CVE-2016-6321

7.5HIGH

Key Information:

Vendor: Gnu
Status: Tar
Vendor: CVE Published:; 9 December 2016

Summary

Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.

References

http://seclists.org/fulldisclosure/2016/Oct/102

mailing-listx_refsource_FULLDISC

http://www.securityfocus.com/bid/93937

vdb-entryx_refsource_BID

https://security.gentoo.org/glsa/201611-19

vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 9, 2016
Vulnerability Reserved
Jul 26, 2016

.