SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Tar Vendors:   GNU [multiple authors]
GNU tar contains_dot_dot() Directory Traversal Bug Lets Remote Users Overwrite Files
SecurityTracker Alert ID:  1018599
SecurityTracker URL:  http://securitytracker.com/id/1018599
CVE Reference:   CVE-2007-4131   (Links to External Site)
Date:  Aug 23 2007
Impact:   Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in GNU tar. A remote user can cause files to be overwritten on the target user's system.

A remote user can create a specially crafted tar archive that, when extracted by the target user, will overwrite arbitrary files on the target user's system with the privileges of the target user.

The vulnerability resides in the contains_dot_dot() function and occurs in the processing of directory symlinks.

Dmitry V. Levin reported this vulnerability.

Impact:   A remote user can create a file that, when loaded by the target user, will overwrite files on the target user's system with the privileges of the target user.
Solution:   A source code fix is available via CVS.
Vendor URL:  www.gnu.org/software/tar (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Aug 23 2007 (Red Hat Issues Fix) GNU tar contains_dot_dot() Directory Traversal Bug Lets Remote Users Overwrite Files
Red Hat has released a fix for Red Hat Enterprise Linux 4 and 5.
Nov 29 2007 (FreeBSD Issues Fix) GNU tar contains_dot_dot() Directory Traversal Bug Lets Remote Users Overwrite Files
FreeBSD has released a fix.
Dec 4 2009 GNU tar contains_dot_dot() Directory Traversal Bug Lets Remote Users Overwrite Files
Sun has issued a fix for Solaris 10 and OpenSolaris.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC