Published: 09/12/2016 Updated: 13/02/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 up to and including 1.29 might allow remote malicious users to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu tar 1.26
gnu tar 1.27.1
gnu tar 1.23
gnu tar 1.29
gnu tar 1.25
gnu tar 1.22
gnu tar 1.18
gnu tar 1.19
gnu tar 1.20
gnu tar 1.17
gnu tar 1.27
gnu tar 1.15.90
gnu tar 1.16
gnu tar 1.28
gnu tar 1.14
gnu tar 1.24
gnu tar 1.15.91
gnu tar 1.15
gnu tar 1.15.1
gnu tar 1.21
gnu tar 1.16.1

Debian Bug report logs - #842339 tar: CVE-2016-6321: Bypassing the extract path name Package: tar; Maintainer for tar is Bdale Garbee <bdale@gagcom>; Source for tar is src:tar (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Fri, 28 Oct 2016 08:30:01 UTC Severity: grave Tags: fixed-upstr ...

tar could be made to overwrite files ...

Harry Sintonen discovered that GNU tar does not properly handle member names containing '', thus allowing an attacker to bypass the path names specified on the command line and replace files and directories in the target directory For the stable distribution (jessie), this problem has been fixed in version 1271-2+deb8u1 For the unstable distr ...

Directory traversal vulnerability in the safer_name_suffix function in GNU tar 114 through 129 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER ...

The GNU tar archiver attempts to avoid path traversal attacks by removing offending parts of the element name at extract This sanitizing leads to a vulnerability where the attacker can bypass the path name(s) specified on the command line leading to arbitrary overwrite of files and directories inside the target directory ...

The GNU tar archiver can be tricked into extracting files and directories in the given destination, regardless of the path name(s) specified on the command line Versions 114 through 129 are affected ...

CWE-22 http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt http://www.securityfocus.com/bid/93937 http://seclists.org/fulldisclosure/2016/Oct/96 http://lists.gnu.org/archive/html/bug-tar/2016-10/msg00016.html http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d http://seclists.org/fulldisclosure/2016/Oct/102 http://www.ubuntu.com/usn/USN-3132-1 http://www.debian.org/security/2016/dsa-3702 https://security.gentoo.org/glsa/201611-19 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842339 https://usn.ubuntu.com/3132-1/https://nvd.nist.gov

CVE-2016-6321

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect