Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 28 Sep 2002 21:19:42 +0100 (BST)
From: Mark J Cox <>
cc: Paul Eggert <>
Subject: Re: Fwd: GNU tar (Re: Allot Netenforcer problems, GNU TAR flaw)

> Paul, -- is there anything more current than tar-1.13.25 (released
> over a year ago)?  Perhaps a CVS repository?

Yes we noticed this problem with ./../ not being caught and told the tar
folks.  We allocated CAN-2002-0399 for this, wrote a patch, prepared an 
errata, but waited to see if an official fix was coming.  

Date: Mon, 27 May 2002 11:44:58 +0100 (BST)
From: Mark J Cox <>
Subject: [SECURITY] bug in contains_dot_dot routine

We've recently been looking at the vulnerability mentioned on bugtraq
nearly a year ago:

"Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows
local users overwrite arbitrary files during archive extraction via a tar
file whose filenames contain a .. (dot dot)."

This was fixed by the routine contains_dot_dot in misc.c in tar, which
catches the case where a tar file contains an entry such as "../foo"

However during testing of 1.13.25 we found that we could still trigger
this problem with an entry such as "./../foo" and this is due to a logic
error in misc.c

I've attached a small patch that fixes this (I didn't spend time looking
to see if multiple ISSLASH are already stripped, if so you could optimize
the patch further)

Cheers, Mark
Mark J Cox / Red Hat / OpenSSL / Apache Software Foundation // T: +44 798 061 3110 // F: +44 870 1319174

    [ Part 2, ""  Text/PLAIN (Name: "tmp1.patch")  6 lines. ]
    [ Unable to print this part. ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the xvendor mailing list charter.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