Vulnerability in Gnu Tar
CVE-2007-4131
Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR…
EPSS: 0.027 (84.2th percentile) — read the EPSS interpretation.
Affected products
- Gnu Tar — versions 1.13, 1.13.5, 1.13.11
- Rpath Rpath_linux — versions 1
- Redhat Enterprise_linux — versions 4.0, 5.0
- Redhat Enterprise_linux_desktop — versions 5.0
- N/a — versions n/a
References
- secalert@redhat.com (vdb-entry, x_refsource_SECTRACK)
- secalert@redhat.com (vendor-advisory, x_refsource_SUNALERT)
- secalert@redhat.com (x_refsource_CONFIRM)
- secalert@redhat.com (x_refsource_SECUNIA, third-party-advisory)
- secalert@redhat.com (x_refsource_SECUNIA, third-party-advisory)
- secalert@redhat.com (vdb-entry, x_refsource_VUPEN)
- secalert@redhat.com (US Government Resource, x_refsource_CERT, third-party-advisory)
- secalert@redhat.com (x_refsource_SECUNIA, third-party-advisory)
- secalert@redhat.com (x_refsource_SECUNIA, third-party-advisory)
- secalert@redhat.com (vendor-advisory, x_refsource_FEDORA)