5 matches found
Fedora 7 : star-1.5a84-2.fc7 (2007-1852)
Mon Aug 27 2007 Peter Vrabec 1.5a84-2 - fix segfault of data-change-warn option 255261, patch from dkopecek at redhat.com - Fri Aug 24 2007 Peter Vrabec 1.5a84-1 - new upstream release with CVE-2007-4134 fix - Sun Jun 24 2007 Peter Vrabec 1.5a76-3 - build star on ARM platforms 245465 Note that...
RHEL 3 / 4 / 5 : star (RHSA-2007:0873)
An updated star package that fixes a path traversal flaw is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Star is a tar-like archiver. It saves multiple files into a single tape or disk archive, and can restore individual files...
CVE-2007-4134
Directory traversal vulnerability in extract.c in star before 1.5a84 allows user-assisted remote attackers to overwrite arbitrary files via certain //.. slash slash dot dot sequences in directory symlinks in a TAR archive...
CVE-2007-4134
CVE-2007-4134 affects the Star archiver. A directory traversal defect in extract.c (Star) before version 1.5a84 lets remote users craft tar archives containing //.. sequences in directory symlinks, enabling overwriting of arbitrary files on the host with the permissions of the user running Star. ...
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-4134. Reason: This candidate is a duplicate of CVE-2007-4134. Notes: All CVE users should reference CVE-2007-4134 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...