BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

libtar Directory Traversal Vulnerabilities

Disclosed October 1, 2013    Fully Patched

Vulnerability Description:

The two functions, “tar_extract_glob()” and “tar_extract_all()”, do not properly verify path prefixes, which could allow an attacker to create a malicious archive that would overwrite existing files upon extraction, potentially leading to system compromise.

Vendors:

libtar

Vulnerable Software/Devices:

libtar 1.2.20 and prior

Vulnerability Severity:

Low

Exploit Availability:

No Exploit Available

Exploit Impact:

Security Bypass
This vulnerability allows an attacker to use file path prefixes to extract files in an archive to overwrite other files on the system upon extraction. This could be used to overwrite targeted files, leading to system compromise.

BeyondTrust Prevention and Detection:

BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

  • 31011 - libtar Directory Traversal Vulnerabilities (20131011)

Mitigation:

No mitigation is currently available.

Links:

CVE(s):