GLSA-201611-19 : Tar: Extract pathname bypass

high Nessus Plugin ID 95270

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-201611-19 (Tar: Extract pathname bypass)

Tar attempts to avoid path traversal attacks by removing offending parts of the element name at extract. This sanitizing leads to a vulnerability where the attacker can bypass the path name(s) specified on the command line.
Impact :

The attacker can create a crafted tar archive that, if extracted by the victim, replaces files and directories the victim has access to in the target directory, regardless of the path name(s) specified on the command line.
Workaround :

There is no known workaround at this time.

Solution

All Tar users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=app-arch/tar-1.29-r1'

See Also

https://security.gentoo.org/glsa/201611-19

Plugin Details

Severity: High

ID: 95270

File Name: gentoo_GLSA-201611-19.nasl

Version: 3.4

Type: local

Published: 11/23/2016

Updated: 1/11/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS v3

Risk Factor: High

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:tar, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Patch Publication Date: 11/22/2016

Reference Information

CVE: CVE-2016-6321

GLSA: 201611-19