Control: retitle -1 paxtar: directory traversal vulnerabilities (CVE-2015-1193
CVE-2015-1194)
Hi,
According to MITRE the following two CVEs were assigned for pax:
> Use CVE-2015-1193 for the .. path traversal (CWE-22).
>
> Use CVE-2015-1194 for the symlink following, which can allow access out
Alexander Cherepanov dixit:
> 1. paxtar will extract files with .. components in names.
> 2. While extracting an archive, it will extract symlinks and then follow them
> if they are referenced in further entries.
Please check if any of these are required by POSIX and, if not,
report this bug to
Package: pax
Version: 1:20140703-2
Tags: security
paxtar is susceptible to directory traversal vulnerabilities. They can
be exploited by a rogue archive to write files outside the current
directory.
1. paxtar will extract files with .. components in names.
For example, let's create a sample
3 matches
Mail list logo
