tar directory traversal

bug-gnu-utils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

tar directory traversal

From:	3APA3A
Subject:	tar directory traversal
Date:	Mon, 25 Jun 2001 18:50:07 +0400

Hello bug-gnu-utils,

tar  checks  for absolute path names beginning with '/' but it doesn't
for  '../'  it  makes  it  possible  to create tar archive which, then
extracted,  will  place  some  files  in directory of archive author's
choice.

Attached file creates test.txt one level higher then expected by user.
Tested version is

 GNU tar version 1.11.2

Please feedback me even if you feel this behavior is normal or if this
problem is known.

SECURITY.NNOV follows RFPolicy http://www.wiretrip.net/rfp/policy.html

-- 
http://www.security.nnov.ru
         /\_/\
        { . . }     |\
+--oQQo->{ ^ }<-----+ \
|  3APA3A  U  3APA3A   }
+-------------o66o--+ /
                    |/
You know my name - look up my number (The Beatles)

test.tar
Description: Unix tar archive

[Prev in Thread]

Current Thread

[Next in Thread]

tar directory traversal, 3APA3A <=
- Re: tar directory traversal, Paul Eggert, 2001/06/25
  - Re[2]: tar directory traversal, 3APA3A, 2001/06/25
    - Re: tar directory traversal, Paul Eggert, 2001/06/25

Prev by Date: Re: gawk: Internal Error
Next by Date: Re: tar directory traversal
Previous by thread: gperf bug
Next by thread: Re: tar directory traversal
Index(es):
- Date
- Thread