Bug 15185 - CVE 2007-4559 python tarfile doesn't validate path safety
Summary: CVE 2007-4559 python tarfile doesn't validate path safety
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Python (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Douglas Bagnall
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-09-23 01:02 UTC by Douglas Bagnall
Modified: 2023-09-12 23:43 UTC (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Douglas Bagnall 2022-09-23 01:02:54 UTC
This was reported to us in December, but we determined then that it added  little additional danger because attackers who can alter the backup tarfiles can already take over the domain (via reading secrets or making "valid" changes), and they presumably have root on the box.

However that doesn't take into account that an administrator *might* be tricked into running the restore command with an entirely fictitious backup file that overwrites known valuable files. We should guard against that, and against future uses of tarfile in Python. 

There is no embargo here.

(patch on it's way).
Comment 1 Douglas Bagnall 2022-09-23 08:27:54 UTC
(In reply to Douglas Bagnall from comment #0)
> This was reported to us in December

by Luis Alberto López Alvar, who appears to have found the bug independently.
Comment 2 Samba QA Contact 2022-10-04 03:49:21 UTC
This bug was referenced in samba master:

37406b9d97f123576c811b9fe22b39b02af62f83