Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4559

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-4559
Last Modified 07 Mar 2011 09:58:46
Published 27 Aug 2007 09:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4559

Summary

Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.

Vulnerable Systems

Application

  • Python Software Foundation Python


References

VUPEN - ADV-2007-3022

MLIST - [python-dev] 20070825 tarfile and directory traversal vulnerability

MLIST - [python-dev] 20070824 tarfile and directory traversal vulnerability

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=263261

SECUNIA - 26623


Last Updated: 27 May 2016 10:45:54