Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might     allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors     related to improper sanitization of the file_name parameter, aka POINTYFEATHER. (CVE-2016-6321)

Note that Nessus relies on the presence of the package as reported by the vendor.

According to the version of the tar package installed, the EulerOS installation on the remote host is affected by the following vulnerability :

  - Directory traversal vulnerability in the     safer_name_suffix function in GNU tar 1.14 through 1.29     might allow remote attackers to bypass an intended     protection mechanism and write to arbitrary files via     vectors related to improper sanitization of the     file_name parameter, aka POINTYFEATHER.(CVE-2016-6321)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the version of the tar package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :

  - Directory traversal vulnerability in the     safer_name_suffix function in GNU tar 1.14 through 1.29     might allow remote attackers to bypass an intended     protection mechanism and write to arbitrary files via     vectors related to improper sanitization of the     file_name parameter, aka POINTYFEATHER.(CVE-2016-6321)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the version of the tar package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability :

  - Directory traversal vulnerability in the     safer_name_suffix function in GNU tar 1.14 through 1.29     might allow remote attackers to bypass an intended     protection mechanism and write to arbitrary files via     vectors related to improper sanitization of the     file_name parameter, aka POINTYFEATHER.(CVE-2016-6321)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An update of the tar package has been released.

The remote NewStart CGSL host, running version MAIN 4.05, has tar packages installed that are affected by multiple vulnerabilities:

  - Buffer overflow in tar 1.14 through 1.15.90 allows user-     assisted attackers to cause a denial of service     (application crash) and possibly execute code via     unspecified vectors involving PAX extended headers.
    (CVE-2006-0300)

  - GNU tar 1.16 and 1.15.1, and possibly other versions,     allows user-assisted attackers to overwrite arbitrary     files via a tar file that contains a GNUTYPE_NAMES     record with a symbolic link, which is not properly     handled by the extract_archive function in extract.c and     extract_mangle function in mangle.c, a variant of     CVE-2002-1216. (CVE-2006-6097)

  - Directory traversal vulnerability in the     contains_dot_dot function in src/names.c in GNU tar     allows user-assisted remote attackers to overwrite     arbitrary files via certain //.. (slash slash dot dot)     sequences in directory symlinks in a TAR archive.
    (CVE-2007-4131)

  - Buffer overflow in the safer_name_suffix function in GNU     tar has unspecified attack vectors and impact, resulting     in a crashing stack. (CVE-2007-4476)

  - Heap-based buffer overflow in the rmt_read__ function in     lib/rtapelib.c in the rmt client functionality in GNU     tar before 1.23 and GNU cpio before 2.11 allows remote     rmt servers to cause a denial of service (memory     corruption) or possibly execute arbitrary code by     sending more data than was requested, related to archive     filenames that contain a : (colon) character.
    (CVE-2010-0624)

  - Directory traversal vulnerability in the     safer_name_suffix function in GNU tar 1.14 through 1.29     might allow remote attackers to bypass an intended     protection mechanism and write to arbitrary files via     vectors related to improper sanitization of the     file_name parameter, aka POINTYFEATHER. (CVE-2016-6321)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote NewStart CGSL host, running version MAIN 4.06, has tar packages installed that are affected by multiple vulnerabilities:

  - Buffer overflow in tar 1.14 through 1.15.90 allows user-     assisted attackers to cause a denial of service     (application crash) and possibly execute code via     unspecified vectors involving PAX extended headers.
    (CVE-2006-0300)

  - GNU tar 1.16 and 1.15.1, and possibly other versions,     allows user-assisted attackers to overwrite arbitrary     files via a tar file that contains a GNUTYPE_NAMES     record with a symbolic link, which is not properly     handled by the extract_archive function in extract.c and     extract_mangle function in mangle.c, a variant of     CVE-2002-1216. (CVE-2006-6097)

  - Directory traversal vulnerability in the     contains_dot_dot function in src/names.c in GNU tar     allows user-assisted remote attackers to overwrite     arbitrary files via certain //.. (slash slash dot dot)     sequences in directory symlinks in a TAR archive.
    (CVE-2007-4131)

  - Buffer overflow in the safer_name_suffix function in GNU     tar has unspecified attack vectors and impact, resulting     in a crashing stack. (CVE-2007-4476)

  - Heap-based buffer overflow in the rmt_read__ function in     lib/rtapelib.c in the rmt client functionality in GNU     tar before 1.23 and GNU cpio before 2.11 allows remote     rmt servers to cause a denial of service (memory     corruption) or possibly execute arbitrary code by     sending more data than was requested, related to archive     filenames that contain a : (colon) character.
    (CVE-2010-0624)

  - Directory traversal vulnerability in the     safer_name_suffix function in GNU tar 1.14 through 1.29     might allow remote attackers to bypass an intended     protection mechanism and write to arbitrary files via     vectors related to improper sanitization of the     file_name parameter, aka POINTYFEATHER. (CVE-2016-6321)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

This update for tar fixes the following issues :

  - Fix the POINTYFEATHER vulnerability - GNU tar archiver     can be tricked into extracting files and directories in     the given destination, regardless of the path name(s)     specified on the command line [bsc#1007188]     [CVE-2016-6321]

  - Fix Amanda integration issue (bsc#913058)

This update was imported from the SUSE:SLE-12:Update update project.

This update for tar fixes the following issues :

  - Fix the POINTYFEATHER vulnerability - GNU tar archiver     can be tricked into extracting files and directories in     the given destination, regardless of the path name(s)     specified on the command line [bsc#1007188]     [CVE-2016-6321]

  - Fix Amanda integration issue (bsc#913058)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for tar fixes the following issues :

  - Fix the POINTYFEATHER vulnerability - GNU tar archiver     can be tricked into extracting files and directories in     the given destination, regardless of the path name(s)     specified on the command line [bsc#1007188]     [CVE-2016-6321]

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for tar fixes the following issues :

  - extract files recursively with --files-from [boo#913058] 

  - Fix POINTYFEATHER vulnerability - GNU tar archiver can     be tricked into extracting files and directories in the     given destination, regardless of the path name(s)     specified on the command line [boo#1007188]     [CVE-2016-6321]

The remote host is affected by the vulnerability described in GLSA-201611-19 (Tar: Extract pathname bypass)

    Tar attempts to avoid path traversal attacks by removing offending parts       of the element name at extract. This sanitizing leads to a vulnerability       where the attacker can bypass the path name(s) specified on the command       line.
  Impact :

    The attacker can create a crafted tar archive that, if extracted by the       victim, replaces files and directories the victim has access to in the       target directory, regardless of the path name(s) specified on the command       line.
  Workaround :

    There is no known workaround at this time.

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3132-1 advisory.

    Harry Sintonen discovered that tar incorrectly handled extracting files when path names are specified on     the command line. If a user or automated system were tricked into processing a specially crafted archive,     an attacker could possibly overwrite arbitrary files.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Harry Sintonen discovered that GNU tar does not properly handle member names containing '..', thus allowing an attacker to bypass the path names specified on the command line and replace files and directories in the target directory.

A vulnerability has been discovered in the tar package that could allow an attacker to overwrite arbitrary files through crafted files.

For Debian 7 'Wheezy', these problems have been fixed in version 1.26+dfsg-0.1+deb7u1.

We recommend that you upgrade your tar packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
219984	Linux Distros Unpatched Vulnerability : CVE-2016-6321	Nessus	Misc.	high
140858	EulerOS 2.0 SP3 : tar (EulerOS-SA-2020-2091)	Nessus	Huawei Local Security Checks	high
135611	EulerOS Virtualization 3.0.2.2 : tar (EulerOS-SA-2020-1449)	Nessus	Huawei Local Security Checks	high
134534	EulerOS Virtualization for ARM 64 3.0.2.0 : tar (EulerOS-SA-2020-1245)	Nessus	Huawei Local Security Checks	high
132546	Photon OS 2.0: Tar PHSA-2019-2.0-0187	Nessus	PhotonOS Local Security Checks	high
132208	EulerOS 2.0 SP3 : tar (EulerOS-SA-2019-2673)	Nessus	Huawei Local Security Checks	high
131577	EulerOS 2.0 SP2 : tar (EulerOS-SA-2019-2423)	Nessus	Huawei Local Security Checks	high
130654	EulerOS 2.0 SP5 : tar (EulerOS-SA-2019-2192)	Nessus	Huawei Local Security Checks	high
129788	Photon OS 1.0: Tar PHSA-2019-1.0-0252	Nessus	PhotonOS Local Security Checks	high
129686	Photon OS 1.0: Tar PHSA-2019-1.0-0255	Nessus	PhotonOS Local Security Checks	high
127428	NewStart CGSL MAIN 4.05 : tar Multiple Vulnerabilities (NS-SA-2019-0153)	Nessus	NewStart CGSL Local Security Checks	high
127307	NewStart CGSL MAIN 4.06 : tar Multiple Vulnerabilities (NS-SA-2019-0089)	Nessus	NewStart CGSL Local Security Checks	high
121690	Photon OS 1.0: Tar PHSA-2017-0015	Nessus	PhotonOS Local Security Checks	high
95555	openSUSE Security Update : tar (openSUSE-2016-1401)	Nessus	SuSE Local Security Checks	high
95315	SUSE SLED12 / SLES12 Security Update : tar (SUSE-SU-2016:2896-1)	Nessus	SuSE Local Security Checks	high
95314	SUSE SLES11 Security Update : tar (SUSE-SU-2016:2895-1)	Nessus	SuSE Local Security Checks	high
95273	openSUSE Security Update : tar (openSUSE-2016-1341)	Nessus	SuSE Local Security Checks	high
95270	GLSA-201611-19 : Tar: Extract pathname bypass	Nessus	Gentoo Local Security Checks	high
95054	Ubuntu 14.04 LTS / 16.04 LTS : tar vulnerability (USN-3132-1)	Nessus	Ubuntu Local Security Checks	high
94456	Debian DSA-3702-1 : tar - security update	Nessus	Debian Local Security Checks	high
94447	Debian DLA-690-1 : tar security update	Nessus	Debian Local Security Checks	high

Detections

Analytics

CVE-2016-6321

high

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high