Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20100701_PERL_ARCHIVE_TAR_ON_SL4_X.NASL
HistoryAug 01, 2012 - 12:00 a.m.

Scientific Linux Security Update : perl-Archive-Tar on SL4.x, SL5.x i386/x86_64

2012-08-0100:00:00
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
6

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

83.0%

JSON

Multiple directory traversal flaws were discovered in the Archive::Tar module. A specially crafted tar file could cause a Perl script, using the Archive::Tar module to extract the archive, to overwrite an arbitrary file writable by the user running the script.
(CVE-2007-4829)

This package upgrades the Archive::Tar module to version 1.39_01.

All applications using the Archive::Tar module must be restarted for this update to take effect.

Note: SL 40-45 needed perl-IO-Zlib

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(60811);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2007-4829");

  script_name(english:"Scientific Linux Security Update : perl-Archive-Tar on SL4.x, SL5.x i386/x86_64");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Multiple directory traversal flaws were discovered in the Archive::Tar
module. A specially crafted tar file could cause a Perl script, using
the Archive::Tar module to extract the archive, to overwrite an
arbitrary file writable by the user running the script.
(CVE-2007-4829)

This package upgrades the Archive::Tar module to version 1.39_01.

All applications using the Archive::Tar module must be restarted for
this update to take effect.

Note: SL 40-45 needed perl-IO-Zlib"
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1007&L=scientific-linux-errata&T=0&P=75
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?f7a3cd09"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected perl-Archive-Tar and / or perl-IO-Zlib packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_cwe_id(22);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/07/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL4", reference:"perl-Archive-Tar-1.39.1-1.el4_8.1")) flag++;
if (rpm_check(release:"SL4", reference:"perl-IO-Zlib-1.04-4.2.el4")) flag++;

if (rpm_check(release:"SL5", reference:"perl-Archive-Tar-1.39.1-1.el5_5.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
fermilabscientific_linuxx-cpe:/o:fermilab:scientific_linux

Related

oraclelinux 1
nessus 7
gentoo 1
seebug 1
cvelist 1
redhat 1
fedora 2
ubuntucve 1
openvas 18
nvd 1
debiancve 1
veracode 1
prion 1
cve 1
centos 1
ubuntu 2
oraclelinux
oraclelinux
perl-Archive-Tar security update
2010-07-01 00:00:00
nessus
nessus
Oracle Linux 4 / 5 : perl-Archive-Tar (ELSA-2010-0505)
2013-07-12 00:00:00
RHEL 4 / 5 : perl-Archive-Tar (RHSA-2010:0505)
2010-07-28 00:00:00
CentOS 4 / 5 : perl-Archive-Tar (CESA-2010:0505)
2010-07-13 00:00:00
gentoo
gentoo
Archive::Tar: Directory traversal vulnerability
2008-12-10 00:00:00
seebug
seebug
Perl Archive::Tarๆจกๅ—่ฟœ็จ‹็›ฎๅฝ•้ๅŽ†ๆผๆดž
2007-11-08 00:00:00
cvelist
cvelist
CVE-2007-4829
2007-11-02 16:00:00
redhat
redhat
(RHSA-2010:0505) Moderate: perl-Archive-Tar security update
2010-07-01 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: perl-5.10.0-52.fc10
2008-12-30 23:44:43
[SECURITY] Fedora 10 Update: perl-5.10.0-73.fc10
2009-07-16 07:33:06
ubuntucve
ubuntucve
CVE-2007-4829
2007-11-02 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200812-10 (Archive-Tar)
2008-12-23 00:00:00
Perl Archive::Tar Module Remote Directory Traversal Vulnerability
2010-07-06 00:00:00
RedHat Update for perl-Archive-Tar RHSA-2010:0505-01
2010-07-02 00:00:00
nvd
nvd
CVE-2007-4829
2007-11-02 16:46:00
debiancve
debiancve
CVE-2007-4829
2007-11-02 16:46:00
veracode
veracode
Arbitrary File Write
2020-04-10 00:45:30
prion
prion
Directory traversal
2007-11-02 16:46:00
cve
cve
CVE-2007-4829
2007-11-02 16:46:00
centos
centos
perl security update
2010-07-12 17:00:47
ubuntu
ubuntu
Perl vulnerabilities
2008-12-24 00:00:00
Perl regression
2009-01-15 00:00:00

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

83.0%

JSON
Related for SL_20100701_PERL_ARCHIVE_TAR_ON_SL4_X.NASL
oraclelinux1nessus7gentoo1seebug1cvelist1redhat1fedora2ubuntucve1openvas18nvd1debiancve1veracode1prion1cve1centos1ubuntu2