Showing 1 - 5 of 5

CVE-2007-4131

Status Candidate

Overview

Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.

Related Files

Debian Linux Security Advisory 1438-1: Posted Dec 29, 2007; Authored by Debian | Site debian.org; Debian Security Advisory 1438-1 - Several vulnerabilities have been discovered in GNU Tar. A directory traversal vulnerability enables attackers using specially crafted archives to extract contents outside the directory tree created by tar. A stack-based buffer overflow in the file name checking code may lead to arbitrary code execution when processing maliciously crafted archives.; tags | advisory, overflow, arbitrary, vulnerability, code execution; systems | linux, debian; advisories | CVE-2007-4131, CVE-2007-4476; SHA-256 | cdb091cdc7a22e2e70fc77812d2d98bb673e8958c2eb906c42c3d283d52a525e; Download | Favorite | View

FreeBSD-SA-07-10.gtar.txt: Posted Nov 30, 2007; Site security.freebsd.org; FreeBSD Security Advisory - Insufficient sanity checking of paths containing '.' and '..' allows gtar to overwrite arbitrary files on the system.; tags | advisory, arbitrary; systems | freebsd; advisories | CVE-2007-4131; SHA-256 | dcc19ef1a758f3087be980a876f9e362719306f374c5862dbc64840fe61c16ac; Download | Favorite | View

Gentoo Linux Security Advisory 200709-9: Posted Sep 18, 2007; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory GLSA 200709-09 - Dmitry V. Levin discovered a directory traversal vulnerability in the contains_dot_dot() function in file src/names.c. Versions less than 1.18-r2 are affected.; tags | advisory; systems | linux, gentoo; advisories | CVE-2007-4131; SHA-256 | b8e752fcba39278680d125f89cbfaa590d77d56976332487c361a209614c28a1; Download | Favorite | View

Mandriva Linux Security Advisory 2007.173: Posted Sep 6, 2007; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory - Dmitry V. Levin discovered a path traversal flaw in how GNU tar extracted archives. A malicious user could create a tar archive that could write to arbitrary fiels that the user running tar has write access to.; tags | advisory, arbitrary; systems | linux, mandriva; advisories | CVE-2007-4131; SHA-256 | a686299c7ad69af599405065a9fab46b18a1b9f6222ea2f6ef418008486957c6; Download | Favorite | View

Ubuntu Security Notice 506-1: Posted Aug 29, 2007; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 506-1 - Dmitry V. Levin discovered that tar did not correctly detect the ".." file path element when unpacking archives. If a user or an automated system were tricked into unpacking a specially crafted tar file, arbitrary files could be overwritten with user privileges.; tags | advisory, arbitrary; systems | linux, ubuntu; advisories | CVE-2007-4131; SHA-256 | 868c0f350de5b4d960f77c146c0e2ec1baa6f2d02c50b7efa5fd193b353ecbe1; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 293 files
Ubuntu 64 files
Debian 22 files
Gentoo 8 files
Google Security Research 7 files
LiquidWorm 6 files
Apple 5 files
Jann Horn 3 files
Spencer McIntyre 3 files
Milad Karimi 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,175)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,140)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,480)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,022)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

CVE-2007-4131

Overview

Related Files

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems