CVE-2016-6321
CVE-2016-6321
Vexday Risk Score
26Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7.5EPSS 15.2%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Ciclo de vida
09 dic 2016Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Productos afectados
n/a · n/a¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165dhttp://lists.gnu.org/archive/html/bug-tar/2016-10/msg00016.htmlhttp://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.htmlhttp://seclists.org/fulldisclosure/2016/Oct/102http://seclists.org/fulldisclosure/2016/Oct/96https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3Ehttps://security.gentoo.org/glsa/201611-19https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txthttp://www.debian.org/security/2016/dsa-3702http://www.securityfocus.com/bid/93937http://www.ubuntu.com/usn/USN-3132-1