Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4131

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-4131
Last Modified 07 Mar 2011 09:57:51
Published 24 Aug 2007 08:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4131

Summary

Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.

Vulnerable Systems

Application

  • Gnu Tar 1.13

  • Gnu Tar 1.13.11

  • Gnu Tar 1.13.14

  • Gnu Tar 1.13.16

  • Gnu Tar 1.13.17

  • Gnu Tar 1.13.18

  • Gnu Tar 1.13.19

  • Gnu Tar 1.13.25

  • Gnu Tar 1.13.5

  • Gnu Tar 1.14

  • Gnu Tar 1.14.90

  • Gnu Tar 1.15

  • Gnu Tar 1.15.1

  • Gnu Tar 1.15.90

  • Gnu Tar 1.15.91

  • Gnu Tar 1.16


References

CERT - TA07-352A

REDHAT - RHSA-2007:0860

VUPEN - ADV-2007-4238

VUPEN - ADV-2007-2958

BID - 25417

SUNALERT - 1021680

MISC - http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=251921

FEDORA - FEDORA-2007-2673

CONFIRM - https://issues.rpath.com/browse/RPL-1631

UBUNTU - USN-506-1

TRUSTIX - 2007-0026

SECTRACK - 1018599

BUGTRAQ - 20070827 FLEA-2007-0049-1 tar

BUGTRAQ - 20070825 rPSA-2007-0172-1 tar

SUSE - SUSE-SR:2007:018

MANDRIVA - MDKSA-2007:173

DEBIAN - DSA-1438

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2007-383.htm

GENTOO - GLSA-200709-09

FREEBSD - FreeBSD-SA-07:10

SECUNIA - 28255

SECUNIA - 28136

SECUNIA - 27861

SECUNIA - 27453

SECUNIA - 26984

SECUNIA - 26822

SECUNIA - 26781

SECUNIA - 26674

SECUNIA - 26673

SECUNIA - 26655

SECUNIA - 26604

SECUNIA - 26603

SECUNIA - 26590

SECUNIA - 26573

APPLE - APPLE-SA-2007-12-17

CONFIRM - http://docs.info.apple.com/article.html?artnum=307179

Related Patches

Apple 2007-12-17 Security Update 2007-009 (10.4.11 PPC)

Apple 2007-12-21 Security Update 2007-009 1.1 (10.4.11 PPC)

Apple 2007-12-21 Security Update 2007-009 1.1 (10.4.11 Universal)

Novell SUSE 2007:4174 star security update for SLE 10 SP1 i586


Last Updated: 27 May 2016 10:45:46