Lucene search

K

[email protected]CVE-2007-4131

HistoryAug 25, 2007 - 12:17 a.m.

CVE-2007-4131

2007-08-2500:17:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

36

gnu tar

cve-2007-4131

directory traversal

tar archive

nvd

6.2 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.024 Low

EPSS

Percentile

89.8%

Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //… (slash slash dot dot) sequences in directory symlinks in a TAR archive.

CPENameOperatorVersion
gnu:targnu tareq1.13
gnu:targnu tareq1.13.5
gnu:targnu tareq1.13.11
gnu:targnu tareq1.13.14
gnu:targnu tareq1.13.16
gnu:targnu tareq1.13.17
gnu:targnu tareq1.13.18
gnu:targnu tareq1.13.19
gnu:targnu tareq1.13.25
gnu:targnu tareq1.14

Rows per page:

1-10 of 161

References

bugzilla.redhat.com/bugzilla/show_bug.cgi?id=251921

docs.info.apple.com/article.html?artnum=307179

lists.apple.com/archives/security-announce/2007/Dec/msg00002.html

secunia.com/advisories/26573

secunia.com/advisories/26590

secunia.com/advisories/26603

secunia.com/advisories/26604

secunia.com/advisories/26655

secunia.com/advisories/26673

secunia.com/advisories/26674

secunia.com/advisories/26781

secunia.com/advisories/26822

secunia.com/advisories/26984

secunia.com/advisories/27453

secunia.com/advisories/27861

secunia.com/advisories/28136

secunia.com/advisories/28255

security.FreeBSD.org/advisories/FreeBSD-SA-07:10.gtar.asc

security.gentoo.org/glsa/glsa-200709-09.xml

sunsolve.sun.com/search/document.do?assetkey=1-77-1021680.1-1

support.avaya.com/elmodocs2/security/ASA-2007-383.htm

www.debian.org/security/2007/dsa-1438

www.mandriva.com/security/advisories?name=MDKSA-2007:173

www.novell.com/linux/security/advisories/2007_18_sr.html

www.redhat.com/support/errata/RHSA-2007-0860.html

www.securityfocus.com/archive/1/477731/100/0/threaded

www.securityfocus.com/archive/1/477865/100/0/threaded

www.securityfocus.com/bid/25417

www.securitytracker.com/id?1018599

www.trustix.org/errata/2007/0026/

www.ubuntu.com/usn/usn-506-1

www.us-cert.gov/cas/techalerts/TA07-352A.html

www.vupen.com/english/advisories/2007/2958

www.vupen.com/english/advisories/2007/4238

issues.rpath.com/browse/RPL-1631

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10420

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7779

www.redhat.com/archives/fedora-package-announce/2007-October/msg00370.html

6.2 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.024 Low

EPSS

Percentile

89.8%

Related for CVE-2007-4131

openvas25 nessus20 fedora3 centos1 freebsd1 ubuntucve1 oraclelinux1 veracode1 freebsd_advisory1 gentoo1 debiancve1 redhat1 prion1 ubuntu1 seebug1 debian1 osv1 securityvulns2