The two functions, “tar_extract_glob()” and “tar_extract_all()”, do not properly verify path prefixes, which could allow an attacker to create a malicious archive that would overwrite existing files upon extraction, potentially leading to system compromise.
libtar 1.2.20 and prior
No Exploit Available
This vulnerability allows an attacker to use file path prefixes to extract files in an archive to overwrite other files on the system upon extraction. This could be used to overwrite targeted files, leading to system compromise.
BeyondTrust Prevention and Detection:
BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
- 31011 - libtar Directory Traversal Vulnerabilities (20131011)
No mitigation is currently available.