Bug#774716: paxtar: directory traversal vulnerabilities

To: Alexander Cherepanov <cherepan@mccme.ru>, 774716@bugs.debian.org
Subject: Bug#774716: paxtar: directory traversal vulnerabilities
From: Thorsten Glaser <tg@mirbsd.de>
Date: Tue, 6 Jan 2015 18:52:40 +0000 (UTC)
Message-id: <[🔎] Pine.BSM.4.64L.1501061851350.9019@herc.mirbsd.org>
Reply-to: Thorsten Glaser <tg@mirbsd.de>, 774716@bugs.debian.org
In-reply-to: <[🔎] 54AC2C7C.1020005@mccme.ru>
References: <[🔎] 54AC2C7C.1020005@mccme.ru>

Alexander Cherepanov dixit:

> 1. paxtar will extract files with .. components in names.

> 2. While extracting an archive, it will extract symlinks and then follow them
> if they are referenced in further entries.

Please check if any of these are required by POSIX and, if not,
report this bug to OpenBSD. The code is indirectly derived from
their src/bin/pax/ in CVS.

Thanks,
//mirabilos
-- 
> Hi, does anyone sell openbsd stickers by themselves and not packaged
> with other products?
No, the only way I've seen them sold is for $40 with a free OpenBSD CD.
	-- Haroon Khalid and Steve Shockley in gmane.os.openbsd.misc

Reply to:

References:
- Bug#774716: paxtar: directory traversal vulnerabilities
  - From: Alexander Cherepanov <cherepan@mccme.ru>

Prev by Date: Bug#711685: marked as done (pbbuttonsd is not rewritten for kernel 3.2)
Next by Date: Bug#774716: paxtar: directory traversal vulnerabilities
Previous by thread: Bug#774716: paxtar: directory traversal vulnerabilities
Next by thread: Processed: Re: Bug#774716: paxtar: directory traversal vulnerabilities
Index(es):
- Date
- Thread