nvd-json-data-feeds/CVE-2016/CVE-2016-63xx/CVE-2016-6321.json

{
  "id": "CVE-2016-6321",
  "sourceIdentifier": "secalert@redhat.com",
  "published": "2016-12-09T22:59:00.170",
  "lastModified": "2023-02-13T04:50:12.540",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de salto de directorio en la funci\u00f3n safer_name_suffix en GNU tar 1.14 hasta la versi\u00f3n 1.29 podr\u00edan permitir a atacantes remotos eludir un mecanismo de protecci\u00f3n previsto y escribir en archivos arbitarios a trav\u00e9s de vectores relacionados con una desinfecci\u00f3n inadecuada del par\u00e1metro file_name, tambi\u00e9n conocida como POINTYFEATHER."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.0
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gnu:tar:1.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "B87C1F89-63A8-4955-9C42-3B49EC1C1C78"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gnu:tar:1.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FE339D0-D585-440D-8BD4-5183833258F4"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gnu:tar:1.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8B4A20D-AAD0-4857-AC0F-D221EBB08BFD"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gnu:tar:1.15.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9B46F22-B0FB-4F99-B44E-D34E0DD5D194"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gnu:tar:1.15.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D8F228C-6DED-42A2-BE9B-944171EAC10C"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gnu:tar:1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B6D83BA-6C85-43F3-87FD-A77CC6F1D21A"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gnu:tar:1.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "205C3978-7317-48BB-ADC6-C226CCA2D379"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gnu:tar:1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7BF78BD-B860-47A4-90E9-D6CD7A6FC5AE"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gnu:tar:1.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "18BBBFFE-5A92-48C6-9DFB-7EC410FA0742"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gnu:tar:1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0619D33-E655-49E7-9D6A-5A447D71D0CD"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gnu:tar:1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "5940AA70-909E-4322-8441-ED5F87086348"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gnu:tar:1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC10F9D6-03C2-4B0D-B50A-A016A8E1AFA8"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gnu:tar:1.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23B73EA-D661-400E-AC9D-0264899C888E"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gnu:tar:1.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD42475A-D399-4C39-B6E6-D22117B3F670"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gnu:tar:1.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4951455-E524-4EE6-8F15-FF032283F253"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gnu:tar:1.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9E44CF9-2819-4E9B-908A-37032DFD86EE"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gnu:tar:1.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E3A4256-D318-4517-83A7-1DA8505AF9C9"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gnu:tar:1.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "706A2A77-2FB3-4B85-A43B-37B04AFF8895"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gnu:tar:1.27.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "26CB6029-7DC9-4009-8837-A0B49FC6C378"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gnu:tar:1.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "08D644F4-4D2A-4940-9E70-52DF635B7CF8"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gnu:tar:1.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8A547F3-7D6F-480B-AF32-08AB5FB98FAF"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d",
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch"
      ]
    },
    {
      "url": "http://lists.gnu.org/archive/html/bug-tar/2016-10/msg00016.html",
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ]
    },
    {
      "url": "http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html",
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "http://seclists.org/fulldisclosure/2016/Oct/102",
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ]
    },
    {
      "url": "http://seclists.org/fulldisclosure/2016/Oct/96",
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ]
    },
    {
      "url": "http://www.debian.org/security/2016/dsa-3702",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://www.securityfocus.com/bid/93937",
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "http://www.ubuntu.com/usn/USN-3132-1",
      "source": "secalert@redhat.com"
    },
    {
      "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E",
      "source": "secalert@redhat.com"
    },
    {
      "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E",
      "source": "secalert@redhat.com"
    },
    {
      "url": "https://security.gentoo.org/glsa/201611-19",
      "source": "secalert@redhat.com"
    },
    {
      "url": "https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt",
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ]
    }
  ]
}
bootstrap 2023-04-24 12:24:31 +02:00			`{`
			`"id": "CVE-2016-6321",`
			`"sourceIdentifier": "secalert@redhat.com",`
			`"published": "2016-12-09T22:59:00.170",`
			`"lastModified": "2023-02-13T04:50:12.540",`
			`"vulnStatus": "Modified",`
			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER."`
			`},`
			`{`
			`"lang": "es",`
			`"value": "Vulnerabilidad de salto de directorio en la funci\u00f3n safer_name_suffix en GNU tar 1.14 hasta la versi\u00f3n 1.29 podr\u00edan permitir a atacantes remotos eludir un mecanismo de protecci\u00f3n previsto y escribir en archivos arbitarios a trav\u00e9s de vectores relacionados con una desinfecci\u00f3n inadecuada del par\u00e1metro file_name, tambi\u00e9n conocida como POINTYFEATHER."`
