CVE-2016-6321

HIGH

GNU tar 1.14-1.29 - Path Traversal via File Name Parameter

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.

References (12)

Core 12
Core References
Mailing List, Patch, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2016/Oct/102
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/93937
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201611-19
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2016/Oct/96
Mailing List, Vendor Advisory mailing-list x_refsource_mlist
http://lists.gnu.org/archive/html/bug-tar/2016-10/msg00016.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2016/dsa-3702
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-3132-1

Scores

CVSS v3 7.5
EPSS 0.1858
EPSS Percentile 95.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-22
Status published
Products (21)
gnu/tar 1.14
gnu/tar 1.15
gnu/tar 1.15.1
gnu/tar 1.15.90
gnu/tar 1.15.91
gnu/tar 1.16
gnu/tar 1.16.1
gnu/tar 1.17
gnu/tar 1.18
gnu/tar 1.19
... and 11 more
Published Dec 09, 2016
Tracked Since Feb 18, 2026