oss-sec mailing list archives
Re: CVE Request: BusyBox tar directory traversal
From: Tyler Hicks <tyhicks () canonical com>
Date: Wed, 21 Oct 2015 14:56:50 -0500
On 2015-10-21 10:36:33, Tyler Hicks wrote:
Hello - The BusyBox implementation of tar will extract a symlink that points outside of the current working directory and then follow that symlink when extracting other files. This allows for a directory traversal attack when extracting untrusted tarballs.
I forgot to mention that I took a look at BusyBox's protections against
directory traversal attacks while extracting files with absolute paths
or dot dot ("..") components and it seems to sufficiently protect
against those attacks.
The function can be found here:
http://git.busybox.net/busybox/tree/archival/libarchive/unsafe_prefix.c
Tyler
Attachment:
signature.asc
Description: Digital signature
Current thread:
- CVE Request: BusyBox tar directory traversal Tyler Hicks (Oct 21)
- Re: CVE Request: BusyBox tar directory traversal Tyler Hicks (Oct 21)
- Re: CVE Request: BusyBox tar directory traversal cve-assign (Oct 21)
- Re: CVE Request: BusyBox tar directory traversal Robert Watson (Oct 22)
- Re: CVE Request: BusyBox tar directory traversal Tim Brown (Oct 22)
- Re: CVE Request: BusyBox tar directory traversal Robert Watson (Oct 23)
- Re: CVE Request: BusyBox tar directory traversal Yves-Alexis Perez (Oct 23)
- Re: CVE Request: BusyBox tar directory traversal Robert Watson (Oct 23)
- Re: CVE Request: BusyBox tar directory traversal Jeremy Stanley (Oct 23)
- Re: CVE Request: BusyBox tar directory traversal Jeremy Stanley (Oct 23)
- Re: CVE Request: BusyBox tar directory traversal Tim Brown (Oct 22)
- Re: CVE Request: BusyBox tar directory traversal Russ Allbery (Oct 23)