6.8

CVE-2007-4131

Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnuTar Version1.13
   RedhatEnterprise Linux Version4.0 Editionas
   RedhatEnterprise Linux Version4.0 Editiondesktop
   RedhatEnterprise Linux Version4.0 Editiones
   RedhatEnterprise Linux Version4.0 Editionws
   RedhatEnterprise Linux Version5.0 Editionserver
   RedhatEnterprise Linux Desktop Version5.0 Editionclient
   RpathRpath Linux Version1
GnuTar Version1.13.5
   RedhatEnterprise Linux Version4.0 Editionas
   RedhatEnterprise Linux Version4.0 Editiondesktop
   RedhatEnterprise Linux Version4.0 Editiones
   RedhatEnterprise Linux Version4.0 Editionws
   RedhatEnterprise Linux Version5.0 Editionserver
   RedhatEnterprise Linux Desktop Version5.0 Editionclient
   RpathRpath Linux Version1
GnuTar Version1.13.11
   RedhatEnterprise Linux Version4.0 Editionas
   RedhatEnterprise Linux Version4.0 Editiondesktop
   RedhatEnterprise Linux Version4.0 Editiones
   RedhatEnterprise Linux Version4.0 Editionws
   RedhatEnterprise Linux Version5.0 Editionserver
   RedhatEnterprise Linux Desktop Version5.0 Editionclient
   RpathRpath Linux Version1
GnuTar Version1.13.14
   RedhatEnterprise Linux Version4.0 Editionas
   RedhatEnterprise Linux Version4.0 Editiondesktop
   RedhatEnterprise Linux Version4.0 Editiones
   RedhatEnterprise Linux Version4.0 Editionws
   RedhatEnterprise Linux Version5.0 Editionserver
   RedhatEnterprise Linux Desktop Version5.0 Editionclient
   RpathRpath Linux Version1
GnuTar Version1.13.16
   RedhatEnterprise Linux Version4.0 Editionas
   RedhatEnterprise Linux Version4.0 Editiondesktop
   RedhatEnterprise Linux Version4.0 Editiones
   RedhatEnterprise Linux Version4.0 Editionws
   RedhatEnterprise Linux Version5.0 Editionserver
   RedhatEnterprise Linux Desktop Version5.0 Editionclient
   RpathRpath Linux Version1
GnuTar Version1.13.17
   RedhatEnterprise Linux Version4.0 Editionas
   RedhatEnterprise Linux Version4.0 Editiondesktop
   RedhatEnterprise Linux Version4.0 Editiones
   RedhatEnterprise Linux Version4.0 Editionws
   RedhatEnterprise Linux Version5.0 Editionserver
   RedhatEnterprise Linux Desktop Version5.0 Editionclient
   RpathRpath Linux Version1
GnuTar Version1.13.18
   RedhatEnterprise Linux Version4.0 Editionas
   RedhatEnterprise Linux Version4.0 Editiondesktop
   RedhatEnterprise Linux Version4.0 Editiones
   RedhatEnterprise Linux Version4.0 Editionws
   RedhatEnterprise Linux Version5.0 Editionserver
   RedhatEnterprise Linux Desktop Version5.0 Editionclient
   RpathRpath Linux Version1
GnuTar Version1.13.19
   RedhatEnterprise Linux Version4.0 Editionas
   RedhatEnterprise Linux Version4.0 Editiondesktop
   RedhatEnterprise Linux Version4.0 Editiones
   RedhatEnterprise Linux Version4.0 Editionws
   RedhatEnterprise Linux Version5.0 Editionserver
   RedhatEnterprise Linux Desktop Version5.0 Editionclient
   RpathRpath Linux Version1
GnuTar Version1.13.25
   RedhatEnterprise Linux Version4.0 Editionas
   RedhatEnterprise Linux Version4.0 Editiondesktop
   RedhatEnterprise Linux Version4.0 Editiones
   RedhatEnterprise Linux Version4.0 Editionws
   RedhatEnterprise Linux Version5.0 Editionserver
   RedhatEnterprise Linux Desktop Version5.0 Editionclient
   RpathRpath Linux Version1
GnuTar Version1.14
   RedhatEnterprise Linux Version4.0 Editionas
   RedhatEnterprise Linux Version4.0 Editiondesktop
   RedhatEnterprise Linux Version4.0 Editiones
   RedhatEnterprise Linux Version4.0 Editionws
   RedhatEnterprise Linux Version5.0 Editionserver
   RedhatEnterprise Linux Desktop Version5.0 Editionclient
   RpathRpath Linux Version1
GnuTar Version1.14.90
   RedhatEnterprise Linux Version4.0 Editionas
   RedhatEnterprise Linux Version4.0 Editiondesktop
   RedhatEnterprise Linux Version4.0 Editiones
   RedhatEnterprise Linux Version4.0 Editionws
