Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 22 Oct 2015 22:40:29 -0400
From: Robert Watson <robertcwatson1@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request: BusyBox tar directory traversal

Apologies if I'm naive but... since /tmp is world writable, how is this a
vulnerability?




*Trust in truth keeps hope aliverobertcwatson1@...il.com
<robertcwatson1@...il.com>www.docsalvage.info
<http://www.docsalvage.info>www.CivicChorale.org
<http://www.CivicChorale.org>*
<http://www.wunderground.com/cgi-bin/findweather/getForecast?query=Tallahassee,%20FL>
<https://www.healthcare.gov/>

On Wed, Oct 21, 2015 at 11:36 AM, Tyler Hicks <tyhicks@...onical.com> wrote:

> Hello - The BusyBox implementation of tar will extract a symlink that
> points outside of the current working directory and then follow that
> symlink when extracting other files. This allows for a directory
> traversal attack when extracting untrusted tarballs.
>
> This behavior was documented in the BusyBox source with the following
> 2011 commit:
>
>
> http://git.busybox.net/busybox/commit/?id=a116552869db5e7793ae10968eb3c962c69b3d8c
>
> I've created an upstream bug report:
>
>   https://bugs.busybox.net/8411
>
> Can we get a CVE assigned to track this? Thanks!
>
> Tyler
>

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