Date: Thu, 22 Oct 2015 22:40:29 -0400 From: Robert Watson <robertcwatson1@...il.com> To: oss-security@...ts.openwall.com Subject: Re: CVE Request: BusyBox tar directory traversal Apologies if I'm naive but... since /tmp is world writable, how is this a vulnerability? *Trust in truth keeps hope aliverobertcwatson1@...il.com <robertcwatson1@...il.com>www.docsalvage.info <http://www.docsalvage.info>www.CivicChorale.org <http://www.CivicChorale.org>* <http://www.wunderground.com/cgi-bin/findweather/getForecast?query=Tallahassee,%20FL> <https://www.healthcare.gov/> On Wed, Oct 21, 2015 at 11:36 AM, Tyler Hicks <tyhicks@...onical.com> wrote: > Hello - The BusyBox implementation of tar will extract a symlink that > points outside of the current working directory and then follow that > symlink when extracting other files. This allows for a directory > traversal attack when extracting untrusted tarballs. > > This behavior was documented in the BusyBox source with the following > 2011 commit: > > > http://git.busybox.net/busybox/commit/?id=a116552869db5e7793ae10968eb3c962c69b3d8c > > I've created an upstream bug report: > > https://bugs.busybox.net/8411 > > Can we get a CVE assigned to track this? Thanks! > > Tyler >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