Описание
Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.
A flaw was found in tar utility that can allow the root user to extract files with preserved setuid and setgid permissions without any warning. This behavior can lead to the creation of malicious setuid executables owned by root from a crafted tar file, posing significant security risks.
Отчет
Currently, there are no plans to change tar behaviour to strip setuid and setgid bits when extracting archives.
This vulnerability is considered moderate rather than important because the exploitation scenario requires specific conditions: the tar extraction must be performed by the root user, and the tarball itself must be crafted maliciously with setuid or setgid bits. In typical use cases, users do not routinely extract untrusted tar files as root, reducing the likelihood of exploitation. Additionally, non-root extractions do not preserve these bits unless explicitly requested with the -p option.
Меры по смягчению последствий
To mitigate the risks associated with this vulnerability, avoid extracting tar files as the root user, especially when dealing with untrusted sources. Instead, perform extractions as a non-root user or in a restricted environment. Use a dedicated, empty directory for extracting archives to prevent accidental exposure of sensitive files. After extraction, review the file permissions to check for unexpected setuid or setgid bits before granting access. When extraction as root is necessary, use the --no-same-permissions option to prevent preserving the setuid and setgid bits.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | tar | Will not fix | ||
| Red Hat Enterprise Linux 6 | tar | Will not fix | ||
| Red Hat Enterprise Linux 7 | tar | Will not fix | ||
| Red Hat Enterprise Linux 8 | tar | Will not fix | ||
| Red Hat Enterprise Linux 9 | tar | Will not fix |
Показывать по
Дополнительная информация
Статус:
7 High
CVSS3
Связанные уязвимости
Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.
Tar 1.15.1 does not properly warn the user when extracting setuid or s ...
Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.
7 High
CVSS3