Bugtraq mailing list archives

Re: Directory traversal vulnerabilities in several archivers processing .tar

From: der Mouse <mouse () Rodents Montreal QC CA>
Date: Tue, 17 Dec 2002 18:54:41 +0100 (CET)

[...how tarfile readers don't check for .. components...]

Affected
[long list]


Not affected: my tar, when run with the appropriate option to make it
paranoid about extraction.  (With the option set, it refuses to extract
anything that would be placed anywhere not under the current
directory.  At least it's supposed to, and as far as I know it does.)

/~\ The ASCII                           der Mouse
\ / Ribbon Campaign
 X  Against HTML               mouse () rodents montreal qc ca
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Current thread:

Directory traversal vulnerabilities in several archivers processing .tar Florian Schafferhans (Dec 17)
- Re: Directory traversal vulnerabilities in several archivers processing .tar der Mouse (Dec 17)
- RE: Directory traversal vulnerabilities in several archivers processing .tar Andrew Kopp (Dec 18)
  - Re: Directory traversal vulnerabilities in several archivers processing .tar Stephen Samuel (Dec 19)
  - RE: Directory traversal vulnerabilities in several archivers processing .tar konto mailingowe (Dec 20)