CVE-2016-6321

HIGH

GNU tar <1.30 - Path Traversal

Title source: llm

Description

Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.

References (12)

[Issue Tracking, Patch] http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d

[Mailing List, Vendor Advisory] http://lists.gnu.org/archive/html/bug-tar/2016-10/msg00016.html

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html

[Mailing List, Patch, Third Party Advisory] http://seclists.org/fulldisclosure/2016/Oct/102

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2016/Oct/96

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/93937

[Vendor Advisory] http://www.ubuntu.com/usn/USN-3132-1

[Mailing List] https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E

[Third Party Advisory] https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt

[Third Party Advisory] http://www.debian.org/security/2016/dsa-3702

[Third Party Advisory] https://security.gentoo.org/glsa/201611-19

[Mailing List] https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E

Scores

CVSS v3 7.5

EPSS 0.1114

EPSS Percentile 93.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Classification

CWE

CWE-22

Status draft

Affected Products (21)

gnu/tar

gnu/tar

gnu/tar

gnu/tar

gnu/tar

gnu/tar

gnu/tar

gnu/tar

gnu/tar

gnu/tar

gnu/tar

gnu/tar

gnu/tar

gnu/tar

gnu/tar

... and 6 more

Timeline

Published Dec 09, 2016

Tracked Since Feb 18, 2026