Vigil@nce - GNU binutils: creation or corruption of files by directory traversal
November 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can create an AR archive, in order to create or change
files outside the directory the archive is located in.
– Impacted products: Unix (platform)
– Severity: 2/4
– Creation date: 06/11/2014
DESCRIPTION OF THE VULNERABILITY
The tools from the GNU binutils package are used to process
program and library files.
AR archives include a field for the file path. However, these
patch may contain sequences such as "/..", which allows the
archive author to create or files at any location if the archive
author guesses where the archive will be extracted.
Other tools from the package, for instance strip and objcopy, that
usually process simple files can also process archive files, which
allows creation or overwriting of files as extracting the archive
would do.
An attacker can therefore create an AR archive, in order to create
or change files outside the directory the archive is located in.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN