Vulnerability Details : CVE-2016-6321
Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.
Vulnerability category: Directory traversal
Products affected by CVE-2016-6321
- cpe:2.3:a:gnu:tar:1.15.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:tar:1.15:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:tar:1.15.90:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:tar:1.14:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:tar:1.16:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:tar:1.15.91:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:tar:1.18:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:tar:1.17:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:tar:1.20:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:tar:1.19:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:tar:1.16.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:tar:1.21:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:tar:1.24:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:tar:1.25:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:tar:1.26:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:tar:1.27:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:tar:1.22:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:tar:1.23:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:tar:1.29:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:tar:1.27.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:tar:1.28:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-6321
0.49%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 73 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-6321
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2016-6321
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-6321
-
http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html
GNU tar 1.29 Extract Pathname Bypass ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
[GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8 -Apache Mail Archives
-
http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d
tar.git - GNU TarIssue Tracking;Patch
-
https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt
Third Party Advisory
-
http://lists.gnu.org/archive/html/bug-tar/2016-10/msg00016.html
Re: [Bug-tar] possible fixes for CVE-2016-6321Mailing List;Vendor Advisory
-
http://www.debian.org/security/2016/dsa-3702
Debian -- Security Information -- DSA-3702-1 tar
-
http://seclists.org/fulldisclosure/2016/Oct/102
Full Disclosure: [CSS] POINTYFEATHER / tar extract pathname bypass (CVE-2016-6321) - patch updateMailing List;Patch;Third Party Advisory
-
https://security.gentoo.org/glsa/201611-19
Tar: Extract pathname bypass (GLSA 201611-19) — Gentoo security
-
http://seclists.org/fulldisclosure/2016/Oct/96
Full Disclosure: [CSS] POINTYFEATHER / tar extract pathname bypass (CVE-2016-6321)Mailing List;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-3132-1
USN-3132-1: tar vulnerability | Ubuntu security notices
-
http://www.securityfocus.com/bid/93937
GNU Tar CVE-2016-6321 Security Bypass VulnerabilityThird Party Advisory;VDB Entry
-
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
[GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8 -Apache Mail Archives
Jump to