 |
Post Aw24mZD5WSWtXToiUi by [email protected] |
 |
More posts by [email protected] |
|
Post #Aw1uZ7I70wcndy7AjA by [email protected] |
|
0 likes, 1 repeats |
|
|
|
Everyone panic it's a ../ in tar! π https://github.com/i900008/vulndb/bl… |
|
|
|
Post #Aw1v2Nd5LdFSiJsXGS by [email protected] |
|
0 likes, 1 repeats |
|
|
|
sev:MED 4.1 - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:LGNU Tar through 1.35 … |
|
|
|
Post #Aw21pnELYIGC1pFiBE by [email protected] |
|
0 likes, 1 repeats |
|
|
|
So who's going to test the SEGs out there for this one? They seem like a re… |
|
|
|
Post #Aw21pnL59FeEMiP5g8 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
Okay, so there was a little confusion on this. The GitHub PoC says this impacts… |
|
|
|
Post #Aw225wZYaP0FdTsHiK by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@cR0w sandboxed, right? right? |
|
|
|
Post #Aw22Eq7zuqwmFrE4OW by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@nyanbinary I spun up a couple lightsail instances for the test so not technica… |
|
|
|
Post #Aw22Ip7raGbQIy3wye by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@cR0w I meant the SEGs. I trust you not to shoot yourself in the foot but I do … |
|
|
|
Post #Aw22S2d8kBtonK5UVE by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@nyanbinary Fair. Use a VPN. I hear they're super secure. |
|
|
|
Post #Aw22cHyMYZBJH1tuF6 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@cR0w My bet is on Fortinet gear falling first >.<. Since they're the… |
|
|
|
Post #Aw22kRgSKnVvi1Pka8 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@JSCybersec I am not taking that bet. Too easy. π |
|
|
|
Post #Aw22wHD56M9AhTJehU by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@cR0w if it works on "the current version of tar", but will be fixed … |
|
|
|
Post #Aw22wHLaaix77rIRxg by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@Viss @cR0w @dangoodin who uses symlinks when using tar? |
|
|
|
Post #Aw22wHSKBgL9SkRpSa by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@nixfreak @Viss @dangoodin An attacker, apparently. |
|
|
|
Post #Aw234lsOy5ju7wh58K by [email protected] |
|
0 likes, 1 repeats |
|
|
|
oh shit it's < 5.0, means we'll never have to fix it π |
|
|
|
Post #Aw23IHeu76rqSkp8RE by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@nyanbinary Oh you must be $vendor |
|
|
|
Post #Aw23IHlHjNyImXoENs by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@cR0w nah, just got Compliance telling me that threatening people with physical… |
|
|
|
Post #Aw23IntCHVJYQLl09w by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@cR0w @nixfreak @dangoodin there are lots of practical reasons to use symlinks.… |
|
|
|
Post #Aw23InzvsShalEuNeq by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss @nixfreak @dangoodin Of course. I use symlinks all over. But in this case… |
|
|
|
Post #Aw23fNKtAjj6jMTN3I by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@cR0w @Viss @dangoodin oh I read that too quick, the vuln. Is a path traversal … |
|
|
|
Post #Aw23fNQuoKXz23IBRg by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@nixfreak @Viss @dangoodin The PoC does set the object mode of the files when i… |
|
|
|
Post #Aw23hrwoKVZ4FZOpXc by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@cR0w hm, I was thinking... what if we put the 2nd tar in the first... |
|
|
|
Post #Aw23hs2TzQ6MXA3MNk by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@nyanbinary I don't immediately see why it wouldn't work. Worth a try w… |
|
|
|
Post #Aw24BSrGB0Rv7juo9Q by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@Viss @cR0w @dangoodin again I read it too fast , thatβs my bad. Thinking the… |
|
|
|
Post #Aw24BSyLke7XTjETCa by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@nixfreak @cR0w @dangoodin no, the angle here is that an attacker would manufac… |
|
|
|
Post #Aw24BT4jMvDznWDZ9E by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss @nixfreak @dangoodin I really wish I had an SEG to test it against. π |
|
|
|
Post #Aw24NgFCEWOO7Bw73g by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@cR0w @nixfreak @dangoodin TO SHODAN! :D |
|
|
|
Post #Aw24NgMHoA40TBFm6q by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss @nixfreak @dangoodin It's a good thing I'm sober right now. π |
|
|
|
Post #Aw24Q9ivbG5K7i1W8u by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@cR0w @nixfreak @dangoodin well, i guess cart before the horse. you need to fin… |
|
|
|
Post #Aw24Q9pJDXBmRV0c5Y by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss @nixfreak @dangoodin Yeah, this feels like one that will require tailorin… |
|
|
|
Post #Aw24kODRQbb6rTwano by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@cR0w @nixfreak @dangoodin ok lookiehttps://pwner.gg/blog/2025-07-10-fortiweb-f… |
|
|
|
Post #Aw24kOJp2shZBGvgkS by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@cR0w @nixfreak @dangoodin use this fortinet preauth rce to shell a fortinet, t… |
|
|
|
Post #Aw24kOQYdq5bWA54FM by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss @nixfreak @dangoodin Everyone's out here picking on Fortinet again an… |
|
|
|
Post #Aw24lEjq9OPXl1VCWO by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@cR0w @Viss @nixfreak @dangoodin I mean... with this exploit you might soon π |
|
|
|
Post #Aw24mZD5WSWtXToiUi by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@cR0w @Viss @nixfreak @dangoodin Just throwing this out there:https://infosec.e… |
|
|
|
Post #Aw24ohiWre6yVDXgpM by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@nerdpr0f @Viss @nixfreak @dangoodin Dammit I knew someone would remember that.… |
|
|
|
Post #Aw25fYA77WicDRdye8 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@nerdpr0f @Viss @nixfreak @dangoodin I guess the good news is that since it'… |
|
|
|
Post #Aw28EK95QR1smus9jc by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@cR0w oooh, oooh, ooooh, I get to use my meme pic,#directorytraversalmemes |
|
|
|
Post #Aw29anyZIUwZd8EiYa by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@cR0w Does work, obv. requires some tool to do recursive unpacking for it to be… |
|
|
|
Post #Aw29ihRBUVOBfUNyYC by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@nyanbinary Nice, but I figured that would be the shortfall of it. Tar is every… |
|
|
|
Post #Aw29lwXVnYshNJtMoq by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@cR0w hm, I sure SEGs & similar scanners will :neocat_evil_3c: |
|
|
|
Post #Aw29oKO46XGPusbuds by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@nyanbinary I'm not sure of anything TBH. |
|
|
|
Post #Aw2D2SbucuxNKyWAt6 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@cR0w everything old is gnu again |
|
|
|
Post #Aw2D2SiIFC3pelVGpk by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@neurovagrant :1000: I really wish I had fun stuff to poke at with this. It see… |
|
|
|
Post #Aw2DiTavMH0mYH5fVo by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@cR0w 'tarversal' was right there π |
|
|
|
Post #Aw2DlbHpDT0PHDe9g0 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@tychotithonus Son of a... I completely missed it. π |
|
|
|
Post #Aw2Es3wffzOBqtOhYe by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@cR0w Um, this is kind of a disaster. |
|
|
|
Post #Aw2F3dgt7FO3trXEdk by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Sempf Yeah. At first I was like π€£ but then I was like :blobcatthinkingsungl… |
|
|
|
Post #Aw2FbpEqgicpYoimGW by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@cR0w Gonna keep an eye out. Not pulling the cord yet. |
|
|
|
Post #Aw2GGVR7DUxw1BrBWi by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@cR0w @tychotithonus Iβm kind of surprised they didnβt use TARchive |
|
|
|
Post #Aw2GO464kPo7XkcVLU by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@hotsoup @tychotithonus You see? I could never be a real hacker. I suck at nami… |
|
|
|
Post #Aw2Gg9dUtNcVw1sWZc by [email protected] |
|
0 likes, 1 repeats |
|
|
|
There is a lot less stuff so far using GNU tar than I expected. Lots of roll-yo… |
|
