|
Message-Id: <20151021214736.CE66B72E052@smtpvbsrv1.mitre.org> Date: Wed, 21 Oct 2015 17:47:36 -0400 (EDT) From: cve-assign@...re.org To: tyhicks@...onical.com Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, security@...ntu.com, vda.linux@...glemail.com Subject: Re: CVE Request: BusyBox tar directory traversal -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > http://git.busybox.net/busybox/commit/?id=a116552869db5e7793ae10968eb3c962c69b3d8c > https://bugs.busybox.net/8411 > an archive which contains: > symlink/evil.py > Untarring it puts evil.py in '/tmp' Use CVE-2011-5325. >> I forgot to mention that I took a look at BusyBox's protections against >> directory traversal attacks while extracting files with absolute paths >> or dot dot ("..") components and it seems to sufficiently protect >> against those attacks. OK, so there's no additional CVE ID. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWKAcCAAoJEL54rhJi8gl5ea0QALBMmvSwaP4IGkA35YlKXba+ Hi/hFNBfegot9cz4+UhvahPo/dO9Tqlbb6xFeD5vqotdiXhuj/4AYnaARqvrgHO0 bvS+S4KZ5vBn1yL5cREGjMdYP8pELnSs4gZzcNTqjFqY1wTjyt8PLs6HkVMKutn7 EmUdyzFrbVO6y8Lnwf9q2XDUvI6Z7ZMdbTVQes2DdwJM+HnB7i2ijdJQfZYF8x59 wuOqbYCp7CAJ15cPNFrUHbre9j3N0HAAt9aMzp075pHEZHs+YQzyW31bfJPrLUAU tDFemKj8ydkSxSCComGPdXmyShtTdBiMlIufcpfkze9JJq4nv3cSyytXDtctH2kD O/SNSxQhFK3kjHWixcSMe1ezUaD+ReP27yRdp0yW9ifEgUV6uacv1OlJyg/5s0ou aH0iK6kSJgBc/pjzW+xTStTypjyiWjA3mBSGLsM1tYDCdrvfyScV65YmSYxxn1pH bR0K0oIiloH8Ed1UnwFEe4uMA4YXtpHavH1rTMhXWCnE6RjIvrfHwzU4JsUcXMZR dndrLI1X5RHgsIzypigrrMcR7mdqJzjbOgZbtpeqSQsWjsd/5EKYs3fDpDPBGP+S gg+8gk9t4u2rPV4uVbtYV7t22GjeYlxSVs4JIgGgIf1wxiyT0d6eBDJveRKcNPaF aKCQwEhg4PaApMN1HyuJ =Rm/b -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.