{"id": "ELSA-2007-0873", "bulletinFamily": "unix", "title": "Moderate: star security update ", "description": " [1.5a08-5]\n - fix directory traversal vulnerability CVE-2007-4134\n - Resolves: rhbz#254130 ", "published": "2007-09-04T00:00:00", "modified": "2007-09-04T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "http://linux.oracle.com/errata/ELSA-2007-0873.html", "reporter": "Oracle", "references": [], "cvelist": ["CVE-2007-4134"], "type": "oraclelinux", "lastseen": "2019-05-29T18:39:39", "edition": 4, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-4134"]}, {"type": "openvas", "idList": ["OPENVAS:861547", "OPENVAS:58702"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-200710-23.NASL", "SL_20070904_STAR_ON_SL5_X.NASL", "REDHAT-RHSA-2007-0873.NASL", "CENTOS_RHSA-2007-0873.NASL", "ORACLELINUX_ELSA-2007-0873.NASL", "FEDORA_2007-1852.NASL"]}, {"type": "redhat", "idList": ["RHSA-2007:0873"]}, {"type": "centos", "idList": ["CESA-2007:0873"]}, {"type": "gentoo", "idList": ["GLSA-200710-23"]}, {"type": "osvdb", "idList": ["OSVDB:39576"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:1320"]}], "modified": "2019-05-29T18:39:39", "rev": 2}, "score": {"value": 6.2, "vector": "NONE", "modified": "2019-05-29T18:39:39", "rev": 2}, "vulnersScore": 6.2}, "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "arch": "ia64", "operator": "lt", "packageFilename": "star-1.5a75-2.ia64.rpm", "packageName": "star", "packageVersion": "1.5a75-2"}, {"OS": "Oracle Linux", "OSVersion": "3", "arch": "src", "operator": "lt", "packageFilename": "star-1.5a08-5.src.rpm", "packageName": "star", "packageVersion": "1.5a08-5"}, {"OS": "Oracle Linux", "OSVersion": "3", "arch": "src", "operator": "lt", "packageFilename": "star-1.5a08-5.src.rpm", "packageName": "star", "packageVersion": "1.5a08-5"}, {"OS": "Oracle Linux", "OSVersion": "5", "arch": "x86_64", "operator": "lt", "packageFilename": "star-1.5a75-2.x86_64.rpm", "packageName": "star", "packageVersion": "1.5a75-2"}, {"OS": "Oracle Linux", "OSVersion": "4", "arch": "x86_64", "operator": "lt", "packageFilename": "star-1.5a25-8.x86_64.rpm", "packageName": "star", "packageVersion": "1.5a25-8"}, {"OS": "Oracle Linux", "OSVersion": "3", "arch": "x86_64", "operator": "lt", "packageFilename": "star-1.5a08-5.x86_64.rpm", "packageName": "star", "packageVersion": "1.5a08-5"}, {"OS": "Oracle Linux", "OSVersion": "4", "arch": "i386", "operator": "lt", "packageFilename": "star-1.5a25-8.i386.rpm", "packageName": "star", "packageVersion": "1.5a25-8"}, {"OS": "Oracle Linux", "OSVersion": "4", "arch": "src", "operator": "lt", "packageFilename": "star-1.5a25-8.src.rpm", "packageName": "star", "packageVersion": "1.5a25-8"}, {"OS": "Oracle Linux", "OSVersion": "4", "arch": "src", "operator": "lt", "packageFilename": "star-1.5a25-8.src.rpm", "packageName": "star", "packageVersion": "1.5a25-8"}, {"OS": "Oracle Linux", "OSVersion": "4", "arch": "src", "operator": "lt", "packageFilename": "star-1.5a25-8.src.rpm", "packageName": "star", "packageVersion": "1.5a25-8"}, {"OS": "Oracle Linux", "OSVersion": "5", "arch": "i386", "operator": "lt", "packageFilename": "star-1.5a75-2.i386.rpm", "packageName": "star", "packageVersion": "1.5a75-2"}, {"OS": "Oracle Linux", "OSVersion": "4", "arch": "ia64", "operator": "lt", "packageFilename": "star-1.5a25-8.ia64.rpm", "packageName": "star", "packageVersion": "1.5a25-8"}, {"OS": "Oracle Linux", "OSVersion": "5", "arch": "src", "operator": "lt", "packageFilename": "star-1.5a75-2.src.rpm", "packageName": "star", "packageVersion": "1.5a75-2"}, {"OS": "Oracle Linux", "OSVersion": "5", "arch": "src", "operator": "lt", "packageFilename": "star-1.5a75-2.src.rpm", "packageName": "star", "packageVersion": "1.5a75-2"}, {"OS": "Oracle Linux", "OSVersion": "5", "arch": "src", "operator": "lt", "packageFilename": "star-1.5a75-2.src.rpm", "packageName": "star", "packageVersion": "1.5a75-2"}, {"OS": "Oracle Linux", "OSVersion": "3", "arch": "i386", "operator": "lt", "packageFilename": "star-1.5a08-5.i386.rpm", "packageName": "star", "packageVersion": "1.5a08-5"}], "scheme": null}

{"cve": [{"lastseen": "2020-10-03T11:45:53", "description": "Directory traversal vulnerability in extract.c in star before 1.5a84 allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.", "edition": 3, "cvss3": {}, "published": "2007-08-30T22:17:00", "title": "CVE-2007-4134", "type": "cve", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-4134"], "modified": "2018-10-15T21:33:00", "cpe": ["cpe:/o:redhat:fedora:7"], "id": "CVE-2007-4134", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4134", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:redhat:fedora:7:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:35", "bulletinFamily": "software", "cvelist": ["CVE-2007-4134"], "description": "## Solution Description\nUpgrade to version 1.5a84 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\n[Vendor Specific Advisory URL]( \thttp://support.avaya.com/elmodocs2/security/ASA-2007-414.htm)\n[Secunia Advisory ID:26673](https://secuniaresearch.flexerasoftware.com/advisories/26673/)\n[Secunia Advisory ID:26857](https://secuniaresearch.flexerasoftware.com/advisories/26857/)\n[Secunia Advisory ID:26626](https://secuniaresearch.flexerasoftware.com/advisories/26626/)\n[Secunia Advisory ID:26672](https://secuniaresearch.flexerasoftware.com/advisories/26672/)\n[Secunia Advisory ID:27318](https://secuniaresearch.flexerasoftware.com/advisories/27318/)\n[Secunia