[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#802702: CVE-2011-5325: busybox: Directory traversal via crafted tar file which contains a symlink pointing outside of the current directory

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Package: busybox
Version: 1:1.22.0-15
Severity: important
Tags: security, upstream

It was discovered that busybox's tar implementation will extract a symlink that
points outside of the current working directory and follow that symlink when
extracting other files. This allows for a directory traversal attack when
extracting untrusted tarballs.

This behavior is documented in the source code:

  http://git.busybox.net/busybox/tree/archival/tar.c#n25

More information:

  https://bugs.busybox.net/8411
  http://openwall.com/lists/oss-security/2015/10/21/4

- -- 
Henri Salo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJWKSTaAAoJECet96ROqnV0sVgQANaMEz84St56AgwKRyiEh2U1
v8B8yaoIyGJA5H0mAbQV6lfVk48ueh0TFNFx4sanBTuR+tD++ibZSREnyG3xfzSf
U0aqqFGzQONAMMVbsIEzrd0hz+rwZKwchZbjMmjsiPLyexVTK+FDddC+5BsZBhEI
lcyFJYepiR1xXpI7uk2qv1j2+GRwDW7kDIipGWbyZIzBJMHHrsq/9VARteMb27BP
RoXWgr8UcAJ6Gc/wfQQQpLhv4EXZOH0BOL7lF2kLYzu754HiFfwcuU9bULwQ2VPH
8vKxFfiPDmcTO2cDjdzs5ofeRG0PyIURFSBpZ3u1OdanmANp9KM8+Ud5NHWCMtkM
JXtlZZ+4uySoJEtS6GlDw9h90bhXn8ufyRf4UNdiJsx4iB7EoX1AZZjdoCTvuurb
HpzAUTVFIXv6hi3V/3OY2iyZau51vAe7QsQ7moI0felYZvOWL17efLyySSJUB+lr
lXuaAla7fsvO/Y529YqBg+8jx29h4pi0HPCWS+cllf7Avo8fhor9Y0u8Ni4pn4yq
ISzrZZTJGwzKC15wkXUkB4DyzU9TxJBcAJ0CQlLKENFpU+yrYJ2rX1FPsdZJ86CL
r3eWbKWMQpUrmy6GGVOByROaGoo5/PBzcFq+66xQ1utVtHEp/4dtEau+iqU+BTat
54769j9aMKxKOdqs3hnl
=Ft7+
-----END PGP SIGNATURE-----
Reply to: