CVE-2007-4131 - Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows

CVE-2007-4131

Summary

Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.

References

Vulnerable Configurations

cpe:2.3:o:redhat:enterprise_linux:4.0:*:as:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:4.0:*:as:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:4.0:*:desktop:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:4.0:*:desktop:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:4.0:*:es:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:4.0:*:es:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:4.0:*:ws:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:4.0:*:ws:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5.0:*:server:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5.0:*:server:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:client:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:client:*:*:*:*:*
cpe:2.3:o:rpath:rpath_linux:1:*:*:*:*:*:*:*
cpe:2.3:o:rpath:rpath_linux:1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.13:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.13:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.13.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.13.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.13.11:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.13.11:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.13.14:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.13.14:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.13.16:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.13.16:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.13.17:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.13.17:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.13.18:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.13.18:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.13.19:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.13.19:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.13.25:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.13.25:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.14:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.14:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.14.90:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.14.90:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.15:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.15:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.15.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.15.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.15.90:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.15.90:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.15.91:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.15.91:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.16:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.16:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 15-10-2018 - 21:33)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

oval via4

accepted

2013-04-29T04:05:30.959-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990
comment The operating system installed on the system is Red Hat Enterprise Linux 5
oval oval:org.mitre.oval:def:11414
comment The operating system installed on the system is CentOS Linux 5.x
oval oval:org.mitre.oval:def:15802
comment Oracle Linux 5.x
oval oval:org.mitre.oval:def:15459

description

family

unix

oval:org.mitre.oval:def:10420

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

accepted

2010-06-07T04:00:50.880-04:00

class

vulnerability

contributors

name	Pai Peng
organization	Hewlett-Packard

definition_extensions

comment Solaris 9 (SPARC) is installed
oval oval:org.mitre.oval:def:1457
comment Solaris 10 (SPARC) is installed
oval oval:org.mitre.oval:def:1440
comment Solaris 9 (x86) is installed
oval oval:org.mitre.oval:def:1683
comment Solaris 10 (x86) is installed
oval oval:org.mitre.oval:def:1926

description

family

unix

oval:org.mitre.oval:def:7779

status

accepted

submitted

2010-03-26T14:24:08.000-04:00

title

Security Vulnerabilities in GNU tar (see gtar(1)) May Lead to Files Being Overwritten, Execution of Arbitrary Code, or a Denial of Service (DoS)

version

redhat via4

advisories

bugzilla

id	251921
title	CVE-2007-4131 tar directory traversal vulnerability

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 4 is installed
oval oval:com.redhat.rhba:tst:20070304025
comment tar is earlier than 0:1.14-12.5.1.RHEL4
oval oval:com.redhat.rhsa:tst:20070860001
comment tar is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060232002

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005
comment tar is earlier than 2:1.15.1-23.0.1.el5
oval oval:com.redhat.rhsa:tst:20070860004
comment tar is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070860005

rhsa

id	RHSA-2007:0860
released	2007-08-23
severity	Moderate
title	RHSA-2007:0860: tar security update (Moderate)

rpms

tar-0:1.14-12.5.1.RHEL4
tar-2:1.15.1-23.0.1.el5
tar-debuginfo-0:1.14-12.5.1.RHEL4
tar-debuginfo-2:1.15.1-23.0.1.el5

refmap via4

apple	APPLE-SA-2007-12-17
bid	25417
bugtraq	20070825 rPSA-2007-0172-1 tar 20070827 FLEA-2007-0049-1 tar
cert	TA07-352A
confirm	http://docs.info.apple.com/article.html?artnum=307179 http://support.avaya.com/elmodocs2/security/ASA-2007-383.htm https://issues.rpath.com/browse/RPL-1631
debian	DSA-1438
fedora	FEDORA-2007-2673
freebsd	FreeBSD-SA-07:10
gentoo	GLSA-200709-09
mandriva	MDKSA-2007:173
misc	http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=251921
sectrack	1018599
secunia	26573 26590 26603 26604 26655 26673 26674 26781 26822 26984 27453 27861 28136 28255
sunalert	1021680
suse	SUSE-SR:2007:018
trustix	2007-0026
ubuntu	USN-506-1
vupen	ADV-2007-2958 ADV-2007-4238

Last major update

15-10-2018 - 21:33

Published

25-08-2007 - 00:17

Last modified

15-10-2018 - 21:33