gtar -- name mangling symlink vulnerability

ID 44449BF7-C69B-11DB-9F82-000E0C2E438A
Type freebsd
Reporter FreeBSD
Modified 2016-08-09T00:00:00


Problem Description: Symlinks created using the "GNUTYPE_NAMES" tar extension can be absolute due to lack of proper sanity checks. Impact: If an attacker can get a user to extract a specially crafted tar archive the attacker can overwrite arbitrary files with the permissions of the user running gtar. If file system permissions allow it, this may allow the attacker to overwrite important system file (if gtar is being run as root), or important user configuration files such as .tcshrc or .bashrc, which would allow the attacker to run arbitrary commands. Workaround: Use "bsdtar", which is the default tar implementation in FreeBSD 5.3 and higher. For FreeBSD 4.x, bsdtar is available in the FreeBSD Ports Collection as ports/archivers/libarchive.