LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: September 19th, 2014
Linux Security Week: September 15th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: 'unzip/tar' Directory traversal vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
RedHat Linux The unzip and tar utilities contain vulnerabilities which can allowarbitrary files to be overwritten during archive extraction.

---------------------------------------------------------------------
                   Red Hat, Inc. Red Hat Security Advisory

Synopsis:          Updated unzip and tar packages fix vulnerabilities
Advisory ID:       RHSA-2002:096-24
Issue date:        2002-05-20
Updated on:        2002-09-18
Product:           Red Hat Linux
Keywords:          unzip tar path unpack
Cross references:  
Obsoletes:         
CVE Names:         CAN-2001-1267 CAN-2001-1268 CAN-2001-1269 CAN-2002-0399
---------------------------------------------------------------------

1. Topic:

The unzip and tar utilities contain vulnerabilities which can allow
arbitrary files to be overwritten during archive extraction.

2. Relevant releases/architectures:

Red Hat Linux 6.2 - alpha, i386, sparc
Red Hat Linux 7.0 - alpha, i386
Red Hat Linux 7.1 - alpha, i386, ia64
Red Hat Linux 7.2 - i386, ia64
Red Hat Linux 7.3 - i386

3. Problem description:

The unzip and tar utilities are used for manipulating archives, which
are multiple files stored inside of a single file.

A directory traversal vulnerability in unzip version 5.42 and earlier,
as well as GNU tar 1.13.19 and earlier, allows attackers to overwrite
arbitrary files during archive extraction via a ".." (dot dot) in an
extracted filename. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2001-1267 and CAN-2001-1268 to
this issue. 

In addition, unzip version 5.42 and earlier also allows attackers to
overwrite arbitrary files during archive extraction via filenames in the
archive that begin with the "/" (slash) character. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2001-1269 to this issue.

During testing of the fix to GNU tar, it was discovered that GNU tar
1.13.25 was still vulnerable to a modified version of the same problem. Red
Hat has provided a patch to tar 1.3.25 to correct this problem. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2002-0399 to this issue.

Users of unzip and tar are advised to upgrade to these errata packages,
containing unzip version 5.50 (for Red Hat Linux 6.2, 7, 7.1, and 7.2) and
a patched version of GNU tar 1.13.25 (for Red Hat Linux 6.2, 7, 7.1, 7.2,
and 7.3), which are not vulnerable to these issues.

Important Note: For users of Red Hat Linux 6.2 and 7 only, these errata
packages change one of the command line options for tar.  Previously the
'-I' option was used to enable bzip2 compression, while in these errata
packages the option has changed to '-j'.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory *only* contains
the desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. RPMs required:

Red Hat Linux 6.2:

SRPMS: 
ftp://updates.Red Hat.com/6.2/en/os/SRPMS/unzip-5.50-1.62.src.rpm 
ftp://updates.Red Hat.com/6.2/en/os/SRPMS/tar-1.13.25-1.6.src.rpm

alpha: 
ftp://updates.Red Hat.com/6.2/en/os/alpha/unzip-5.50-1.62.alpha.rpm 
ftp://updates.Red Hat.com/6.2/en/os/alpha/tar-1.13.25-1.6.alpha.rpm

i386: 
ftp://updates.Red Hat.com/6.2/en/os/i386/unzip-5.50-1.62.i386.rpm 
ftp://updates.Red Hat.com/6.2/en/os/i386/tar-1.13.25-1.6.i386.rpm

sparc: 
ftp://updates.Red Hat.com/6.2/en/os/sparc/unzip-5.50-1.62.sparc.rpm 
ftp://updates.Red Hat.com/6.2/en/os/sparc/tar-1.13.25-1.6.sparc.rpm

Red Hat Linux 7.0:

SRPMS: 
ftp://updates.Red Hat.com/7.0/en/os/SRPMS/unzip-5.50-2.src.rpm 
ftp://updates.Red Hat.com/7.0/en/os/SRPMS/tar-1.13.25-4.7.1.src.rpm

alpha: 
ftp://updates.Red Hat.com/7.0/en/os/alpha/unzip-5.50-2.alpha.rpm 
ftp://updates.Red Hat.com/7.0/en/os/alpha/tar-1.13.25-4.7.1.alpha.rpm

i386: 
ftp://updates.Red Hat.com/7.0/en/os/i386/unzip-5.50-2.i386.rpm 
ftp://updates.Red Hat.com/7.0/en/os/i386/tar-1.13.25-4.7.1.i386.rpm

Red Hat Linux 7.1:

SRPMS: 
ftp://updates.Red Hat.com/7.1/en/os/SRPMS/unzip-5.50-2.src.rpm 
ftp://updates.Red Hat.com/7.1/en/os/SRPMS/tar-1.13.25-4.7.1.src.rpm

alpha: 
ftp://updates.Red Hat.com/7.1/en/os/alpha/unzip-5.50-2.alpha.rpm 
ftp://updates.Red Hat.com/7.1/en/os/alpha/tar-1.13.25-4.7.1.alpha.rpm

i386: 
ftp://updates.Red Hat.com/7.1/en/os/i386/unzip-5.50-2.i386.rpm 
ftp://updates.Red Hat.com/7.1/en/os/i386/tar-1.13.25-4.7.1.i386.rpm

ia64: 
ftp://updates.Red Hat.com/7.1/en/os/ia64/unzip-5.50-2.ia64.rpm 
ftp://updates.Red Hat.com/7.1/en/os/ia64/tar-1.13.25-4.7.1.ia64.rpm

Red Hat Linux 7.2:

