The vulnerability of the safer_name_suffix function in the GNU Tar archive manager allows a hacker to bypass the intended security measures and write data to arbitrary files.

🗓️ 29 Oct 2019 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 5 Views

Flaw in GNU Tar safer_name_suffix permits writing to arbitrary files via lax pathname checks.

Reporter	Title	Published	Views	Family All 84
IBM Security Bulletins	Security Bulletin: IBM Flex System Manager (FSM) is affected by tar vulnerabilities (CVE-2010-0624 CVE-2016-6321)	18 Jun 201801:35	–	ibm
ALT Linux	Security fix for the ALT Linux 8 package tar version 1.29.0.19.d061-alt1	28 Mar 201700:00	–	altlinux
AlpineLinux	CVE-2016-6321	9 Dec 201622:00	–	alpinelinux
ArchLinux	[ASA-201611-11] tar: arbitrary file overwrite	3 Nov 201600:00	–	archlinux
Cloud Foundry	USN-3132-1: tar vulnerability \| Cloud Foundry	14 Dec 201600:00	–	cloudfoundry
Circl	CVE-2016-6321	26 Oct 201623:42	–	circl
CNVD	GNU Tar Security Bypass Vulnerability	4 Nov 201600:00	–	cnvd
CVE	CVE-2016-6321	9 Dec 201622:00	–	cve
Cvelist	CVE-2016-6321	9 Dec 201622:00	–	cvelist
Debian	[SECURITY] [DLA 690-1] tar security update	31 Oct 201616:01	–	debian

Vulners

Node

gnu gnu_tarRange1.14–1.29

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2016-6321
securityfocus	www.securityfocus.com/bid/93937
debian	www.debian.org/security/2016/dsa-3702
nvd	www.nvd.nist.gov/vuln/detail

28 Nov 2024 00:00Current

5.6Medium risk

Vulners AI Score5.6

CVSS 37.5

CVSS 27.8

EPSS0.15155

safer name suffix arbitrary files pathname restriction file name parameter archive manager vulnerability