archive that, when extracted by the target user, will overwrite arbitrary files on the target user's system with the privileges of the target user.
The vulnerability resides in the contains_dot_dot() function and occurs in the processing of directory symlinks.
Dmitry V. Levin reported this vulnerability.
|
Impact:
A remote user can create a file that, when loaded by the target user, will overwrite files on the target user's system with the privileges of the target user.
|
Solution:
Sun has issued a fix.
SPARC Platform
* Solaris 10 with patch 139099-03 or later
* OpenSolaris based upon builds snv_116 or later
x86 Platform
* Solaris 10 with patch 139100-03 or later
* OpenSolaris based upon builds snv_116 or later
Sun is working on a fix for Solaris 9.
The Sun advisory is available at:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-273551-1
|
Vendor URL: www.gnu.org/software/tar (Links to External Site)
|
Cause:
Input validation error
|
Underlying OS:
UNIX (Solaris - SunOS)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Fri, 04 Dec 2009 06:58:02 +0000
Subject: http://sunsolve.sun.com/search/document.do?assetkey=1-66-273551-1
|
Two Security Vulnerabilities in GNU tar (see gtar(1)) May Lead to Files Being Overwritten, Execution of Arbitrary Code, or a Denial of Service (DoS)
273551
CVE-2007-4131
CVE-2007-4476
|
|
