CVE-2007-4131 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2007-4131
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-4131

Description: Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.

CVE Status: Candidate

References: UBUNTU http://www.ubuntu.com/usn/usn-506-1 TRUSTIX http://www.trustix.org/errata/2007/0026/ SUSE http://www.novell.com/linux/security/advisories/2007_18_sr.html ST 1018599 SAID Secunia Advisory: SA26604 Secunia Advisory: SA26573 Secunia Advisory: SA26590 Secunia Advisory: SA26603 Secunia Advisory: SA26674 Secunia Advisory: SA26673 Secunia Advisory: SA26655 Secunia Advisory: SA26781 Secunia Advisory: SA26822 Secunia Advisory: SA26984 Secunia Advisory: SA27453 Secunia Advisory: SA27861 Secunia Advisory: SA28136 Secunia Advisory: SA28255 REDHAT http://www.redhat.com/support/errata/RHSA-2007-0860.html MISC http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=251921 MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:173 GENTOO http://security.gentoo.org/glsa/glsa-200709-09.xml FREEBSD http://security.FreeBSD.org/advisories/FreeBSD-SA-07:10.gtar.asc FEDORA DEBIAN http://www.debian.org/security/2007/dsa-1438 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-383.htm http://docs.info.apple.com/article.html?artnum=307179 CERT http://www.us-cert.gov/cas/techalerts/TA07-352A.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/477865/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/477731/100/0/threaded BID 25417 APPLE http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html

Return to the previous page.