Bug 140589 - (CVE-2005-1918) CVE-2005-1918 tar archive path traversal issue
CVE-2005-1918 tar archive path traversal issue
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
medium Severity low
: ---
: ---
Assigned To: Peter Vrabec
Ben Levenson
: Security
Depends On:
  Show dependency treegraph
Reported: 2004-11-23 14:12 EST by Josh Bressers
Modified: 2016-05-18 14:04 EDT (History)
1 user (show)

See Also:
Fixed In Version: RHSA-2006-0195
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-02-21 09:30:39 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
I hope this patch will fix it. Could u test it please? (477 bytes, text/plain)
2005-02-17 05:44 EST, Peter Vrabec
no flags Details
Patch against the current source. (643 bytes, patch)
2005-03-31 16:53 EST, Josh Bressers
no flags Details | Diff

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2006:0195 normal SHIPPED_LIVE Low: tar security update 2006-02-21 00:00:00 EST

  None (edit)
Description Josh Bressers 2004-11-23 14:12:13 EST
There is an old path traversal issue that we've not fixed.

The text of the message describing this:

The tar patch "tar-1.13.25-dots.patch" changes....

for (;;)
if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2]))
return 1;

if (! *p++)
return 0;
while (! ISSLASH (*p));


for (;;)
if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2]))
return 1;

if (! *p++)
return 0;
while (! ISSLASH (*p));

if (! *p++)
return 0;
while ( ISSLASH (*p));

...which looks like it's an optimization, however it also changes the
answer for "/../etc/passwd" ... changing both do while's to just plain
while's should fix it.

This issue also affects RHEL 2.1
Comment 1 Peter Vrabec 2005-02-17 05:44:04 EST
Created attachment 111155 [details]
I hope this patch will fix it. Could u test it please?
Comment 2 Josh Bressers 2005-03-31 16:53:22 EST
Created attachment 112548 [details]
Patch against the current source.

Here's a patch against the current source, rather than modifying a current
patch, which is what the current patch in this bug seems to do.  By testing
this, things look good with this patch.
Comment 3 Josh Bressers 2005-05-26 17:09:36 EDT
Ping on this issue
Comment 8 Josh Bressers 2006-02-21 09:23:39 EST
Lifting embargo
Comment 9 Red Hat Bugzilla 2006-02-21 09:30:40 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.