   RedhatEnterprise Linux Version5.0 Editionserver
   RedhatEnterprise Linux Desktop Version5.0 Editionclient
   RpathRpath Linux Version1
GnuTar Version1.15
   RedhatEnterprise Linux Version4.0 Editionas
   RedhatEnterprise Linux Version4.0 Editiondesktop
   RedhatEnterprise Linux Version4.0 Editiones
   RedhatEnterprise Linux Version4.0 Editionws
   RedhatEnterprise Linux Version5.0 Editionserver
   RedhatEnterprise Linux Desktop Version5.0 Editionclient
   RpathRpath Linux Version1
GnuTar Version1.15.1
   RedhatEnterprise Linux Version4.0 Editionas
   RedhatEnterprise Linux Version4.0 Editiondesktop
   RedhatEnterprise Linux Version4.0 Editiones
   RedhatEnterprise Linux Version4.0 Editionws
   RedhatEnterprise Linux Version5.0 Editionserver
   RedhatEnterprise Linux Desktop Version5.0 Editionclient
   RpathRpath Linux Version1
GnuTar Version1.15.90
   RedhatEnterprise Linux Version4.0 Editionas
   RedhatEnterprise Linux Version4.0 Editiondesktop
   RedhatEnterprise Linux Version4.0 Editiones
   RedhatEnterprise Linux Version4.0 Editionws
   RedhatEnterprise Linux Version5.0 Editionserver
   RedhatEnterprise Linux Desktop Version5.0 Editionclient
   RpathRpath Linux Version1
GnuTar Version1.15.91
   RedhatEnterprise Linux Version4.0 Editionas
   RedhatEnterprise Linux Version4.0 Editiondesktop
   RedhatEnterprise Linux Version4.0 Editiones
   RedhatEnterprise Linux Version4.0 Editionws
   RedhatEnterprise Linux Version5.0 Editionserver
   RedhatEnterprise Linux Desktop Version5.0 Editionclient
   RpathRpath Linux Version1
GnuTar Version1.16
   RedhatEnterprise Linux Version4.0 Editionas
   RedhatEnterprise Linux Version4.0 Editiondesktop
   RedhatEnterprise Linux Version4.0 Editiones
   RedhatEnterprise Linux Version4.0 Editionws
   RedhatEnterprise Linux Version5.0 Editionserver
   RedhatEnterprise Linux Desktop Version5.0 Editionclient
   RpathRpath Linux Version1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.74% 0.842
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/26604
http://secunia.com/advisories/26673
http://www.securityfocus.com/archive/1/477731/100/0/threaded
http://www.securityfocus.com/archive/1/477865/100/0/threaded
https://issues.rpath.com/browse/RPL-1631
http://docs.info.apple.com/article.html?artnum=307179
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
http://secunia.com/advisories/28136
http://www.us-cert.gov/cas/techalerts/TA07-352A.html
US Government Resource
http://www.vupen.com/english/advisories/2007/4238
http://secunia.com/advisories/26822
http://www.trustix.org/errata/2007/0026/
http://secunia.com/advisories/26674
http://www.novell.com/linux/security/advisories/2007_18_sr.html
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=251921
http://secunia.com/advisories/26573
http://secunia.com/advisories/26590
http://secunia.com/advisories/26603
http://secunia.com/advisories/26655
http://secunia.com/advisories/26781
http://secunia.com/advisories/26984
http://secunia.com/advisories/27453
http://secunia.com/advisories/27861
http://secunia.com/advisories/28255
http://security.FreeBSD.org/advisories/FreeBSD-SA-07:10.gtar.asc
http://security.gentoo.org/glsa/glsa-200709-09.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021680.1-1
http://support.avaya.com/elmodocs2/security/ASA-2007-383.htm
http://www.debian.org/security/2007/dsa-1438
http://www.mandriva.com/security/advisories?name=MDKSA-2007:173
http://www.redhat.com/support/errata/RHSA-2007-0860.html
Patch
http://www.securityfocus.com/bid/25417
http://www.securitytracker.com/id?1018599
http://www.ubuntu.com/usn/usn-506-1
http://www.vupen.com/english/advisories/2007/2958
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10420
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7779
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00370.html