Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4134

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-4134
Last Modified 21 Aug 2010 01:09:32
Published 30 Aug 2007 06:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4134

Summary

Directory traversal vulnerability in extract.c in star before 1.5a84 allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.

Vulnerable Systems

Operating System

  • Redhat Fedora 7


References

CONFIRM - https://bugs.gentoo.org/show_bug.cgi?id=189690

FEDORA - FEDORA-2007-1852

BUGTRAQ - 20070907 FLEA-2007-0051-1 star

CONFIRM - ftp://ftp.berlios.de/pub/star/alpha/AN-1.5a84

CONFIRM - https://issues.rpath.com/browse/RPL-1669

REDHAT - RHSA-2007:0873

GENTOO - GLSA-200710-23

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2007-414.htm

SECTRACK - 1018646

SECUNIA - 27544

SECUNIA - 27318

SECUNIA - 26857

SECUNIA - 26673

SECUNIA - 26672

SECUNIA - 26626

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=189690

SGI - 20070901-01-P


Last Updated: 27 May 2016 10:45:46