[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

253164

 
 

909

 
 

197077

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-4131Date: (C)2007-08-24   (M)2023-12-22


Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.6
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1018599
SUNALERT-1021680
2007-0026
http://www.securityfocus.com/archive/1/477731/100/0/threaded
http://www.securityfocus.com/archive/1/477865/100/0/threaded
BID-25417
SECUNIA-26573
SECUNIA-26590
SECUNIA-26603
SECUNIA-26604
SECUNIA-26655
SECUNIA-26673
SECUNIA-26674
SECUNIA-26781
SECUNIA-26822
SECUNIA-26984
SECUNIA-27453
SECUNIA-27861
SECUNIA-28136
SECUNIA-28255
ADV-2007-2958
ADV-2007-4238
APPLE-SA-2007-12-17
DSA-1438
FEDORA-2007-2673
FreeBSD-SA-07:10
GLSA-200709-09
MDKSA-2007:173
RHSA-2007:0860
SUSE-SR:2007:018
TA07-352A
USN-506-1
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=251921
http://docs.info.apple.com/article.html?artnum=307179
http://support.avaya.com/elmodocs2/security/ASA-2007-383.htm
https://issues.rpath.com/browse/RPL-1631
oval:org.mitre.oval:def:10420
oval:org.mitre.oval:def:7779

CPE    16
cpe:/a:gnu:tar:1.13.25
cpe:/a:gnu:tar:1.13.14
cpe:/a:gnu:tar:1.13.11
cpe:/a:gnu:tar:1.13.18
...

© SecPod Technologies