Advisory ID:27544](https://secuniaresearch.flexerasoftware.com/advisories/27544/)\nRedHat RHSA: RHSA-2007:0873\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200710-23.xml\nOther Advisory URL: https://bugs.gentoo.org/show_bug.cgi?id=189690\nMail List Post: http://lists.rpath.com/pipermail/security-announce/2007-September/000232.html\n[CVE-2007-4134](https://vulners.com/cve/CVE-2007-4134)\n", "edition": 1, "modified": "2007-08-25T00:00:00", "published": "2007-08-25T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:39576", "id": "OSVDB:39576", "title": "star extract.c TAR Archive Traversal Arbitrary File Overwrite", "type": "osvdb", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:19", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4134"], "description": "### Background\n\nThe Star program provides the ability to create and extract tar archives. \n\n### Description\n\nRobert Buchholz of the Gentoo Security team discovered a directory traversal vulnerability in the has_dotdot() function which does not identify //.. (slash slash dot dot) sequences in file names inside tar files. \n\n### Impact\n\nBy enticing a user to extract a specially crafted tar archive, a remote attacker could extract files to arbitrary locations outside of the specified directory with the permissions of the user running Star. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Star users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-arch/star-1.5_alpha84\"", "edition": 1, "modified": "2007-10-22T00:00:00", "published": "2007-10-22T00:00:00", "id": "GLSA-200710-23", "href": "https://security.gentoo.org/glsa/200710-23", "type": "gentoo", "title": "Star: Directory traversal vulnerability", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4134"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200710-23.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:58702", "href": "http://plugins.openvas.org/nasl.php?oid=58702", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200710-23 (star)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A directory traversal vulnerability has been discovered in Star.\";\ntag_solution = \"All Star users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-arch/star-1.5_alpha84'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200710-23\nhttp://bugs.gentoo.org/show_bug.cgi?id=189690\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200710-23.\";\n\n \n\nif(description)\n{\n script_id(58702);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2007-4134\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200710-23 (star)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"app-arch/star\", unaffected: make_list(\"ge 1.5_alpha84\"), vulnerable: make_list(\"lt 1.5_alpha84\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4134"], "description": "Check for the Version of star", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:861547", "href": "http://plugins.openvas.org/nasl.php?oid=861547", "type": "openvas", "title": "Fedora Update for star FEDORA-2007-1852", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for star FEDORA-2007-1852\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"star on Fedora 7\";\ntag_insight = \"Star saves many files together into a single tape or disk archive,\n and can restore individual files from the archive. Star supports ACL.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-August/msg00425.html\");\n script_id(861547);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 15:48:41 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2007-1852\");\n script_cve_id(\"CVE-2007-4134\");\n script_name( \"Fedora Update for star FEDORA-2007-1852\");\n\n script_summary(\"Check for the Version of star\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"star\", rpm:\"star~1.5a84~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"star\", rpm:\"star~1.5a84~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"star-debuginfo\", rpm:\"star-debuginfo~1.5a84~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"star\", rpm:\"star~1.5a84~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"star-debuginfo\", rpm:\"star-debuginfo~1.5a84~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2019-12-20T18:24:51", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4134"], "description": "**CentOS Errata and Security Advisory** CESA-2007:0873\n\n\nStar is a tar-like archiver. It saves multiple files into a single tape or\r\ndisk archive, and can restore individual files from the archive. Star\r\nincludes multi-volume support, automatic archive format detection and ACL\r\nsupport.\r\n\r\nA path traversal flaw was discovered in the way star extracted archives. A\r\nmalicious user could create a tar archive that would cause star to write to\r\narbitrary files to which the user running star had write access.\r\n(CVE-2007-4134)\r\n\r\nRed Hat would like to thank Robert Buchholz for reporting this issue.\r\n\r\nAs well, this update adds the command line argument \"-..\" to the Red Hat\r\nEnterprise Linux 3 version of star. This allows star to extract files\r\ncontaining \"/../\" in their pathname.\r\n\r\nUsers of star should upgrade to this updated package, which contain\r\nbackported patches to correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/026200.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/026201.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/026205.