SB2022081827 - Path Traversal in IBM App Connect Enterprise Certified Container
Published: August 18, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Absolute Path Traversal (CVE-ID: CVE-2021-32803)
The vulnerability allows a remote attacker to overwrite arbitrary files on the system.
The vulnerability exists due to a logic issue when extracting tar files that contained both a directory
and a symlink with the same name as the directory. This order of
operations resulted in the directory being created and added to the node-tar
directory cache. When a directory is present in the directory cache,
subsequent calls to mkdir for that directory are skipped. However, this
is also where node-tar checks for symlinks occur.
By first creating a directory, and then replacing that directory with a symlink, it was thus possible to bypass node-tar
symlink checks on directories, essentially allowing an untrusted tar
file to symlink into an arbitrary location and subsequently extracting
arbitrary files into that location, thus allowing arbitrary file
creation and overwrite.
Remediation
Install update from vendor's website.
References
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-may-be-vulnerable-to-directory-traversal-due-to-cve-2021-32803/"
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-may-be-vulnerable-to-directory-traversal-due-to-cve-2021-32803/</a><br><a
- https://www.ibm.com/support/pages/node/6507033"
- https://www.ibm.com/support/pages/node/6507033</a><br><br><br></p>