FreeBSD : ark -- extraction outside of extraction directory (38fdf07b-e8ec-11ea-8bbe-e0d55e2a8bf9)

low Nessus Plugin ID 139934

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Albert Astals Cid reports : Overview A maliciously crafted TAR archive containing symlink entries would install files anywhere in the user's home directory upon extraction. Proof of concept For testing, an example of malicious archive can be found at dirsymlink.tar Impact Users can unwillingly install files like a modified .bashrc, or a malicious script placed in ~/.config/autostart. Workaround Before extracting a downloaded archive using the Ark GUI, users should inspect it to make sure it doesn't contain symlink entries pointing outside the extraction folder.

The 'Extract' context menu from the Dolphin file manager shouldn't be used. Solution Ark 20.08.1 skips maliciously crafted symlinks when extracting TAR archives.

Alternatively, 8bf8c5ef07b0ac5e914d752681e470dea403a5bd can be applied to previous releases. Credits Thanks to Fabian Vogt for reporting this issue and for fixing it.

Solution

Update the affected package.

See Also

https://kde.org/info/security/advisory-20200827-1.txt

http://www.nessus.org/u?93e9da00

Plugin Details

Severity: Low

ID: 139934

File Name: freebsd_pkg_38fdf07be8ec11ea8bbee0d55e2a8bf9.nasl

Version: 1.4

Type: local

Published: 8/28/2020

Updated: 9/23/2020

Risk Information

CVSS Score Source: CVE-2020-24654

VPR

Risk Factor: Low

Score: 2.2

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: Low

Base Score: 3.3

Temporal Score: 2.9

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:ark, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 8/28/2020

Vulnerability Publication Date: 8/27/2020

Reference Information

CVE: CVE-2020-24654