Bug 564368 (CVE-2010-0624)

Summary: CVE-2010-0624 tar, cpio: Heap-based buffer overflow by expanding a specially-crafted archive
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: jscotka, kdudka, kreilly, mcermak, mjc, ovasik, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=moderate,source=researcher,reported=20100212,public=20100310,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cwe=CWE-122[auto]
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-03-29 07:21:35 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Bug Depends On: 568023, 568024, 568025, 568026, 568030, 568068, 568069, 568070, 568071, 568072, 571842, 571843, 572149, 572150, 826654    
Bug Blocks:    
Attachments:
Description Flags
Patch to fix rtapelib overflow none

Description Jan Lieskovsky 2010-02-12 09:47:47 EST
A heap-based buffer overflow flaw was found in the way tar and 
cpio archive manipulation tools expanded archives with certain
character in the archive name. If a local user was tricked into
expanding a specially-crafted archive, it could cause the tar,
cpio executables to crash or, potentially, to execute arbitrary
code with the privileges of the user running the utility.

Link to advisory:
  [1] http://www.agrs.tu-berlin.de/index.php?id=78327 

Acknowledgements:

Red Hat would like to thank Jakob Lell for responsibly reporting
this issue.
Comment 13 Ondrej Vasik 2010-02-22 09:49:47 EST
Created attachment 395483 [details]
Patch to fix rtapelib overflow

This simple twoliner patch should fix the issue.
Comment 25 Jan Lieskovsky 2010-03-10 07:15:35 EST
Public now via [1], removing embargo.
Comment 28 Fedora Update System 2010-03-10 08:27:14 EST
tar-1.22-16.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/tar-1.22-16.fc13
Comment 29 Fedora Update System 2010-03-10 08:42:07 EST
tar-1.22-12.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/tar-1.22-12.fc12
Comment 30 Fedora Update System 2010-03-10 08:42:14 EST
tar-1.22-5.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/tar-1.22-5.fc11
Comment 31 Fedora Update System 2010-03-10 09:36:10 EST
cpio-2.10-5.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/cpio-2.10-5.fc12
Comment 32 Fedora Update System 2010-03-10 09:36:29 EST
cpio-2.10-6.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/cpio-2.10-6.fc13
Comment 33 Fedora Update System 2010-03-10 09:48:52 EST
cpio-2.9.90-8.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/cpio-2.9.90-8.fc11
Comment 34 Fedora Update System 2010-03-14 09:45:03 EDT
tar-1.22-16.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 35 errata-xmlrpc 2010-03-15 19:55:37 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 5

Via RHSA-2010:0141 https://rhn.redhat.com/errata/RHSA-2010-0141.html
Comment 36 errata-xmlrpc 2010-03-15 20:20:02 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 3

Via RHSA-2010:0142 https://rhn.redhat.com/errata/RHSA-2010-0142.html
Comment 37 errata-xmlrpc 2010-03-15 20:40:37 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4

Via RHSA-2010:0143 https://rhn.redhat.com/errata/RHSA-2010-0143.html
Comment 38 errata-xmlrpc 2010-03-15 21:15:28 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2010:0144 https://rhn.redhat.com/errata/RHSA-2010-0144.html
Comment 39 errata-xmlrpc 2010-03-15 21:37:28 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 3

Via RHSA-2010:0145 https://rhn.redhat.com/errata/RHSA-2010-0145.html
Comment 40 Fedora Update System 2010-03-16 19:16:08 EDT
tar-1.22-12.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 41 Fedora Update System 2010-03-16 19:18:53 EDT
cpio-2.10-5.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 42 Fedora Update System 2010-03-19 23:37:02 EDT
cpio-2.10-6.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 43 Fedora Update System 2010-03-26 20:57:32 EDT
cpio-2.9.90-8.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 44 Fedora Update System 2010-03-26 21:00:33 EDT
tar-1.22-5.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.