CVE-2016-6321

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.

References

http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html

https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt

http://www.securityfocus.com/bid/93937

http://seclists.org/fulldisclosure/2016/Oct/96

http://lists.gnu.org/archive/html/bug-tar/2016-10/msg00016.html

http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d

http://seclists.org/fulldisclosure/2016/Oct/102

http://www.ubuntu.com/usn/USN-3132-1

http://www.debian.org/security/2016/dsa-3702

https://security.gentoo.org/glsa/201611-19

https://lists.apache.org/thread.html/[email protected]%3Cissues.bookkeeper.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cissues.bookkeeper.apache.org%3E

Details

Source: MITRE

Published: 2016-12-09

Updated: 2021-06-29

Type: CWE-22

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:gnu:tar:1.24:*:*:*:*:*:*:*

cpe:2.3:a:gnu:tar:1.25:*:*:*:*:*:*:*

cpe:2.3:a:gnu:tar:1.15.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:tar:1.15.90:*:*:*:*:*:*:*

cpe:2.3:a:gnu:tar:1.20:*:*:*:*:*:*:*

cpe:2.3:a:gnu:tar:1.21:*:*:*:*:*:*:*

cpe:2.3:a:gnu:tar:1.26:*:*:*:*:*:*:*

cpe:2.3:a:gnu:tar:1.27:*:*:*:*:*:*:*

cpe:2.3:a:gnu:tar:1.15.91:*:*:*:*:*:*:*

cpe:2.3:a:gnu:tar:1.16:*:*:*:*:*:*:*

cpe:2.3:a:gnu:tar:1.22:*:*:*:*:*:*:*

cpe:2.3:a:gnu:tar:1.23:*:*:*:*:*:*:*

cpe:2.3:a:gnu:tar:1.27.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:tar:1.29:*:*:*:*:*:*:*

cpe:2.3:a:gnu:tar:1.18:*:*:*:*:*:*:*

cpe:2.3:a:gnu:tar:1.19:*:*:*:*:*:*:*

cpe:2.3:a:gnu:tar:1.17:*:*:*:*:*:*:*

cpe:2.3:a:gnu:tar:1.28:*:*:*:*:*:*:*

cpe:2.3:a:gnu:tar:1.14:*:*:*:*:*:*:*

cpe:2.3:a:gnu:tar:1.15:*:*:*:*:*:*:*

cpe:2.3:a:gnu:tar:1.16.1:*:*:*:*:*:*:*

Tenable Plugins

View all (21 total)

IDNameProductFamilySeverity
140858EulerOS 2.0 SP3 : tar (EulerOS-SA-2020-2091)NessusHuawei Local Security Checks
high
135611EulerOS Virtualization 3.0.2.2 : tar (EulerOS-SA-2020-1449)NessusHuawei Local Security Checks
high
134534EulerOS Virtualization for ARM 64 3.0.2.0 : tar (EulerOS-SA-2020-1245)NessusHuawei Local Security Checks
high
132546Photon OS 2.0: Tar PHSA-2019-2.0-0187NessusPhotonOS Local Security Checks
high
132208EulerOS 2.0 SP3 : tar (EulerOS-SA-2019-2673)NessusHuawei Local Security Checks
high
131577EulerOS 2.0 SP2 : tar (EulerOS-SA-2019-2423)NessusHuawei Local Security Checks
high
130654EulerOS 2.0 SP5 : tar (EulerOS-SA-2019-2192)NessusHuawei Local Security Checks
high
129788Photon OS 1.0: Tar PHSA-2019-1.0-0252NessusPhotonOS Local Security Checks
high
129686Photon OS 1.0: Tar PHSA-2019-1.0-0255NessusPhotonOS Local Security Checks
high
127428NewStart CGSL MAIN 4.05 : tar Multiple Vulnerabilities (NS-SA-2019-0153)NessusNewStart CGSL Local Security Checks
high
127307NewStart CGSL MAIN 4.06 : tar Multiple Vulnerabilities (NS-SA-2019-0089)NessusNewStart CGSL Local Security Checks
high
121690Photon OS 1.0: Tar PHSA-2017-0015NessusPhotonOS Local Security Checks
critical
111864Photon OS 1.0: Freetype2 / Gnutls / Linux / Tar PHSA-2017-0015 (deprecated)NessusPhotonOS Local Security Checks
critical
95555openSUSE Security Update : tar (openSUSE-2016-1401)NessusSuSE Local Security Checks
high
95315SUSE SLED12 / SLES12 Security Update : tar (SUSE-SU-2016:2896-1)NessusSuSE Local Security Checks
high
95314SUSE SLES11 Security Update : tar (SUSE-SU-2016:2895-1)NessusSuSE Local Security Checks
high
95273openSUSE Security Update : tar (openSUSE-2016-1341)NessusSuSE Local Security Checks
high
95270GLSA-201611-19 : Tar: Extract pathname bypassNessusGentoo Local Security Checks
high
95054Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : tar vulnerability (USN-3132-1)NessusUbuntu Local Security Checks
high
94456Debian DSA-3702-1 : tar - security updateNessusDebian Local Security Checks
high
94447Debian DLA-690-1 : tar security updateNessusDebian Local Security Checks
high