| Severity |
|
| Remote |
|
| Type |
| + |
Arbitrary file overwrite |
|
| Description |
| + |
The GNU tar archiver attempts to avoid path traversal attacks by removing offending parts of the element name at extract. This sanitizing leads to a vulnerability where the attacker can bypass the path name(s) specified on the command line leading to arbitrary overwrite of files and directories inside the target directory. |
|
| References |
| + |
https://sintonen.fi/advisories/tar-extract-pathname-bypass.txt |
| + |
http://seclists.org/fulldisclosure/2016/Oct/96 |
| + |
http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea053 |
|
| Notes |
|