Subject: [ASA-201611-11] tar: arbitrary file overwrite Arch Linux Security Advisory ASA-201611-11 ========================================== Severity: Medium Date : 2016-11-03 CVE-ID : CVE-2016-6321 Package : tar Type : arbitrary file overwrite Remote : Yes Link : https://security.archlinux.org/AVG-64 Summary ======= The package tar before version 1.29-2 is vulnerable to arbitrary file overwrite. Resolution ========== Upgrade to 1.29-2. # pacman -Syu "tar>=1.29-2" The problem has been fixed upstream but no release is available yet. Workaround ========== None. Description =========== The GNU tar archiver attempts to avoid path traversal attacks by removing offending parts of the element name at extract. This sanitizing leads to a vulnerability where the attacker can bypass the path name(s) specified on the command line leading to arbitrary overwrite of files and directories inside the target directory. Impact ====== A remote attacker is able to use a specially crafted tar archive that, when extracted by the victim, replaces files and directories regardless of the path name(s) specified. References ========== https://bugs.archlinux.org/task/51563 https://sintonen.fi/advisories/tar-extract-pathname-bypass.txt http://seclists.org/fulldisclosure/2016/Oct/96 http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea053 https://security.archlinux.org/CVE-2016-6321