FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-4131

This CVE name corresponds to:

Entered Topic
2007-09-01 gtar -- Directory traversal vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-4131 at cve.mitre.org

Details

Type Candidate
Name CVE-2007-4131
Phase Assigned(20070802)

Description

Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.

References

Source Reference
BUGTRAQ 20070825 rPSA-2007-0172-1 tar
BUGTRAQ 20070827 FLEA-2007-0049-1 tar
MISC http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=251921
CONFIRM https://issues.rpath.com/browse/RPL-1631
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-383.htm
CONFIRM http://docs.info.apple.com/article.html?artnum=307179
APPLE APPLE-SA-2007-12-17
DEBIAN DSA-1438
FEDORA FEDORA-2007-2673
FREEBSD FreeBSD-SA-07:10
GENTOO GLSA-200709-09
MANDRIVA MDKSA-2007:173
REDHAT RHSA-2007:0860
SUNALERT 1021680
SUSE SUSE-SR:2007:018
TRUSTIX 2007-0026
UBUNTU USN-506-1
CERT TA07-352A
BID 25417
OVAL oval:org.mitre.oval:def:10420
OVAL oval:org.mitre.oval:def:7779
VUPEN ADV-2007-2958
VUPEN ADV-2007-4238
SECTRACK 1018599
SECUNIA 26573
SECUNIA 26590
SECUNIA 26604
SECUNIA 26603
SECUNIA 26674
SECUNIA 26673
SECUNIA 26655
SECUNIA 26781
SECUNIA 26822
SECUNIA 26984
SECUNIA 27453
SECUNIA 27861
SECUNIA 28136
SECUNIA 28255

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.