CVE-2007-4131

GNU tar - Directory Traversal via //.. Sequences in Directory Symlinks

Title source: llm

Description

Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.

References (38)

Core 38

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1018599

Vendor Advisory vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021680.1-1

Vendor Advisory x_refsource_confirm

http://support.avaya.com/elmodocs2/security/ASA-2007-383.htm

US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA07-352A.html

Vendor Advisory vendor-advisory x_refsource_fedora

https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00370.html

Issue Tracking x_refsource_misc

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=251921

Issue Tracking x_refsource_confirm

https://issues.rpath.com/browse/RPL-1631

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDKSA-2007:173

Various Sources vendor-advisory x_refsource_freebsd

http://security.FreeBSD.org/advisories/FreeBSD-SA-07:10.gtar.asc

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/477865/100/0/threaded

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/26673

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/26822

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/4238

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/26655

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/27453

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28136

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/26781

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2007/dsa-1438

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/26590

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10420

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/27861

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/2958

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/26984

Vendor Advisory vendor-advisory x_refsource_trustix

http://www.trustix.org/errata/2007/0026/

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html

Vendor Advisory vendor-advisory x_refsource_suse

http://www.novell.com/linux/security/advisories/2007_18_sr.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/26604

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/usn-506-1

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28255

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/26573

Patch vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2007-0860.html

Vendor Advisory x_refsource_confirm

http://docs.info.apple.com/article.html?artnum=307179

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/26603

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7779

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/25417

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-200709-09.xml

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/477731/100/0/threaded

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/26674

Scores

EPSS 0.1144

EPSS Percentile 93.7%

Details

Status published

Products (16)

gnu/tar 1.13

gnu/tar 1.13.5

gnu/tar 1.13.11

gnu/tar 1.13.14

gnu/tar 1.13.16

gnu/tar 1.13.17

gnu/tar 1.13.18

gnu/tar 1.13.19

gnu/tar 1.13.25

gnu/tar 1.14

... and 6 more

Published Aug 25, 2007

Tracked Since Feb 18, 2026