Control: retitle -1 paxtar: directory traversal vulnerabilities (CVE-2015-1193
CVE-2015-1194)
Hi,
According to MITRE the following two CVEs were assigned for pax:
Use CVE-2015-1193 for the .. path traversal (CWE-22).
Use CVE-2015-1194 for the symlink following, which can allow access
Package: pax
Version: 1:20140703-2
Tags: security
paxtar is susceptible to directory traversal vulnerabilities. They can
be exploited by a rogue archive to write files outside the current
directory.
1. paxtar will extract files with .. components in names.
For example, let's create a sample
Alexander Cherepanov dixit:
1. paxtar will extract files with .. components in names.
2. While extracting an archive, it will extract symlinks and then follow them
if they are referenced in further entries.
Please check if any of these are required by POSIX and, if not,
report this bug to
3 matches
Mail list logo