As reported here http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4131: "Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive." Attached is a patch to archivers/gtar that adds a tiny patch that I believe fixes this bug that was committed to gtar's cvs repository. Concatenated onto the same file (seems like the web interface only lets me upload a single patch) is another patch to security/vuxml/vuln.xml, adding a VuXML entry for this vulnerability. Fix: Patch attached with submission follows:
Responsible Changed From-To: freebsd-ports-bugs->naddy Over to maintainer
State Changed From-To: open->analyzed The proposed patch is faulty. It causes gtar to hang when extracting symlinks. (Regression test #19.)
naddy 2007-09-01 16:02:47 UTC FreeBSD ports repository Modified files: archivers/gtar Makefile Added files: archivers/gtar/files patch-src_names.c Log: Fix directory traversal vulnerability. PR: 115914 Submitted by: Nick Barkas <snb@threerings.net> Security: http://www.vuxml.org/freebsd/d944719e-42f4-4864-89ed-f045b541919f.html Revision Changes Path 1.56 +1 -0 ports/archivers/gtar/Makefile 1.1 +18 -0 ports/archivers/gtar/files/patch-src_names.c (new) _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
naddy 2007-09-01 16:04:24 UTC FreeBSD ports repository Modified files: security/vuxml vuln.xml Log: Document gtar directory traversal vulnerability. PR: 115914 Submitted by: Nick Barkas <snb@threerings.net> Revision Changes Path 1.1408 +33 -1 ports/security/vuxml/vuln.xml _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: analyzed->closed Committed after I finally spotted the extraneous semicolon. Thanks.