Bug#802702: CVE-2011-5325: busybox: Directory traversal via crafted tar file which contains a symlink pointing outside of the current directory

To: Ben Hutchings <ben@decadent.org.uk>, Petter Reinholdtsen <pere@hungry.com>, 802702@bugs.debian.org, Henri Salo <henri@nerv.fi>
Subject: Bug#802702: CVE-2011-5325: busybox: Directory traversal via crafted tar file which contains a symlink pointing outside of the current directory
From: Chris Lamb <lamby@debian.org>
Date: Wed, 29 Jun 2016 13:57:58 +0100
Message-id: <[🔎] 1467205078.2797928.651917073.2CB466BB@webmail.messagingengine.com>
Reply-to: Chris Lamb <lamby@debian.org>, 802702@bugs.debian.org
In-reply-to: <[🔎] 1467204665.2551.115.camel@decadent.org.uk>
References: <1447174316.2101723.435141297.4D521B6E@webmail.messagingengine.com> <[🔎] 20160629062943.GA27671@diskless.uio.no> <[🔎] 1467185439.2731493.651661161.583AA4F7@webmail.messagingengine.com> <[🔎] 2fleg7g5qyq.fsf@diskless.uio.no> <[🔎] 1467204665.2551.115.camel@decadent.org.uk>

> busybox tar should do basically the same as GNU tar

Indeed. The implementation wasn't quite as straightforward or as clean as fixing the symlinks case, hence why my patch on upstream's bugtracker only addresses that part.


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

Reply to:

References:
- Bug#802702: CVE-2011-5325: busybox: Directory traversal via crafted tar file which contains a symlink pointing outside of the current directory
  - From: Petter Reinholdtsen <pere@hungry.com>
- Bug#802702: CVE-2011-5325: busybox: Directory traversal via crafted tar file which contains a symlink pointing outside of the current directory
  - From: Chris Lamb <lamby@debian.org>
- Bug#802702: CVE-2011-5325: busybox: Directory traversal via crafted tar file which contains a symlink pointing outside of the current directory
  - From: Petter Reinholdtsen <pere@hungry.com>
- Bug#802702: CVE-2011-5325: busybox: Directory traversal via crafted tar file which contains a symlink pointing outside of the current directory
  - From: Ben Hutchings <ben@decadent.org.uk>

Prev by Date: Bug#802702: CVE-2011-5325: busybox: Directory traversal via crafted tar file which contains a symlink pointing outside of the current directory
Next by Date: Re: Installation guide architecture table update
Previous by thread: Bug#802702: CVE-2011-5325: busybox: Directory traversal via crafted tar file which contains a symlink pointing outside of the current directory
Next by thread: Installation guide architecture table update
Index(es):
- Date
- Thread