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/026207.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/026210.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/026212.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/026213.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/026217.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/026218.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/026219.html\n\n**Affected packages:**\nstar\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-0873.html", "edition": 4, "modified": "2007-09-07T08:20:49", "published": "2007-09-04T21:30:08", "href": "http://lists.centos.org/pipermail/centos-announce/2007-September/026200.html", "id": "CESA-2007:0873", "title": "star security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:44:33", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4134"], "description": "Star is a tar-like archiver. It saves multiple files into a single tape or\r\ndisk archive, and can restore individual files from the archive. Star\r\nincludes multi-volume support, automatic archive format detection and ACL\r\nsupport.\r\n\r\nA path traversal flaw was discovered in the way star extracted archives. A\r\nmalicious user could create a tar archive that would cause star to write to\r\narbitrary files to which the user running star had write access.\r\n(CVE-2007-4134)\r\n\r\nRed Hat would like to thank Robert Buchholz for reporting this issue.\r\n\r\nAs well, this update adds the command line argument \"-..\" to the Red Hat\r\nEnterprise Linux 3 version of star. This allows star to extract files\r\ncontaining \"/../\" in their pathname.\r\n\r\nUsers of star should upgrade to this updated package, which contain\r\nbackported patches to correct these issues.", "modified": "2017-09-08T12:16:52", "published": "2007-09-04T04:00:00", "id": "RHSA-2007:0873", "href": "https://access.redhat.com/errata/RHSA-2007:0873", "type": "redhat", "title": "(RHSA-2007:0873) Moderate: star security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4134"], "description": "Star saves many files together into a single tape or disk archive, and can restore individual files from the archive. Star supports ACL. ", "modified": "2007-08-27T20:53:00", "published": "2007-08-27T20:53:00", "id": "FEDORA:L7RKQRHN018653", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: star-1.5a84-2.fc7", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-06T09:25:11", "description": "An updated star package that fixes a path traversal flaw is now\navailable.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nStar is a tar-like archiver. It saves multiple files into a single\ntape or disk archive, and can restore individual files from the\narchive. Star includes multi-volume support, automatic archive format\ndetection and ACL support.\n\nA path traversal flaw was discovered in the way star extracted\narchives. A malicious user could create a tar archive that would cause\nstar to write to arbitrary files to which the user running star had\nwrite access. (CVE-2007-4134)\n\nRed Hat would like to thank Robert Buchholz for reporting this issue.\n\nAs well, this update adds the command line argument '-..' to the Red\nHat Enterprise Linux 3 version of star. This allows star to extract\nfiles containing '/../' in their pathname.\n\nUsers of star should upgrade to this updated package, which contain\nbackported patches to correct these issues.", "edition": 27, "published": "2007-09-05T00:00:00", "title": "CentOS 3 / 4 / 5 : star (CESA-2007:0873)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4134"], "modified": "2007-09-05T00:00:00", "cpe": ["cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:star", "cpe:/o:centos:centos:5", "cpe:/o:centos:centos:3"], "id": "CENTOS_RHSA-2007-0873.NASL", "href": "https://www.tenable.com/plugins/nessus/25972", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0873 and \n# CentOS Errata and Security Advisory 2007:0873 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(25972);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-4134\");\n script_bugtraq_id(25417);\n script_xref(name:\"RHSA\", value:\"2007:0873\");\n\n script_name(english:\"CentOS 3 / 4 / 5 : star (CESA-2007:0873)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated star package that fixes a path traversal flaw is now\navailable.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nStar is a tar-like archiver. It saves multiple files into a single\ntape or disk archive, and can restore individual files from the\narchive. Star includes multi-volume support, automatic archive format\ndetection and ACL support.\n\nA path traversal flaw was discovered in the way star extracted\narchives. A malicious user could create a tar archive that would cause\nstar to write to arbitrary files to which the user running star had\nwrite access. (CVE-2007-4134)\n\nRed Hat would like to thank Robert Buchholz for reporting this issue.\n\nAs well, this update adds the command line argument '-..' to the Red\nHat Enterprise Linux 3 version of star. This allows star to extract\nfiles containing '/../' in their pathname.\n\nUsers of star should upgrade to this updated package, which contain\nbackported patches to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-September/014162.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a266a5b7\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-September/014163.