Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-4420

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2013-4420
Last Modified 20 Feb 2014 06:51:29
Published 20 Feb 2014 11:55:05
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-4420

Summary

Multiple directory traversal vulnerabilities in the (1) tar_extract_glob and (2) tar_extract_all functions in libtar 1.2.20 and earlier allow remote attackers to overwrite arbitrary files via a .. (dot dot) in a crafted tar file.

Vulnerable Systems

Application

  • Feep Libtar 1.2.11

  • Feep Libtar 1.2.13

  • Feep Libtar 1.2.14

  • Feep Libtar 1.2.15

  • Feep Libtar 1.2.16

  • Feep Libtar 1.2.17

  • Feep Libtar 1.2.18

  • Feep Libtar 1.2.19

  • Feep Libtar 1.2.20


References

MLIST - [libtar] 20150213 Fw: Re: Validation of file names

CONFIRM - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731860

DEBIAN - DSA-2863


Last Updated: 27 May 2016 10:55:14