Bug 140589 (CVE-2005-1918) - CVE-2005-1918 tar archive path traversal issue
Summary: CVE-2005-1918 tar archive path traversal issue
Alias: CVE-2005-1918
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Peter Vrabec
QA Contact: Ben Levenson
Depends On:
TreeView+ depends on / blocked
Reported: 2004-11-23 19:12 UTC by Josh Bressers
Modified: 2019-09-29 12:19 UTC (History)
1 user (show)

Fixed In Version: RHSA-2006-0195
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2006-02-21 14:30:39 UTC

Attachments (Terms of Use)
I hope this patch will fix it. Could u test it please? (477 bytes, text/plain)
2005-02-17 10:44 UTC, Peter Vrabec
no flags Details
Patch against the current source. (643 bytes, patch)
2005-03-31 21:53 UTC, Josh Bressers
no flags Details | Diff

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2006:0195 0 normal SHIPPED_LIVE Low: tar security update 2006-02-21 05:00:00 UTC

Internal Links: 183571

Description Josh Bressers 2004-11-23 19:12:13 UTC
There is an old path traversal issue that we've not fixed.

The text of the message describing this:

The tar patch "tar-1.13.25-dots.patch" changes....

for (;;)
if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2]))
return 1;

if (! *p++)
return 0;
while (! ISSLASH (*p));


for (;;)
if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2]))
return 1;

if (! *p++)
return 0;
while (! ISSLASH (*p));

if (! *p++)
return 0;
while ( ISSLASH (*p));

...which looks like it's an optimization, however it also changes the
answer for "/../etc/passwd" ... changing both do while's to just plain
while's should fix it.

This issue also affects RHEL 2.1

Comment 1 Peter Vrabec 2005-02-17 10:44:04 UTC
Created attachment 111155 [details]
I hope this patch will fix it. Could u test it please?

Comment 2 Josh Bressers 2005-03-31 21:53:22 UTC
Created attachment 112548 [details]
Patch against the current source.

Here's a patch against the current source, rather than modifying a current
patch, which is what the current patch in this bug seems to do.  By testing
this, things look good with this patch.

Comment 3 Josh Bressers 2005-05-26 21:09:36 UTC
Ping on this issue

Comment 8 Josh Bressers 2006-02-21 14:23:39 UTC
Lifting embargo

Comment 9 Red Hat Bugzilla 2006-02-21 14:30:40 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.