CVE-2018-20482 - OpenCVE

GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:L/AC:M/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Gnu	Tar
Debian	Debian Linux
Opensuse	Leap

Configuration 1 [-]

cpe:2.3:a:gnu:tar:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

Configuration 3 [-]

cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*

References

Link	Resource
http://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42ccd1e2377945fd0414eca1a49294bff454	Patch Third Party Advisory
http://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html	Mailing List Third Party Advisory
http://www.securityfocus.com/bid/106354	Third Party Advisory VDB Entry
https://lists.debian.org/debian-lts-announce/2018/12/msg00023.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/11/msg00025.html	Mailing List Third Party Advisory
https://news.ycombinator.com/item?id=18745431	Exploit Third Party Advisory
https://security.gentoo.org/glsa/201903-05	Third Party Advisory
https://twitter.com/thatcks/status/1076166645708668928	Patch Third Party Advisory
https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug	Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-12-26T18:00:00

Updated: 2021-11-28T14:06:09

Reserved: 2018-12-26T00:00:00

Link: CVE-2018-20482

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-12-26T18:29:00.373

Modified: 2021-11-30T19:52:03.843

Link: CVE-2018-20482

JSON object: View

Redhat Information

No data.

CWE

CWE-835

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-12-26T00:00:00", "descriptions": [{"lang": "en", "value": "GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-11-28T14:06:09", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug"}, {"tags": ["x_refsource_MISC"], "url": "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42ccd1e2377945fd0414eca1a49294bff454"}, {"name": "[debian-lts-announce] 20181231 [SECURITY] [DLA 1623-1] tar security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00023.html"}, {"tags": ["x_refsource_MISC"], "url": "https://news.ycombinator.com/item?id=18745431"}, {"name": "106354", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/106354"}, {"name": "GLSA-201903-05", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201903-05"}, {"tags": ["x_refsource_MISC"], "url": "http://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html"}, {"tags": ["x_refsource_MISC"], "url": "https://twitter.com/thatcks/status/1076166645708668928"}, {"name": "openSUSE-SU-2019:1237", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html"}, {"name": "[debian-lts-announce] 20211128 [SECURITY] [DLA 2830-1] tar security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00025.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-20482", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug", "refsource": "MISC", "url": "https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug"}, {"name": "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42ccd1e2377945fd0414eca1a49294bff454", "refsource": "MISC", "url": "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42ccd1e2377945fd0414eca1a49294bff454"}, {"name": "[debian-lts-announce] 20181231 [SECURITY] [DLA 1623-1] tar security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00023.html"}, {"name": "https://news.ycombinator.com/item?id=18745431", "refsource": "MISC", "url": "https://news.ycombinator.com/item?id=18745431"}, {"name": "106354", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106354"}, {"name": "GLSA-201903-05", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201903-05"}, {"name": "http://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html", "refsource": "MISC", "url": "http://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html"}, {"name": "https://twitter.com/thatcks/status/1076166645708668928", "refsource": "MISC", "url": "https://twitter.com/thatcks/status/1076166645708668928"}, {"name": "openSUSE-SU-2019:1237", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html"}, {"name": "[debian-lts-announce] 20211128 [SECURITY] [DLA 2830-1] tar security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00025.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-20482", "datePublished": "2018-12-26T18:00:00", "dateReserved": "2018-12-26T00:00:00", "dateUpdated": "2021-11-28T14:06:09", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:tar:*:*:*:*:*:*:*:*", "matchCriteriaId": "568B865E-7BA0-45A1-A944-575D49BC289E", "versionEndIncluding": "1.30", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root)."}, {"lang": "es", "value": "GNU Tar, hasta la versi\u00f3n 1.30, cuando se emplea --sparse, gestiona de manera incorrecta el encogimiento de archivos durante el acceso de lectura, lo que permite que usuarios locales provoquen una denegaci\u00f3n de servicio (bucle infinito de lectura en sparse_dump_region en sparse.c) modificando un archivo que deber\u00eda ser archivado por el proceso de un usuario diferente (por ejemplo, un backup del sistema que se ejecuta como root)."}], "id": "CVE-2018-20482", "lastModified": "2021-11-30T19:52:03.843", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 1.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-12-26T18:29:00.373", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42ccd1e2377945fd0414eca1a49294bff454"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106354"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00023.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00025.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://news.ycombinator.com/item?id=18745431"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201903-05"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://twitter.com/thatcks/status/1076166645708668928"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-835"}], "source": "nvd@nist.gov", "type": "Primary"}]}