UBUNTU-CVE-2016-6321

Source
https://ubuntu.com/security/CVE-2016-6321
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-6321.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2016-6321
Related
Published
2016-10-28T00:00:00Z
Modified
2016-10-28T00:00:00Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

Directory traversal vulnerability in the safernamesuffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.

References

Affected packages

Ubuntu:14.04:LTS / tar

Package

Name
tar
Purl
pkg:deb/ubuntu/tar?arch=src?distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.27.1-1ubuntu0.1

Affected versions

1.*

1.26+dfsg-8
1.27-3
1.27-4
1.27.1-1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.27.1-1ubuntu0.1",
            "binary_name": "tar"
        },
        {
            "binary_version": "1.27.1-1ubuntu0.1",
            "binary_name": "tar-dbgsym"
        },
        {
            "binary_version": "1.27.1-1ubuntu0.1",
            "binary_name": "tar-scripts"
        }
    ]
}

Ubuntu:16.04:LTS / tar

Package

Name
tar
Purl
pkg:deb/ubuntu/tar?arch=src?distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.28-2.1ubuntu0.1

Affected versions

1.*

1.27.1-2
1.28-2ubuntu1
1.28-2.1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.28-2.1ubuntu0.1",
            "binary_name": "tar"
        },
        {
            "binary_version": "1.28-2.1ubuntu0.1",
            "binary_name": "tar-dbgsym"
        },
        {
            "binary_version": "1.28-2.1ubuntu0.1",
            "binary_name": "tar-scripts"
        }
    ]
}