CVE-2016-6321

Related Files

Ubuntu Security Notice USN-3132-1

Posted Nov 22, 2016

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3132-1 - Harry Sintonen discovered that tar incorrectly handled extracting files when path names are specified on the command line. If a user or automated system were tricked into processing a specially crafted archive, an attacker could possibly overwrite arbitrary files.

tags | advisory, arbitrary

systems | linux, ubuntu

advisories | CVE-2016-6321

SHA-256 | 82a69e51a38cce1aed5947f726654c16554c637877b98ca50d8794a1d1ad0663

Download | Favorite | View

Gentoo Linux Security Advisory 201611-19

Posted Nov 22, 2016

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201611-19 - A path traversal attack in Tar may lead to the remote execution of arbitrary code. Versions less than 1.29-r1 are affected.

tags | advisory, remote, arbitrary

systems | linux, gentoo

advisories | CVE-2016-6321

SHA-256 | 61af9c3e2fef42cd67d49fe15711105155cf77af77c4e6aaa875cbb347291165

Download | Favorite | View

GNU tar 1.29 Extract Pathname Bypass

Posted Oct 27, 2016

Authored by Harry Sintonen

The GNU tar archiver can be tricked into extracting files and directories in the given destination, regardless of the path name(s) specified on the command line. Versions 1.14 through 1.29 are affected.

tags | exploit, bypass

advisories | CVE-2016-6321

SHA-256 | 9872f2b8fb9c8365d6367de929e2a9d9f3744c7e6f836aad204d328392324992

Download | Favorite | View