Re: SECURITY.NNOV: directory traversal and path globing in multiple archivers

From: Pavel Kankovsky (peakat_private)
Date: Mon Jul 16 2001 - 11:34:05 PDT

Next message: Ron van Daal: "Re: dip 3.3.7p-overflow"

Previous message: Thomas Zehetbauer: "W2k: Unkillable Applications"
In reply to: 3APA3A: "SECURITY.NNOV: directory traversal and path globing in multiple archivers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 12 Jul 2001, 3APA3A wrote:

> GNU tar (all platforms):
> 
>  tar  below  1.13.19  including  latest  releases  has  no any ".." or
>  absolute  path  protection.  Tar development team was contacted. They
>  replied  they're  aware  of  problem  and current development version
>  1.13.19  implements  some  kind of protection but it doesn't work for
>  most  cases  due  to  bug in coding. Exploitation scenario was passed
>  back  to  development  team. I hope it will work then 1.13.19 will be
>  finally  released.  See  attached  patch (tar-1.13.19.patch). 1.13.19
>  sources can be obtained from ftp://alpha.gnu.org/gnu/tar/

Please note that in a unix-like environment, one can also put a symlink
pointing "outside" into the archive and make tar follow that symlink
later.

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."

Next message: Ron van Daal: "Re: dip 3.3.7p-overflow"
Previous message: Thomas Zehetbauer: "W2k: Unkillable Applications"
In reply to: 3APA3A: "SECURITY.NNOV: directory traversal and path globing in multiple archivers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 16 2001 - 13:52:50 PDT