Bug 1563993 - (CVE-2018-1103) CVE-2018-1103 source-to-image: Unsanitized paths in tar.go:ExtractTarStreamFromTarReader() allow malicious containers to overwrite files on the client machine
CVE-2018-1103 source-to-image: Unsanitized paths in tar.go:ExtractTarStreamFr...
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 1585579 1590175 1577289 1577290 1577291
Blocks: 1569669
  Show dependency treegraph
Reported: 2018-04-05 02:47 EDT by Sam Fowler
Modified: 2018-06-29 18:36 EDT (History)
19 users (show)

See Also:
Fixed In Version: source-to-image 1.1.10
Doc Type: If docs needed, set a value
Doc Text:
An improper validation of user input flaw was found in the source-to-image component of Openshift. An attacker who could trick a user into using the command to copy files locally, from a pod, could override files outside of the target directory of the command.
Story Points: ---
Clone Of:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Sam Fowler 2018-04-05 02:47:43 EDT
Openshift Enterprise through version 3.6 has does not properly sanitize archived filenames in source-to-image/pkg/tar/tar.go:ExtractTarStreamFromTarReader(). An attacker can exploit this with a malicous container to overwrite files on client machines when clients use "oc rsync" to connect to that container.

This is a related but separate issue to CVE-2018-1102.
Comment 1 Sam Fowler 2018-04-05 02:47:51 EDT

Name: Michael Hanselmann (Independent)
Comment 6 Doran Moppert 2018-06-12 02:57:24 EDT
Created source-to-image tracking bugs for this issue:

Affects: fedora-all [bug 1590175]

Note You need to log in before you can comment on or make changes to this bug.