CVE-2007-4134 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-4134
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-4134

Description: Directory traversal vulnerability in extract.c in star before 1.5a84 allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.

CVE Status: Candidate

References: ST 1018646 SGI SAID Secunia Advisory: SA26673 Secunia Advisory: SA26626 Secunia Advisory: SA26672 Secunia Advisory: SA26857 Secunia Advisory: SA27318 Secunia Advisory: SA27544 REDHAT http://www.redhat.com/support/errata/RHSA-2007-0873.html GENTOO http://www.gentoo.org/security/en/glsa/glsa-200710-23.xml FEDORA http://www.redhat.com/archives/fedora-package-announce/2007-August/msg00425.html CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-414.htm http://bugs.gentoo.org/show_bug.cgi?id=189690 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/478797/100/200/threaded

Return to the previous page.