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e1aa6292\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-September/014167.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7b587b06\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-September/014169.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cfe36240\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-September/014174.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?02e483ca\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-September/014175.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?435b5817\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-September/014180.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3e996603\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-September/014181.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?90a4320d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected star package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(22);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:star\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/08/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/09/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/09/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x / 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"star-1.5a08-5\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", reference:\"star-1.5a25-8\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"star-1.5a75-2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"star\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:52:16", "description": "The remote host is affected by the vulnerability described in GLSA-200710-23\n(Star: Directory traversal vulnerability)\n\n Robert Buchholz of the Gentoo Security team discovered a directory\n traversal vulnerability in the has_dotdot() function which does not\n identify //.. (slash slash dot dot) sequences in file names inside tar\n files.\n \nImpact :\n\n By enticing a user to extract a specially crafted tar archive, a remote\n attacker could extract files to arbitrary locations outside of the\n specified directory with the permissions of the user running Star.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 24, "published": "2007-10-25T00:00:00", "title": "GLSA-200710-23 : Star: Directory traversal vulnerability", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4134"], "modified": "2007-10-25T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:star"], "id": "GENTOO_GLSA-200710-23.NASL", "href": "https://www.tenable.com/plugins/nessus/27555", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200710-23.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27555);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-4134\");\n script_xref(name:\"GLSA\", value:\"200710-23\");\n\n script_name(english:\"GLSA-200710-23 : Star: Directory traversal vulnerability\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200710-23\n(Star: Directory traversal vulnerability)\n\n Robert Buchholz of the Gentoo Security team discovered a directory\n traversal vulnerability in the has_dotdot() function which does not\n identify //.. (slash slash dot dot) sequences in file names inside tar\n files.\n \nImpact :\n\n By enticing a user to extract a specially crafted tar archive, a remote\n attacker could extract files to arbitrary locations outside of the\n specified directory with the permissions of the user running Star.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200710-23\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Star users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-arch/star-1.5_alpha84'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(22);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:star\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-arch/star\", unaffected:make_list(\"ge 1.5_alpha84\"), vulnerable:make_list(\"lt 1.5_alpha84\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Star\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:06:04", "description": " - Mon Aug 27 2007 Peter Vrabec <pvrabec at redhat.com>\n 1.5a84-2\n\n - fix segfault of data-change-warn option (#255261),\n patch from dkopecek at redhat.com\n\n - Fri Aug 24 2007 Peter Vrabec <pvrabec at redhat.com>\n 1.5a84-1\n\n - new upstream release with CVE-2007-4134 fix\n\n - Sun Jun 24 2007 Peter Vrabec <pvrabec at redhat.com>\n 1.5a76-3\n\n - build star on ARM platforms (#245465)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2007-11-06T00:00:00", "title": "Fedora 7 : star-1.5a84-2.fc7 (2007-1852)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4134"], "modified": "2007-11-06T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:7", "p-cpe:/a:fedoraproject:fedora:star", "p-cpe:/a:fedoraproject:fedora:star-debuginfo"], "id": "FEDORA_2007-1852.NASL", "href": "https://www.tenable.com/plugins/nessus/27737", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-1852.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27737);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2007-4134\");\n script_xref(name:\"FEDORA\", value:\"2007-1852\");\n\n script_name(english:\"Fedora 7 : star-1.5a84-2.fc7 (2007-1852)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Mon Aug 27 2007 Peter Vrabec <pvrabec at redhat.com>\n 1.5a84-2\n\n - fix segfault of data-change-warn option (#255261),\n patch from dkopecek at redhat.com\n\n - Fri Aug 24 2007 Peter Vrabec <pvrabec at redhat.com>\n 1.5a84-1\n\n - new upstream release with CVE-2007-4134 fix\n\n - Sun Jun 24 2007 Peter Vrabec <pvrabec at redhat.com>\n 1.5a76-3\n\n - build star on ARM platforms (#245465)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-August/003454.