Vulnerabilities > CVE-2018-20482 - Infinite Loop vulnerability in multiple products
Attack vector
LOCAL Attack complexity
HIGH Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | Gnu
| 38 |
OS | 2 | |
OS | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1262.NASL description According to the version of the tar package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user last seen 2020-03-19 modified 2019-04-04 plugin id 123730 published 2019-04-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123730 title EulerOS Virtualization 2.5.3 : tar (EulerOS-SA-2019-1262) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1154.NASL description According to the version of the tar package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user last seen 2020-05-06 modified 2019-04-02 plugin id 123628 published 2019-04-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123628 title EulerOS 2.0 SP5 : tar (EulerOS-SA-2019-1154) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1623.NASL description It was discovered that there was a potential denial of service vulnerability in tar, the GNU version of the tar UNIX archiving utility. The --sparse argument looped endlessly if the file shrank whilst it was being read. Tar would only break out of this endless loop if the file grew again to (or beyond) its original end of file. For Debian 8 last seen 2020-03-23 modified 2019-01-02 plugin id 119957 published 2019-01-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119957 title Debian DLA-1623-1 : tar security update NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1129.NASL description According to the version of the tar package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user last seen 2020-05-06 modified 2019-04-02 plugin id 123603 published 2019-04-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123603 title EulerOS 2.0 SP2 : tar (EulerOS-SA-2019-1129) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1035.NASL description According to the version of the tar package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The GNU tar program saves many files together in one archive and can restore individual files (or all of the files) from that archive. Tar can also be used to add supplemental files to an archive and to update or list files in the archive. Tar includes multivolume support, automatic archive compression/decompression, the ability to perform remote archives, and the ability to perform incremental and full backups. If you want to use tar for remote backups, you also need to install the rmt package on the remote box.Security Fix(es):GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user last seen 2020-05-03 modified 2020-01-02 plugin id 132628 published 2020-01-02 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132628 title EulerOS 2.0 SP8 : tar (EulerOS-SA-2020-1035) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1237.NASL description This update for tar fixes the following issues : Security issues fixed : - CVE-2019-9923: Fixed a denial of service while parsing certain archives with malformed extended headers in pax_decode_header() (bsc#1130496). - CVE-2018-20482: Fixed a denial of service when the last seen 2020-06-01 modified 2020-06-02 plugin id 124188 published 2019-04-19 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124188 title openSUSE Security Update : tar (openSUSE-2019-1237) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0926-1.NASL description This update for tar fixes the following issues : Security issues fixed : CVE-2019-9923: Fixed a denial of service while parsing certain archives with malformed extended headers in pax_decode_header() (bsc#1130496). CVE-2018-20482: Fixed a denial of service when the last seen 2020-06-01 modified 2020-06-02 plugin id 123995 published 2019-04-11 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123995 title SUSE SLED15 / SLES15 Security Update : tar (SUSE-SU-2019:0926-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1068.NASL description According to the version of the tar package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].(CVE-2018-20482) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 132822 published 2020-01-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132822 title EulerOS Virtualization for ARM 64 3.0.5.0 : tar (EulerOS-SA-2020-1068) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1346.NASL description According to the version of the tar package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - tar: Infinite read loop in sparse_dump_region function in sparse.c.(CVE-2018-20482) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2019-05-06 plugin id 124632 published 2019-05-06 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124632 title EulerOS 2.0 SP3 : tar (EulerOS-SA-2019-1346) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201903-05.NASL description The remote host is affected by the vulnerability described in GLSA-201903-05 (Tar: Denial of Service) The sparse_dump_region function in sparse.c file in Tar allows an infinite loop using the --sparse option. Impact : A local attacker could cause a Denial of Service condition by modifying a file that is supposed to be archived by a different user’s process (e.g., a system backup running as root). Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 122733 published 2019-03-11 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122733 title GLSA-201903-05 : Tar: Denial of Service NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0236_TAR.NASL description An update of the tar package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126124 published 2019-06-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126124 title Photon OS 1.0: Tar PHSA-2019-1.0-0236
References
- http://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42ccd1e2377945fd0414eca1a49294bff454
- http://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42ccd1e2377945fd0414eca1a49294bff454
- http://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html
- http://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html
- http://www.securityfocus.com/bid/106354
- http://www.securityfocus.com/bid/106354
- https://lists.debian.org/debian-lts-announce/2018/12/msg00023.html
- https://lists.debian.org/debian-lts-announce/2018/12/msg00023.html
- https://lists.debian.org/debian-lts-announce/2021/11/msg00025.html
- https://lists.debian.org/debian-lts-announce/2021/11/msg00025.html
- https://news.ycombinator.com/item?id=18745431
- https://news.ycombinator.com/item?id=18745431
- https://security.gentoo.org/glsa/201903-05
- https://security.gentoo.org/glsa/201903-05
- https://twitter.com/thatcks/status/1076166645708668928
- https://twitter.com/thatcks/status/1076166645708668928
- https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug
- https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug