Bug 115914 - [patch] archivers/gtar directory traversal vulnerability
Summary: [patch] archivers/gtar directory traversal vulnerability
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Christian Weisgerber
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-08-28 23:50 UTC by Nick Barkas
Modified: 2007-09-01 17:10 UTC (History)
0 users

See Also:

Attachments
file.diff (2.28 KB, patch)
2007-08-28 23:50 UTC, Nick Barkas 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Nick Barkas 2007-08-28 23:50:01 UTC 
As reported here http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4131:

"Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive."

Attached is a patch to archivers/gtar that adds a tiny patch that I believe fixes this bug that was committed to gtar's cvs repository. Concatenated onto the same file (seems like the web interface only lets me upload a single patch) is another patch to security/vuxml/vuln.xml, adding a VuXML entry for this vulnerability.

Fix: Patch attached with submission follows:
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2007-08-28 23:50:14 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->naddy

Over to maintainer
Comment 2 Christian Weisgerber freebsd_committer freebsd_triage 2007-08-29 18:16:27 UTC 
State Changed
From-To: open->analyzed

The proposed patch is faulty.  It causes gtar to hang when extracting 
symlinks.  (Regression test #19.)
Comment 3 dfilter service freebsd_committer freebsd_triage 2007-09-01 17:02:52 UTC 
naddy       2007-09-01 16:02:47 UTC

  FreeBSD ports repository

  Modified files:
    archivers/gtar       Makefile 
  Added files:
    archivers/gtar/files patch-src_names.c 
  Log:
  Fix directory traversal vulnerability.
  
  PR:             115914
  Submitted by:   Nick Barkas <snb@threerings.net>
  Security:       http://www.vuxml.org/freebsd/d944719e-42f4-4864-89ed-f045b541919f.html
  
  Revision  Changes    Path
  1.56      +1 -0      ports/archivers/gtar/Makefile
  1.1       +18 -0     ports/archivers/gtar/files/patch-src_names.c (new)
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 4 dfilter service freebsd_committer freebsd_triage 2007-09-01 17:04:27 UTC 
naddy       2007-09-01 16:04:24 UTC

  FreeBSD ports repository

  Modified files:
    security/vuxml       vuln.xml 
  Log:
  Document gtar directory traversal vulnerability.
  
  PR:             115914
  Submitted by:   Nick Barkas <snb@threerings.net>
  
  Revision  Changes    Path
  1.1408    +33 -1     ports/security/vuxml/vuln.xml
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 5 Christian Weisgerber freebsd_committer freebsd_triage 2007-09-01 17:04:45 UTC 
State Changed
From-To: analyzed->closed

Committed after I finally spotted the extraneous semicolon. 
Thanks.