			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV30": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "3.0",`
			`"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",`
			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "NONE",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "NONE",`
			`"integrityImpact": "HIGH",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 7.5,`
			`"baseSeverity": "HIGH"`
			`},`
			`"exploitabilityScore": 3.9,`
			`"impactScore": 3.6`
			`}`
			`],`
			`"cvssMetricV2": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "2.0",`
			`"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",`
			`"accessVector": "NETWORK",`
			`"accessComplexity": "LOW",`
			`"authentication": "NONE",`
			`"confidentialityImpact": "NONE",`
			`"integrityImpact": "PARTIAL",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 5.0`
			`},`
			`"baseSeverity": "MEDIUM",`
			`"exploitabilityScore": 10.0,`
			`"impactScore": 2.9,`
			`"acInsufInfo": false,`
			`"obtainAllPrivilege": false,`
			`"obtainUserPrivilege": false,`
			`"obtainOtherPrivilege": false,`
			`"userInteractionRequired": false`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-22"`
			`}`
			`]`
			`}`
			`],`
			`"configurations": [`
			`{`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:gnu:tar:1.14:::::::*",`
			`"matchCriteriaId": "B87C1F89-63A8-4955-9C42-3B49EC1C1C78"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:gnu:tar:1.15:::::::*",`
			`"matchCriteriaId": "7FE339D0-D585-440D-8BD4-5183833258F4"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:gnu:tar:1.15.1:::::::*",`
			`"matchCriteriaId": "B8B4A20D-AAD0-4857-AC0F-D221EBB08BFD"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:gnu:tar:1.15.90:::::::*",`
			`"matchCriteriaId": "C9B46F22-B0FB-4F99-B44E-D34E0DD5D194"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:gnu:tar:1.15.91:::::::*",`
			`"matchCriteriaId": "4D8F228C-6DED-42A2-BE9B-944171EAC10C"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:gnu:tar:1.16:::::::*",`
			`"matchCriteriaId": "7B6D83BA-6C85-43F3-87FD-A77CC6F1D21A"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:gnu:tar:1.16.1:::::::*",`
			`"matchCriteriaId": "205C3978-7317-48BB-ADC6-C226CCA2D379"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:gnu:tar:1.17:::::::*",`
			`"matchCriteriaId": "B7BF78BD-B860-47A4-90E9-D6CD7A6FC5AE"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:gnu:tar:1.18:::::::*",`
			`"matchCriteriaId": "18BBBFFE-5A92-48C6-9DFB-7EC410FA0742"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:gnu:tar:1.19:::::::*",`
			`"matchCriteriaId": "A0619D33-E655-49E7-9D6A-5A447D71D0CD"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:gnu:tar:1.20:::::::*",`
			`"matchCriteriaId": "5940AA70-909E-4322-8441-ED5F87086348"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:gnu:tar:1.21:::::::*",`
			`"matchCriteriaId": "DC10F9D6-03C2-4B0D-B50A-A016A8E1AFA8"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:gnu:tar:1.22:::::::*",`
			`"matchCriteriaId": "F23B73EA-D661-400E-AC9D-0264899C888E"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:gnu:tar:1.23:::::::*",`
			`"matchCriteriaId": "AD42475A-D399-4C39-B6E6-D22117B3F670"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:gnu:tar:1.24:::::::*",`
			`"matchCriteriaId": "E4951455-E524-4EE6-8F15-FF032283F253"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:gnu:tar:1.25:::::::*",`
			`"matchCriteriaId": "C9E44CF9-2819-4E9B-908A-37032DFD86EE"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:gnu:tar:1.26:::::::*",`
			`"matchCriteriaId": "9E3A4256-D318-4517-83A7-1DA8505AF9C9"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:gnu:tar:1.27:::::::*",`
			`"matchCriteriaId": "706A2A77-2FB3-4B85-A43B-37B04AFF8895"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:gnu:tar:1.27.1:::::::*",`
			`"matchCriteriaId": "26CB6029-7DC9-4009-8837-A0B49FC6C378"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:gnu:tar:1.28:::::::*",`
			`"matchCriteriaId": "08D644F4-4D2A-4940-9E70-52DF635B7CF8"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:gnu:tar:1.29:::::::*",`
			`"matchCriteriaId": "C8A547F3-7D6F-480B-AF32-08AB5FB98FAF"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
			`{`
			`"url": "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d",`
			`"source": "secalert@redhat.com",`
			`"tags": [`
			`"Issue Tracking",`
			`"Patch"`
			`]`
			`},`
			`{`
			`"url": "http://lists.gnu.org/archive/html/bug-tar/2016-10/msg00016.html",`
			`"source": "secalert@redhat.com",`
			`"tags": [`
			`"Mailing List",`
			`"Vendor Advisory"`
			`]`
			`},`
			`{`
			`"url": "http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html",`
			`"source": "secalert@redhat.com",`
			`"tags": [`
			`"Exploit",`
			`"Third Party Advisory",`
			`"VDB Entry"`
			`]`
			`},`
			`{`
			`"url": "http://seclists.org/fulldisclosure/2016/Oct/102",`
			`"source": "secalert@redhat.com",`
			`"tags": [`
			`"Mailing List",`
			`"Patch",`
			`"Third Party Advisory"`
			`]`
			`},`
			`{`
			`"url": "http://seclists.org/fulldisclosure/2016/Oct/96",`
			`"source": "secalert@redhat.com",`
			`"tags": [`
			`"Mailing List",`
			`"Third Party Advisory"`
			`]`
			`},`
			`{`
			`"url": "http://www.debian.org/security/2016/dsa-3702",`
			`"source": "secalert@redhat.com"`
			`},`
			`{`
			`"url": "http://www.securityfocus.com/bid/93937",`
			`"source": "secalert@redhat.com",`
			`"tags": [`
			`"Third Party Advisory",`
			`"VDB Entry"`
			`]`
			`},`
			`{`
			`"url": "http://www.ubuntu.com/usn/USN-3132-1",`
			`"source": "secalert@redhat.com"`
			`},`
			`{`
			`"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E",`
			`"source": "secalert@redhat.com"`
			`},`
			`{`
			`"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E",`
			`"source": "secalert@redhat.com"`
			`},`
			`{`
			`"url": "https://security.gentoo.org/glsa/201611-19",`
			`"source": "secalert@redhat.com"`
			`},`
			`{`
			`"url": "https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt",`
			`"source": "secalert@redhat.com",`
			`"tags": [`
			`"Third Party Advisory"`
			`]`
			`}`
			`]`
			`}`