安全研究

安全漏洞
GNU Tar contains_dot_dot函数远程目录遍历漏洞

发布日期:2007-08-23
更新日期:2007-11-29

受影响系统:
GNU tar <= 1.15.91
描述:
BUGTRAQ  ID: 25417
CVE(CAN) ID: CVE-2007-4131,CVE-2007-4134

GNU tar可创建和解压tar文档,并进行各种存档文件管理。

GNU tar在处理符号链接时存在漏洞,本地攻击者可能利用此漏洞提升权限或破坏文件。

GNU tar的contains_dot_dot函数没有正确地检查目录符号链接的名称,恶意用户所创建tar文档可以写入运行GNU tar的用户可写访问的任意文件。

<*来源:Tomas Hoger (thoger@redhat.com
  
  链接:http://bugzilla.redhat.com/bugzilla/long_list.cgi?buglist=251921
        http://secunia.com/advisories/26573/
        https://www.redhat.com/support/errata/RHSA-2007-0860.html
        ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-07:10.gtar.asc
        https://www.redhat.com/support/errata/RHSA-2007-0873.html
        http://www.debian.org/security/2007/dsa-1438
*>

建议:
厂商补丁:

Debian
------
Debian已经为此发布了一个安全公告(DSA-1438-1)以及相应补丁:
DSA-1438-1:New tar packages fix several vulnerabilities
链接:http://www.debian.org/security/2007/dsa-1438

补丁下载:
Source archives:

http://security.debian.org/pool/updates/main/t/tar/tar_1.14.orig.tar.gz
Size/MD5 checksum:  1485633 3094544702b1affa32d969f0b6459663
http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.4.dsc
Size/MD5 checksum:      846 cbcbbd7c638de842f913ac566c3f0b0a
http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.4.diff.gz
Size/MD5 checksum:    51869 2675ec9acdf59ba6f0c54e5325675fcf

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.4_alpha.deb
Size/MD5 checksum:   533650 c5e87a25f7c6efd0e39647249f889ca3

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.4_amd64.deb
Size/MD5 checksum:   504092 64131456790b8bc4b45e341ce0ca6040

arm architecture (ARM)

http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.4_arm.deb
Size/MD5 checksum:   502452 1374822a67eafcd4f385b43479225b7b

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.4_hppa.deb
Size/MD5 checksum:   517962 f8d1d70a5989d1cab377efdc7c821e24

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.4_i386.deb
Size/MD5 checksum:   500822 3b1099df9c1df15768f8dc568068e02f

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.4_ia64.deb
Size/MD5 checksum:   543620 3026d8ed3c4e9203b3af8e7813a7858c

m68k architecture (Motorola Mc680x0)

http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.4_m68k.deb
Size/MD5 checksum:   489264 ec8bab9c3860d11e33b4c5ebef3be8e0

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.4_mips.deb
Size/MD5 checksum:   520658 9211a627bc4bd7859bf8e3c538abf342

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.4_mipsel.deb
Size/MD5 checksum:   520438 a58746324064e51070a558102a134de3

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.4_powerpc.deb
Size/MD5 checksum:   507092 bd57425832d21b0a12843d196c2ba4f0

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.4_s390.deb
Size/MD5 checksum:   512130 cd095e0a66981c279d8d1ede88c67a60

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.4_sparc.deb
Size/MD5 checksum:   499878 062c6de1a4b1b5a0ea9da2926f5d80ec

Debian 4.0 (stable)
- -------------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/t/tar/tar_1.16-2etch1.diff.gz
Size/MD5 checksum:    31360 96eb9bcd2d8257893a4f530eb00c9da5
http://security.debian.org/pool/updates/main/t/tar/tar_1.16.orig.tar.gz
Size/MD5 checksum:  2199571 d971b9d6114ad0527ef89fab0d3167e0
http://security.debian.org/pool/updates/main/t/tar/tar_1.16-2etch1.dsc
Size/MD5 checksum:      871 c7d9d75758a04174348cd65bb7aaab16

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/t/tar/tar_1.16-2etch1_alpha.deb
Size/MD5 checksum:   738546 c181b637bb4ed83619c0086bb3d19312

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/t/tar/tar_1.16-2etch1_amd64.deb
Size/MD5 checksum:   714108 b7287060cfefae808c694a60f9cb421c

arm architecture (ARM)

http://security.debian.org/pool/updates/main/t/tar/tar_1.16-2etch1_arm.deb
Size/MD5 checksum:   671036 c20ed223967ec38af1ddf88d1b49eff9

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/t/tar/tar_1.16-2etch1_hppa.deb
Size/MD5 checksum:   695748 69013bb176a94d2ef6d17342728ed3f8

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/t/tar/tar_1.16-2etch1_i386.deb
Size/MD5 checksum:   675590 5630796721944b8f6c261628b0f2b18d

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/t/tar/tar_1.16-2etch1_ia64.deb
Size/MD5 checksum:   807488 0e4fd97fd5fef6a0b4fd6edba44ec9ca

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/t/tar/tar_1.16-2etch1_mips.deb
Size/MD5 checksum:   701392 c627d531a2d02d652a8fb220f90e51e1

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/t/tar/tar_1.16-2etch1_mipsel.deb
Size/MD5 checksum:   701162 979cdb4ee29782a1b9fa1d68c5de05ee

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/t/tar/tar_1.16-2etch1_powerpc.deb
Size/MD5 checksum:   683616 73c25ecbdbf6aac0c814b1b16cdf99ab

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/t/tar/tar_1.16-2etch1_s390.deb
Size/MD5 checksum:   694000 2364d67dcc6eb6b160590189fa4553ad

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/t/tar/tar_1.16-2etch1_sparc.deb
Size/MD5 checksum:   668548 ec9e0a954b64ca8cbf8af1412870b8d8

补丁安装方法:

1. 手工安装补丁包:

  首先,使用下面的命令来下载补丁软件:
  # wget url  (url是补丁下载链接地址)

  然后,使用下面的命令来安装补丁:  
  # dpkg -i file.deb (file是相应的补丁名)

2. 使用apt-get自动安装补丁包:

   首先,使用下面的命令更新内部数据库:
   # apt-get update
  
   然后,使用下面的命令安装更新软件包:
   # apt-get upgrade

FreeBSD
-------
FreeBSD已经为此发布了一个安全公告(FreeBSD-SA-07:10)以及相应补丁:
FreeBSD-SA-07:10:gtar directory traversal vulnerability
链接:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-07:10.gtar.asc

补丁下载:

1) 将有漏洞的系统升级到5-STABLE,或修改日期之后的RELENG_5_5安全版本。

2) 为当前系统打补丁:

以下补丁确认可应用于FreeBSD 5.5系统。

a) 从以下位置下载相关补丁,并使用PGP工具验证附带的PGP签名。

# fetch http://security.FreeBSD.org/patches/SA-07:10/gtar.patch
# fetch http://security.FreeBSD.org/patches/SA-07:10/gtar.patch.asc

b) 以root执行以下命令:

# cd /usr/src
# patch < /path/to/patch
# cd /usr/src/gnu/usr.bin/tar
# make obj && make depend && make && make install

RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2007:0873-01)以及相应补丁:
RHSA-2007:0873-01:Moderate: star security update
链接:https://www.redhat.com/support/errata/RHSA-2007-0873.html

浏览次数:3657
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障
关于我们
公司介绍
公司荣誉
公司新闻
联系我们
公司总部
分支机构
海外机构
快速链接
绿盟云
绿盟威胁情报中心NTI
技术博客