ID CVE-2007-4131
Summary Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.
References
Vulnerable Configurations
  • cpe:2.3:o:redhat:enterprise_linux:4.0:-:as
    cpe:2.3:o:redhat:enterprise_linux:4.0:-:as
  • cpe:2.3:o:redhat:enterprise_linux:4.0:-:desktop
    cpe:2.3:o:redhat:enterprise_linux:4.0:-:desktop
  • cpe:2.3:o:redhat:enterprise_linux:4.0:-:es
    cpe:2.3:o:redhat:enterprise_linux:4.0:-:es
  • cpe:2.3:o:redhat:enterprise_linux:4.0:-:ws
    cpe:2.3:o:redhat:enterprise_linux:4.0:-:ws
  • cpe:2.3:o:redhat:enterprise_linux:5.0:-:server
    cpe:2.3:o:redhat:enterprise_linux:5.0:-:server
  • cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:-:client
    cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:-:client
  • cpe:2.3:o:rpath:rpath_linux:1
    cpe:2.3:o:rpath:rpath_linux:1
  • GNU tar 1.13
    cpe:2.3:a:gnu:tar:1.13
  • GNU tar 1.13.5
    cpe:2.3:a:gnu:tar:1.13.5
  • GNU tar 1.13.11
    cpe:2.3:a:gnu:tar:1.13.11
  • GNU tar 1.13.14
    cpe:2.3:a:gnu:tar:1.13.14
  • GNU tar 1.13.16
    cpe:2.3:a:gnu:tar:1.13.16
  • GNU tar 1.13.17
    cpe:2.3:a:gnu:tar:1.13.17
  • GNU tar 1.13.18
    cpe:2.3:a:gnu:tar:1.13.18
  • GNU tar 1.13.19
    cpe:2.3:a:gnu:tar:1.13.19
  • GNU tar 1.13.25
    cpe:2.3:a:gnu:tar:1.13.25
  • GNU tar 1.14
    cpe:2.3:a:gnu:tar:1.14
  • GNU tar 1.14.90
    cpe:2.3:a:gnu:tar:1.14.90
  • GNU tar 1.15
    cpe:2.3:a:gnu:tar:1.15
  • GNU tar 1.15.1
    cpe:2.3:a:gnu:tar:1.15.1
  • GNU tar 1.15.90
    cpe:2.3:a:gnu:tar:1.15.90
  • GNU tar 1.15.91
    cpe:2.3:a:gnu:tar:1.15.91
  • GNU tar 1.16
    cpe:2.3:a:gnu:tar:1.16
CVSS
Base: 6.8 (as of 27-08-2007 - 08:17)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_11723.NASL
    description This update fixes a directory traversal bug in tar. (CVE-2007-4131)
    last seen 2018-09-02
    modified 2012-04-23
    plugin id 41149
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41149
    title SuSE9 Security Update : tar (YOU Patch Number 11723)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0860.NASL
    description From Red Hat Security Advisory 2007:0860 : Updated tar package that fixes a path traversal flaw is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GNU tar program saves many files together in one archive and can restore individual files (or all of the files) from that archive. A path traversal flaw was discovered in the way GNU tar extracted archives. A malicious user could create a tar archive that could write to arbitrary files to which the user running GNU tar had write access. (CVE-2007-4131) Red Hat would like to thank Dmitry V. Levin for reporting this issue. Users of tar should upgrade to this updated package, which contains a replacement backported patch to correct this issue.
    last seen 2019-01-16
    modified 2018-07-18
    plugin id 67563
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67563
    title Oracle Linux 4 / 5 : tar (ELSA-2007-0860)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_D944719E42F4486489EDF045B541919F.NASL
    description Red Hat reports : A path traversal flaw was discovered in the way GNU tar extracted archives. A malicious user could create a tar archive that could write to arbitrary files to which the user running GNU tar had write access. Red Hat credits Dmitry V. Levin for reporting the issue.
