Re: Directory traversal vulnerabilities in several archivers processing .tar

From: der Mouse (mouseat_private)
Date: Tue Dec 17 2002 - 09:54:41 PST

Next message: richat_private: "export LD_LIBRARY_PATH in /etc/profile.d/* files"

Previous message: Florian Schafferhans: "Directory traversal vulnerabilities in several archivers processing .tar"
In reply to: Florian Schafferhans: "Directory traversal vulnerabilities in several archivers processing .tar"
Next in thread: Andrew Kopp: "RE: Directory traversal vulnerabilities in several archivers processing .tar"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> [...how tarfile readers don't check for .. components...]

> Affected
> [long list]

Not affected: my tar, when run with the appropriate option to make it
paranoid about extraction.  (With the option set, it refuses to extract
anything that would be placed anywhere not under the current
directory.  At least it's supposed to, and as far as I know it does.)

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouseat_private
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Next message: richat_private: "export LD_LIBRARY_PATH in /etc/profile.d/* files"
Previous message: Florian Schafferhans: "Directory traversal vulnerabilities in several archivers processing .tar"
In reply to: Florian Schafferhans: "Directory traversal vulnerabilities in several archivers processing .tar"
Next in thread: Andrew Kopp: "RE: Directory traversal vulnerabilities in several archivers processing .tar"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Dec 18 2002 - 12:20:22 PST