SRPMS: 
ftp://updates.Red Hat.com/7.2/en/os/SRPMS/unzip-5.50-2.src.rpm 
ftp://updates.Red Hat.com/7.2/en/os/SRPMS/tar-1.13.25-4.7.1.src.rpm

i386: 
ftp://updates.Red Hat.com/7.2/en/os/i386/unzip-5.50-2.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/tar-1.13.25-4.7.1.i386.rpm

ia64: 
ftp://updates.Red Hat.com/7.2/en/os/ia64/unzip-5.50-2.ia64.rpm 
ftp://updates.Red Hat.com/7.2/en/os/ia64/tar-1.13.25-4.7.1.ia64.rpm

Red Hat Linux 7.3:

SRPMS: 
ftp://updates.Red Hat.com/7.3/en/os/SRPMS/tar-1.13.25-4.7.1.src.rpm

i386: 
ftp://updates.Red Hat.com/7.3/en/os/i386/tar-1.13.25-4.7.1.i386.rpm



6. Verification:

MD5 sum                          Package Name
--------------------------------------------------------------------------
bb301fb39190fdfbc17f0c8c172f920a 6.2/en/os/SRPMS/tar-1.13.25-1.6.src.rpm
5dcc6924500aa5f7858ae266a5f8998b 6.2/en/os/SRPMS/unzip-5.50-1.62.src.rpm
fef15632b9bcf32d14356654134c53c5 6.2/en/os/alpha/tar-1.13.25-1.6.alpha.rpm
2b3d7a3a5ec06ced671e8e338f3e6c4e 6.2/en/os/alpha/unzip-5.50-1.62.alpha.rpm
81004b0dd856b5e68847d7b3c98df7fc 6.2/en/os/i386/tar-1.13.25-1.6.i386.rpm
9bae9f9eb1f4465aef6d8e88fc651cbd 6.2/en/os/i386/unzip-5.50-1.62.i386.rpm
ac09b26f328364bcbffef59d92b7544c 6.2/en/os/sparc/tar-1.13.25-1.6.sparc.rpm
a68f875f73dc8551a65018ab46bb28c3 6.2/en/os/sparc/unzip-5.50-1.62.sparc.rpm
0b54c5bd9400cdedd26bdf64d9e69a80 7.0/en/os/SRPMS/tar-1.13.25-4.7.1.src.rpm
2c1387cc558515919e2585b5708fd219 7.0/en/os/SRPMS/unzip-5.50-2.src.rpm
c12063f58936ceb68848530b8e69d304 7.0/en/os/alpha/tar-1.13.25-4.7.1.alpha.rpm
25e5cb389451c393a58c8e2755180925 7.0/en/os/alpha/unzip-5.50-2.alpha.rpm
fb5f89ea78abb60d50424dda0ac0db79 7.0/en/os/i386/tar-1.13.25-4.7.1.i386.rpm
877f4fda6198e604b539fb85664a3aad 7.0/en/os/i386/unzip-5.50-2.i386.rpm
0b54c5bd9400cdedd26bdf64d9e69a80 7.1/en/os/SRPMS/tar-1.13.25-4.7.1.src.rpm
2c1387cc558515919e2585b5708fd219 7.1/en/os/SRPMS/unzip-5.50-2.src.rpm
c12063f58936ceb68848530b8e69d304 7.1/en/os/alpha/tar-1.13.25-4.7.1.alpha.rpm
25e5cb389451c393a58c8e2755180925 7.1/en/os/alpha/unzip-5.50-2.alpha.rpm
fb5f89ea78abb60d50424dda0ac0db79 7.1/en/os/i386/tar-1.13.25-4.7.1.i386.rpm
877f4fda6198e604b539fb85664a3aad 7.1/en/os/i386/unzip-5.50-2.i386.rpm
a8aa3558565507d16f8cb91b6fed5d88 7.1/en/os/ia64/tar-1.13.25-4.7.1.ia64.rpm
f233de217386e5913b6460d22022dbb6 7.1/en/os/ia64/unzip-5.50-2.ia64.rpm
0b54c5bd9400cdedd26bdf64d9e69a80 7.2/en/os/SRPMS/tar-1.13.25-4.7.1.src.rpm
2c1387cc558515919e2585b5708fd219 7.2/en/os/SRPMS/unzip-5.50-2.src.rpm
fb5f89ea78abb60d50424dda0ac0db79 7.2/en/os/i386/tar-1.13.25-4.7.1.i386.rpm
877f4fda6198e604b539fb85664a3aad 7.2/en/os/i386/unzip-5.50-2.i386.rpm
a8aa3558565507d16f8cb91b6fed5d88 7.2/en/os/ia64/tar-1.13.25-4.7.1.ia64.rpm
f233de217386e5913b6460d22022dbb6 7.2/en/os/ia64/unzip-5.50-2.ia64.rpm
0b54c5bd9400cdedd26bdf64d9e69a80 7.3/en/os/SRPMS/tar-1.13.25-4.7.1.src.rpm
fb5f89ea78abb60d50424dda0ac0db79 7.3/en/os/i386/tar-1.13.25-4.7.1.i386.rpm


These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
     http://www.Red Hat.com/about/contact/pgpkey.html

You can verify each package with the following command:
    rpm --checksig  

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg 


7. References:
 
http://online.securityfocus.com/archive/1/196445 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1267 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1268 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1269 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0399


Copyright(c) 2000, 2001, 2002 Red Hat, Inc.





 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Google to turn on encryption by default in next Android version
TOR users become FBI's No.1 hacking target after legal power grab
OWASP Releases Latest App Sec Guide
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.