    last seen 2019-01-16
    modified 2018-12-19
    plugin id 25967
    published 2007-09-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25967
    title FreeBSD : gtar -- Directory traversal vulnerability (d944719e-42f4-4864-89ed-f045b541919f)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_TAR-4125.NASL
    description This update fixes a directory traversal bug in tar. (CVE-2007-4131)
    last seen 2018-09-01
    modified 2012-05-17
    plugin id 29586
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29586
    title SuSE 10 Security Update : tar (ZYPP Patch Number 4125)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_TAR-4124.NASL
    description This update fixes a directory traversal bug in tar. (CVE-2007-4131)
    last seen 2018-09-02
    modified 2018-07-19
    plugin id 27464
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27464
    title openSUSE 10 Security Update : tar (tar-4124)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-1890.NASL
    description - Tue Aug 28 2007 Radek Brich 2:1.15.1-27 - fixed CVE-2007-4131 tar directory traversal vulnerability (#253684) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2015-10-21
    plugin id 27740
    published 2007-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27740
    title Fedora 7 : tar-1.15.1-27.fc7 (2007-1890)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1438.NASL
    description Several vulnerabilities have been discovered in GNU Tar. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-4131 A directory traversal vulnerability enables attackers using specially crafted archives to extract contents outside the directory tree created by tar. - CVE-2007-4476 A stack-based buffer overflow in the file name checking code may lead to arbitrary code execution when processing maliciously crafted archives.
    last seen 2019-01-16
    modified 2018-11-28
    plugin id 29805
    published 2007-12-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29805
    title Debian DSA-1438-1 : tar - several vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200709-09.NASL
    description The remote host is affected by the vulnerability described in GLSA-200709-09 (GNU Tar: Directory traversal vulnerability) Dmitry V. Levin discovered a directory traversal vulnerability in the contains_dot_dot() function in file src/names.c. Impact : By enticing a user to extract a specially crafted tar archive, a remote attacker could extract files to arbitrary locations outside of the specified directory with the permissions of the user running GNU Tar. Workaround : There is no known workaround at this time.
    last seen 2019-01-16
    modified 2018-08-10
    plugin id 26099
    published 2007-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26099
    title GLSA-200709-09 : GNU Tar: Directory traversal vulnerability
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-2673.NASL
    description - Wed Oct 24 2007 Radek Brich 2:1.15.1-28 - backported upstream patch for CVE-2007-4476 (tar stack crashing in safer_name_suffix) - Tue Aug 28 2007 Radek Brich 2:1.15.1-27 - fixed CVE-2007-4131 tar directory traversal vulnerability (#253684) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-11-28
    plugin id 27789
    published 2007-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27789
    title Fedora 7 : tar-1.15.1-28.fc7 (2007-2673)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_STAR-4174.NASL
    description This update fixes a directory traversal bug in star. (CVE-2007-4131)
    last seen 2018-09-01
    modified 2012-05-17
    plugin id 29583
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29583
    title SuSE 10 Security Update : star (ZYPP Patch Number 4174)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0860.NASL
    description Updated tar package that fixes a path traversal flaw is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GNU tar program saves many files together in one archive and can restore individual files (or all of the files) from that archive. A path traversal flaw was discovered in the way GNU tar extracted archives. A malicious user could create a tar archive that could write to arbitrary files to which the user running GNU tar had write access. (CVE-2007-4131) Red Hat would like to thank Dmitry V. Levin for reporting this issue. Users of tar should upgrade to this updated package, which contains a replacement backported patch to correct this issue.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 25949
    published 2007-08-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25949
    title CentOS 4 / 5 : tar (CESA-2007:0860)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-173.NASL
    description Dmitry V. Levin discovered a path traversal flaw in how GNU tar extracted archives. A malicious user could create a tar archive that could write to arbitrary fiels that the user running tar has write access to. Updated packages have been patched to prevent these issues.
    last seen 2019-01-16
    modified 2018-12-05
    plugin id 25983
    published 2007-09-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25983
    title Mandrake Linux Security Advisory : tar (MDKSA-2007:173)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20070823_TAR_ON_SL5_X.NASL
    description A path traversal flaw was discovered in the way GNU tar extracted archives. A malicious user could create a tar archive that could write to arbitrary files to which the user running GNU tar had write access. (CVE-2007-4131)
    last seen 2019-01-16
    modified 2019-01-07
    plugin id 60242
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60242
    title Scientific Linux Security Update : tar on SL5.x, SL4.x i386/x86_64
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2007-009.NASL
    description The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have Security Update 2007-009 applied. This update contains several security fixes for a large number of programs.
