[21541] in bugtraq
Re: SECURITY.NNOV: directory traversal and path globing in multiple
daemon@ATHENA.MIT.EDU (Pavel Kankovsky)
Mon Jul 16 16:54:32 2001
Date: Mon, 16 Jul 2001 20:34:05 +0200 (MET DST)
From: Pavel Kankovsky <peak@argo.troja.mff.cuni.cz>
To: bugtraq@securityfocus.com
In-Reply-To: <4713294566.20010712124125@SECURITY.NNOV.RU>
Message-ID: <20010716202816.454C.0@argo.troja.mff.cuni.cz>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Thu, 12 Jul 2001, 3APA3A wrote:
> GNU tar (all platforms):
>
> tar below 1.13.19 including latest releases has no any ".." or
> absolute path protection. Tar development team was contacted. They
> replied they're aware of problem and current development version
> 1.13.19 implements some kind of protection but it doesn't work for
> most cases due to bug in coding. Exploitation scenario was passed
> back to development team. I hope it will work then 1.13.19 will be
> finally released. See attached patch (tar-1.13.19.patch). 1.13.19
> sources can be obtained from ftp://alpha.gnu.org/gnu/tar/
Please note that in a unix-like environment, one can also put a symlink
pointing "outside" into the archive and make tar follow that symlink
later.
--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."
