Tar: Extract pathname bypass — GLSA 201611-19

A path traversal attack in Tar may lead to the remote execution of arbitrary code.

Affected Packages

app-arch/tar on all architectures
Affected versions < 1.29-r1
Unaffected versions >= 1.29-r1

Background

The Tar program provides the ability to create and manipulate tar archives.

Description

Tar attempts to avoid path traversal attacks by removing offending parts of the element name at extract. This sanitizing leads to a vulnerability where the attacker can bypass the path name(s) specified on the command line.

Impact

The attacker can create a crafted tar archive that, if extracted by the victim, replaces files and directories the victim has access to in the target directory, regardless of the path name(s) specified on the command line.

Workaround

There is no known workaround at this time.

Resolution

All Tar users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-arch/tar-1.29-r1"
 

References

Release Date
November 22, 2016

Latest Revision
November 22, 2016: 2

Severity
normal

Exploitable
remote

Bugzilla entries