    last seen 2019-01-16
    modified 2018-07-14
    plugin id 29723
    published 2007-12-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29723
    title Mac OS X Multiple Vulnerabilities (Security Update 2007-009)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0860.NASL
    description Updated tar package that fixes a path traversal flaw is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GNU tar program saves many files together in one archive and can restore individual files (or all of the files) from that archive. A path traversal flaw was discovered in the way GNU tar extracted archives. A malicious user could create a tar archive that could write to arbitrary files to which the user running GNU tar had write access. (CVE-2007-4131) Red Hat would like to thank Dmitry V. Levin for reporting this issue. Users of tar should upgrade to this updated package, which contains a replacement backported patch to correct this issue.
    last seen 2019-01-16
    modified 2018-11-16
    plugin id 25948
    published 2007-08-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25948
    title RHEL 4 / 5 : tar (RHSA-2007:0860)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-506-1.NASL
    description Dmitry V. Levin discovered that tar did not correctly detect the '..' file path element when unpacking archives. If a user or an automated system were tricked into unpacking a specially crafted tar file, arbitrary files could be overwritten with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-11-28
    plugin id 28110
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28110
    title Ubuntu 6.06 LTS / 6.10 / 7.04 : tar vulnerability (USN-506-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_STAR-4173.NASL
    description This update fixes a directory traversal bug in star. (CVE-2007-4131)
    last seen 2018-09-02
    modified 2018-07-19
    plugin id 27459
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27459
    title openSUSE 10 Security Update : star (star-4173)
oval via4
  • accepted 2013-04-29T04:05:30.959-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.
    family unix
    id oval:org.mitre.oval:def:10420
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.
    version 24
  • accepted 2010-06-07T04:00:50.880-04:00
    class vulnerability
    contributors
    name Pai Peng
    organization Hewlett-Packard
    definition_extensions
    • comment Solaris 9 (SPARC) is installed
      oval oval:org.mitre.oval:def:1457
    • comment Solaris 10 (SPARC) is installed
      oval oval:org.mitre.oval:def:1440
    • comment Solaris 9 (x86) is installed
      oval oval:org.mitre.oval:def:1683
    • comment Solaris 10 (x86) is installed
      oval oval:org.mitre.oval:def:1926
    description Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.
    family unix
    id oval:org.mitre.oval:def:7779
    status accepted
    submitted 2010-03-26T14:24:08.000-04:00
    title Security Vulnerabilities in GNU tar (see gtar(1)) May Lead to Files Being Overwritten, Execution of Arbitrary Code, or a Denial of Service (DoS)
    version 32
redhat via4
advisories
bugzilla
id 251921
title CVE-2007-4131 tar directory traversal vulnerability
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhsa:tst:20060016001
    • comment tar is earlier than 0:1.14-12.5.1.RHEL4
      oval oval:com.redhat.rhsa:tst:20070860002
    • comment tar is signed with Red Hat master key
      oval oval:com.redhat.rhsa:tst:20060749003
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • comment tar is earlier than 2:1.15.1-23.0.1.el5
      oval oval:com.redhat.rhsa:tst:20070860005
    • comment tar is signed with Red Hat redhatrelease key
      oval oval:com.redhat.rhsa:tst:20070860006
rhsa
id RHSA-2007:0860
released 2007-08-23
severity Moderate
title RHSA-2007:0860: tar security update (Moderate)
rpms
  • tar-0:1.14-12.5.1.RHEL4
  • tar-2:1.15.1-23.0.1.el5
refmap via4
apple APPLE-SA-2007-12-17
bid 25417
bugtraq
  • 20070825 rPSA-2007-0172-1 tar
  • 20070827 FLEA-2007-0049-1 tar
cert TA07-352A
confirm
debian DSA-1438
fedora FEDORA-2007-2673
freebsd FreeBSD-SA-07:10
gentoo GLSA-200709-09
mandriva MDKSA-2007:173
misc http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=251921
sectrack 1018599
secunia
  • 26573
  • 26590
  • 26603
  • 26604
  • 26655
  • 26673
  • 26674
  • 26781
  • 26822
  • 26984
  • 27453
  • 27861
  • 28136
  • 28255
sunalert 1021680
suse SUSE-SR:2007:018
trustix 2007-0026
ubuntu USN-506-1
vupen
  • ADV-2007-2958
  • ADV-2007-4238
Last major update 07-03-2011 - 21:57
Published 24-08-2007 - 20:17
Last modified 15-10-2018 - 17:33
Back to Top