CVE-2019-13173

fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the systems file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable.

Weakness

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Affected Software

Potential Mitigations

• Follow the principle of least privilege when assigning access rights to entities in a software system.
• Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.

Related Attack Patterns

• https://cwe.mitre.org/data/definitions/132.html
• https://cwe.mitre.org/data/definitions/17.html
• https://cwe.mitre.org/data/definitions/35.html
• https://cwe.mitre.org/data/definitions/76.html

References

• http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00010.html
• http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00052.html
• https://github.com/npm/fstream/commit/6a77d2fa6e1462693cf8e46f930da96ec1b0bb22
• https://usn.ubuntu.com/4123-1/
• https://www.npmjs.com/advisories/886