CVE-2016-6321
Description
Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
11.143
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in GNU Tar 1.15.1 | Windows |
| Vulnerabilities CVE-2006-0300,CVE-2007-4131,CVE-2010-0624,CVE-2016-6321 are affected in GNU Tar 1.14 | Windows |
| Vulnerabilities CVE-2006-0300,CVE-2007-4131,CVE-2010-0624,CVE-2016-6321 are affected in GNU Tar 1.15 | Windows |
| Vulnerabilities CVE-2006-0300,CVE-2007-4131,CVE-2010-0624,CVE-2016-6321 are affected in GNU Tar 1.15.90 | Windows |
| Vulnerabilities CVE-2006-6097,CVE-2007-4131,CVE-2010-0624,CVE-2016-6321 are affected in GNU Tar 1.16 | Windows |
| Vulnerabilities CVE-2007-4131,CVE-2010-0624,CVE-2016-6321 are affected in GNU Tar 1.15.91 | Windows |
| Vulnerabilities CVE-2010-0624,CVE-2016-6321 are affected in GNU Tar 1.16.1 | Windows |
| Vulnerabilities CVE-2010-0624,CVE-2016-6321 are affected in GNU Tar 1.17 | Windows |
| Vulnerabilities CVE-2010-0624,CVE-2016-6321 are affected in GNU Tar 1.18 | Windows |
| Vulnerabilities CVE-2010-0624,CVE-2016-6321 are affected in GNU Tar 1.19 | Windows |
| Vulnerabilities CVE-2010-0624,CVE-2016-6321 are affected in GNU Tar 1.20 | Windows |
| Vulnerabilities CVE-2010-0624,CVE-2016-6321 are affected in GNU Tar 1.21 | Windows |
| Vulnerabilities CVE-2010-0624,CVE-2016-6321 are affected in GNU Tar 1.22 | Windows |
| Vulnerabilities CVE-2016-6321 are affected in GNU Tar 1.23 | Windows |
| Vulnerabilities CVE-2016-6321 are affected in GNU Tar 1.24 | Windows |
| Vulnerabilities CVE-2016-6321 are affected in GNU Tar 1.25 | Windows |
| Vulnerabilities CVE-2016-6321 are affected in GNU Tar 1.26 | Windows |
| Vulnerabilities CVE-2016-6321 are affected in GNU Tar 1.27 | Windows |
| Vulnerabilities CVE-2016-6321 are affected in GNU Tar 1.27.1 | Windows |
| Vulnerabilities CVE-2016-6321 are affected in GNU Tar 1.28 | Windows |
| Vulnerabilities CVE-2016-6321 are affected in GNU Tar 1.29 | Windows |
| GNU version of the tar archiving utility (USN-3132-1) tar_1.26-4ubuntu1.1_i386.deb | Linux |
| GNU version of the tar archiving utility (USN-3132-1) tar_1.26-4ubuntu1.1_amd64.deb | Linux |
| GNU version of the tar archiving utility (USN-3132-1) tar_1.27.1-1ubuntu0.1_i386.deb | Linux |
| GNU version of the tar archiving utility (USN-3132-1) tar_1.27.1-1ubuntu0.1_amd64.deb | Linux |
| GNU version of the tar archiving utility (USN-3132-1) tar_1.28-2.1ubuntu0.1_i386.deb | Linux |
| GNU version of the tar archiving utility (USN-3132-1) tar_1.28-2.1ubuntu0.1_amd64.deb | Linux |
| tar security update(DSA-3702-1) tar_1.27.1-2+deb8u1_kfreebsd-i386.deb | Linux |
| tar security update(DSA-3702-1) tar_1.27.1-2+deb8u1_kfreebsd-amd64.deb | Linux |
| SUSE-SU-2016:2895-1(SUSE Linux Enterprise Server 11-SP4 ) tar-1.26-1.2.10.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2896-1(SUSE Linux Enterprise Desktop 12-SP1 ) tar-1.27.1-11.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2896-1(SUSE Linux Enterprise Desktop 12-SP1 ) tar-debuginfo-1.27.1-11.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2896-1(SUSE Linux Enterprise Desktop 12-SP1 ) tar-debugsource-1.27.1-11.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2896-1(SUSE Linux Enterprise Desktop 12-SP1 ) tar-lang-1.27.1-11.1.noarch.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234