CVE-2016-6321 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2016-6321

CVE-2016-6321

December 09, 2016

Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.

Related Resources (15)

https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt

http://www.securityfocus.com/bid/93937

https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E

https://security-tracker.debian.org/tracker/CVE-2016-6321

https://security.gentoo.org/glsa/201611-19

https://people.canonical.com/~ubuntu-security/cve/CVE-2016-6321

http://seclists.org/fulldisclosure/2016/Oct/102

http://seclists.org/fulldisclosure/2016/Oct/96

http://www.ubuntu.com/usn/USN-3132-1

https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E

http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html