Note: This is an archival copy of Security Sun Alert 273551 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1021680.1.
Article ID : 1021680.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2010-10-18
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Two Security Vulnerabilities in GNU tar (see gtar(1)) May Lead to Files Being Overwritten, Execution of Arbitrary Code, or a Denial of Service (DoS)



Category
Security

Release Phase
Resolved

Bug Id
6616278

Product
Solaris 9 Operating System
Solaris 10 Operating System
OpenSolaris

Date of Workaround Release
02-Dec-2009

Date of Resolved Release
23-Mar-2010

Two security vulnerabilities in GNU tar (see gtar(1)):

1. Impact

Two security vulnerabilities have been found in the GNU tar gtar(1) archiving program bundled with Solaris 9, Solaris 10 and OpenSolaris.

The first issue is a directory traversal vulnerability that may allow a local or remote unprivileged user who provides a specially crafted archive to overwrite arbitrary files which the user executing gtar(1) has permission to modify.

The second issue is a buffer overflow which may allow a local or remote unprivileged user who provides a specially crafted tar archive to execute arbitrary commands with the privileges of the user executing gtar(1) or to cause gtar(1) to crash.  The ability to cause a program crash is a type of Denial of Service (DoS).

Additional information regarding these issues is available at:
2. Contributing Factors

These issues can occur in the following releases:

SPARC Platform
  • Solaris 9 without patch 118191-04
  • Solaris 10 without patch 139099-03
  • OpenSolaris based upon builds snv_01 through snv_115
x86 Platform
  • Solaris 9 without patch 118192-04
  • Solaris 10 without patch 139100-03
  • OpenSolaris based upon builds snv_01 through snv_11
Note 1: OpenSolaris distributions may include additional bug fixes above and beyond the build from which it was derived. To determine the base build of  OpenSolaris, the following command can be used:
    $ uname -v
snv_86
Note 2: Solaris 8 does not include support for GNU tar utility and therefore is not impacted by these issues.

3.
Symptoms

There are no predictable symptoms that would indicate the described issues have been exploited on a system.

4. Workaround

Until the patches for these issues can be applied, users should avoid using gtar(1) with archives from untrusted sources.

5. Resolution

These issues are addressed in the following releases:

SPARC Platform
  • Solaris 9 with patch 118191-04 or later
  • Solaris 10 with patch 139099-03 or later
  • OpenSolaris based upon builds snv_116 or later
x86 Platform
  • Solaris 9 with patch 118192-04 or later
  • Solaris 10 with patch 139100-03 or later
  • OpenSolaris based upon builds snv_116 or later


Modification History
23-Mar-2010: Updated Contributing Factors and Resolution sections. Resolved.

18-Oct-2010: Updated for patch clarifications


References

139099-03
139100-03
118191-04
118192-04





Attachments
This solution has no attachment