|
|
Post #Aw2GnzcvzPwVD1LwAa by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@cR0w Damnit, now people are going to argue that tar x - | sh is a bad pattern. |
|
|
|
Post #Aw2GyXh8BJtXlQLWVc by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@adamshostack I going to start saying that's how you mitigate this one. |
|
|
|
Post #Aw2HQBV0IWch29r2ZM by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Sempf @cR0w Okay just digging in on this. The attack is that you could send 2 … |
|
|
|
Post #Aw2HxQ5P5HktpajCIy by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Sempf @cR0w Specifically, this claim:If the tar file contains soft links (symb… |
|
|
|
Post #Aw2IEHHb4HQhS1TBtQ by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@mttaggart @Sempf I didn't know you could use symlinks to write files outsi… |
|
|
|
Post #Aw2IEHNGjBxzjc7ijY by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@cR0w @Sempf Right so that's not really what's happening. The first arc… |
|
|
|
Post #Aw2IEdDnV5SjUbrT1c by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@mttaggart @cR0w I think the issue is less people sitting at a terminal and mor… |
|
|
|
Post #Aw2ILkSazAKlyDB0oi by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Sempf @cR0w Totally; I absolutely get that. So the issue here is that "Ta… |
|
|
|
Post #Aw2IWVe0PYmTCke2hk by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Sempf @cR0w And if the root issue is "Errybody running as root, well, als… |
|
|
|
Post #Aw2IXInFfyI9dcLcQ4 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Sempf @mttaggart Yeah, this is where my concern was. Whether or not it's a… |
|
|
|
Post #Aw2IZuzwbQhahtX2h6 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@mttaggart @cR0w @Sempf I feel like if you were to want to mitigate this, you&#… |
|
|
|
Post #Aw2IfVyWYAkOpyXJ9k by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@mttaggart @Sempf I think this is where our perspective is a bit different. I d… |
|
|
|
Post #Aw2IfwMWRZOOfvxqAi by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@sagefault @cR0w @Sempf I agree, and I was shocked to discover tar has no such … |
|
|
|
Post #Aw2Iq5FAHIFR7GMLWy by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@cR0w @Sempf That's fair and I agree. I was addressing the vulnerability as… |
|
|
|
Post #Aw2IwOZvIwB6os4wfg by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@mttaggart @Sempf I get that. That's also why I've been more interested… |
|
|
|
Post #Aw2KmuK8cYFOHxIanI by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@mttaggart @cR0w |
|
|
|
Post #Aw2Ltiu7ZpoSquwZ9M by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Sempf @cR0w From elsewhere in replies: this is a bypass of a previous fix? htt… |
|
|
|
Post #Aw2NXvuEkuEwiMjdcu by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@mttaggart @Sempf Looks like it. But what's weird is I did a quick look and… |
|
|
|
Post #Aw2NZkWk27aY0DbyC0 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@mttaggart @Sempf Looks like it. But what's weird is I did a quick look and… |
|
|
|
Post #Aw2NdD20VlklH9sxdY by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@mttaggart @Sempf Looks like it. But what's weird is I did a quick look and… |
|
|
|
Post #Aw2Nm9u3VmAEBDQwnQ by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@lanodan Interesting. And when I confirmed the PoC, I didn't use the -P opt… |
|
|
|
Post #Aw2NrCA8XSPcdRMCB6 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@lanodan Wait, that manual is for bsd tar. This was in gnu tar. I don't kno… |
|
|
|
Post #Aw2RUtwVzwVRZcbung by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@mttaggart @Sempf Huh. It looks like skip_dotdot_name is only checking contains… |
|
|
|
Post #Aw2Rj7GVGKyAwjjolk by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@cR0w @mttaggart You are my most favorite Corvid, but @Gabrielle is giving you … |
|
|
|
Post #Aw2S4TI2ZOtfKudjyy by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Sempf @mttaggart @Gabrielle βΉοΈ |