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?667b9ac6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected star and / or star-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(22);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:star\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:star-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"star-1.5a84-2.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"star-debuginfo-1.5a84-2.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"star / star-debuginfo\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T12:44:02", "description": "From Red Hat Security Advisory 2007:0873 :\n\nAn updated star package that fixes a path traversal flaw is now\navailable.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nStar is a tar-like archiver. It saves multiple files into a single\ntape or disk archive, and can restore individual files from the\narchive. Star includes multi-volume support, automatic archive format\ndetection and ACL support.\n\nA path traversal flaw was discovered in the way star extracted\narchives. A malicious user could create a tar archive that would cause\nstar to write to arbitrary files to which the user running star had\nwrite access. (CVE-2007-4134)\n\nRed Hat would like to thank Robert Buchholz for reporting this issue.\n\nAs well, this update adds the command line argument '-..' to the Red\nHat Enterprise Linux 3 version of star. This allows star to extract\nfiles containing '/../' in their pathname.\n\nUsers of star should upgrade to this updated package, which contain\nbackported patches to correct these issues.", "edition": 25, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 3 / 4 / 5 : star (ELSA-2007-0873)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4134"], "modified": "2013-07-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:3", "p-cpe:/a:oracle:linux:star", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2007-0873.NASL", "href": "https://www.tenable.com/plugins/nessus/67565", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2007:0873 and \n# Oracle Linux Security Advisory ELSA-2007-0873 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67565);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-4134\");\n script_bugtraq_id(25417);\n script_xref(name:\"RHSA\", value:\"2007:0873\");\n\n script_name(english:\"Oracle Linux 3 / 4 / 5 : star (ELSA-2007-0873)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2007:0873 :\n\nAn updated star package that fixes a path traversal flaw is now\navailable.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nStar is a tar-like archiver. It saves multiple files into a single\ntape or disk archive, and can restore individual files from the\narchive. Star includes multi-volume support, automatic archive format\ndetection and ACL support.\n\nA path traversal flaw was discovered in the way star extracted\narchives. A malicious user could create a tar archive that would cause\nstar to write to arbitrary files to which the user running star had\nwrite access. (CVE-2007-4134)\n\nRed Hat would like to thank Robert Buchholz for reporting this issue.\n\nAs well, this update adds the command line argument '-..' to the Red\nHat Enterprise Linux 3 version of star. This allows star to extract\nfiles containing '/../' in their pathname.\n\nUsers of star should upgrade to this updated package, which contain\nbackported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-September/000312.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-September/000315.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-September/000317.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected star package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(22);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:star\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/08/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/09/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"star-1.5a08-5\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"star-1.5a08-5\")) flag++;\n\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"star-1.5a25-8\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"star-1.5a25-8\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"star-1.5a75-2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"star\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:05:53", "description": "An updated star package that fixes a path traversal flaw is now\navailable.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nStar is a tar-like archiver. It saves multiple files into a single\ntape or disk archive, and can restore individual files from the\narchive. Star includes multi-volume support, automatic archive format\ndetection and ACL support.\n\nA path traversal flaw was discovered in the way star extracted\narchives. A malicious user could create a tar archive that would cause\nstar to write to arbitrary files to which the user running star had\nwrite access. (CVE-2007-4134)\n\nRed Hat would like to thank Robert Buchholz for reporting this issue.\n\nAs well, this update adds the command line argument '-..' to the Red\nHat Enterprise Linux 3 version of star. This allows star to extract\nfiles containing '/../' in their pathname.\n\nUsers of star should upgrade to this updated package, which contain\nbackported patches to correct these issues.", "edition": 28, "published": "2007-09-05T00:00:00", "title": "RHEL 3 / 4 / 5 : star (RHSA-2007:0873)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4134"], "modified": "2007-09-05T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:star", "cpe:/o:redhat:enterprise_linux:4.5"], "id": "REDHAT-RHSA-2007-0873.NASL", "href": "https://www.tenable.com/plugins/nessus/25988", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0873. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(25988);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-4134\");\n script_bugtraq_id(25417);\n script_xref(name:\"RHSA\", value:\"2007:0873\");\n\n script_name(english:\"RHEL 3 / 4 / 5 : star (RHSA-2007:0873)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated star package that fixes a path traversal flaw is now\navailable.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nStar is a tar-like archiver. It saves multiple files into a single\ntape or disk archive, and can restore individual files from the\narchive. Star includes multi-volume support, automatic archive format\ndetection and ACL support.\n\nA path traversal flaw was discovered in the way star extracted\narchives. A malicious user could create a tar archive that would cause\nstar to write to arbitrary files to which the user running star had\nwrite access. (CVE-2007-4134)\n\nRed Hat would like to thank Robert Buchholz for reporting this issue.\n\nAs well, this update adds the command line argument '-..' to the Red\nHat Enterprise Linux 3 version of star. This allows star to extract\nfiles containing '/../' in their pathname.\n\nUsers of star should upgrade to this updated package, which contain\nbackported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-4134\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2007:0873\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected star package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(22);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:star\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/08/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/09/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/09/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:0873\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"star-1.5a08-5\")) flag++;\n\n\n if (rpm_check(release:\"RHEL4\", reference:\"star-1.5a25-8\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"star-1.5a75-2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"star-1.5a75-2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"star-1.5a75-2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"star\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:43:46", "description": "A path traversal flaw was discovered in the way star extracted\narchives. A malicious user could create a tar archive that would cause\nstar to write to arbitrary files to which the user running star had\nwrite access. (CVE-2007-4134)\n\nAs well, this update adds the command line argument '-..' to the Red\nHat Enterprise Linux 3 version of star. This allows star to extract\nfiles containing '/../' in their pathname.", "edition": 25, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : star on SL5.x, SL4.x, SL3.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4134"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20070904_STAR_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60249", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60249);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-4134\");\n\n script_name(english:\"Scientific Linux Security Update : star on SL5.x, SL4.x, SL3.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Scientific Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A path traversal flaw was discovered in the way star extracted\narchives. A malicious user could create a tar archive that would cause\nstar to write to arbitrary files to which the user running star had\nwrite access. (CVE-2007-4134)\n\nAs well, this update adds the command line argument '-..' to the Red\nHat Enterprise Linux 3 version of star. This allows star to extract\nfiles containing '/../' in their pathname.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0709&L=scientific-linux-errata&T=0&P=303\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0be98f80\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected star package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(22);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/09/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"star-1.5a08-5\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"star-1.5a25-8\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"star-1.5a75-2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:16", "bulletinFamily": "software", "cvelist": ["CVE-2002-0399", "CVE-2007-2012", "CVE-2007-2058", "CVE-2007-4131", "CVE-2001-1267", "CVE-2007-4134", "CVE-2007-1954"], "description": "Directory traversal and absolute path allow to overwrite any file during archive extraction.", "edition": 1, "modified": "2007-08-27T00:00:00", "published": "2007-08-27T00:00:00", "id": "SECURITYVULNS:VULN:1320", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:1320", "title": "Directory traversal and absolute path in multiple archivers", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}