PT-2016-3297 · Gnu+3 · Gnu Tar+3

Harry Sintonen

Publicado

2015-10-09

Atualizado

2025-08-06

CVE-2016-6321

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions GNU tar versions 1.14 through 1.29

Description The issue is related to a directory traversal vulnerability in the safer name suffix function. This vulnerability might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file name parameter. The vulnerability exists due to incorrect limitation of the path name to a directory with limited access.

Recommendations For GNU tar versions 1.14 through 1.29, consider updating to a version that contains a fix for this issue. As a temporary workaround, restrict access to the safer name suffix function to minimize the risk of exploitation. Avoid using the file name parameter in affected functions until the issue is resolved.

Exploit

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

ALT-PU-2015-1845

ALT-PU-2017-1324

BDU:2019-03749

CVE-2016-6321

DLA-690-1

DSA-3702-1

MGASA-2016-0386

OPENSUSE-SU-2024:10382-1

SUSE-SU-2016:2895-1

SUSE-SU-2016:2896-1

SUSE-SU-2016_2895-1

SUSE-SU-2016_2896-1

USN-3132-1

Produtos afetados

Alt Linux

Gnu Tar

Suse

Ubuntu

PT-2016-3297 · Gnu+3 · Gnu Tar+3

CVE-2016-6321

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 41