CPANSA-Archive-Tar-2007-4829: Archive-Tar vulnerability
| Publisher | giterlizzi | Document category | csaf_security_advisory |
|---|---|---|---|
| Initial release date | 2007-11-02T00:00:00 | Engine | CSAF Perl Toolkit 0.25 |
| Current release date | 2007-11-02T00:00:00 | Build Date | |
| Current version | 1 | Status | final |
| CVSS v3.1 Base Score | Severity | ||
| Original language | Language | en | |
| Also referred to | |||
Vulnerability Description
Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has ".." sequences.
Vulnerabilities
CVE-2007-4829
Vulnerability DescriptionDirectory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has ".." sequences.
| Weakness | CWE-22 : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
|---|
Product status
Known affected
| Product | Score | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Archive-Tar less than or equal 1.36 |
|
Fixed
- Archive-Tar greater than 1.36
giterlizzi
Namespace: https://github.com/giterlizzi/
gdt@cpan.org
References
- CPANSA-Archive-Tar-2007-4829 JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2007/cpansa-archive-tar-2007-4829.json - http://rt.cpan.org/Public/Bug/Display.html?id=29517 external
http://rt.cpan.org/Public/Bug/Display.html?id=29517 - https://bugzilla.redhat.com/show_bug.cgi?id=295021 external
https://bugzilla.redhat.com/show_bug.cgi?id=295021 - http://rt.cpan.org/Public/Bug/Display.html?id=30380 external
http://rt.cpan.org/Public/Bug/Display.html?id=30380 - https://issues.rpath.com/browse/RPL-1716 external
https://issues.rpath.com/browse/RPL-1716 - http://www.securityfocus.com/bid/26355 external
http://www.securityfocus.com/bid/26355 - http://secunia.com/advisories/27539 external
http://secunia.com/advisories/27539 - http://osvdb.org/40410 external
http://osvdb.org/40410 - http://www.ubuntu.com/usn/usn-700-1 external
http://www.ubuntu.com/usn/usn-700-1 - http://secunia.com/advisories/33314 external
http://secunia.com/advisories/33314 - http://www.ubuntu.com/usn/usn-700-2 external
http://www.ubuntu.com/usn/usn-700-2 - http://www.gentoo.org/security/en/glsa/glsa-200812-10.xml external
http://www.gentoo.org/security/en/glsa/glsa-200812-10.xml - http://secunia.com/advisories/33116 external
http://secunia.com/advisories/33116 - http://www.vupen.com/english/advisories/2007/3755 external
http://www.vupen.com/english/advisories/2007/3755 - https://exchange.xforce.ibmcloud.com/vulnerabilities/38285 external
https://exchange.xforce.ibmcloud.com/vulnerabilities/38285 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11658 external
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11658 - CVE-2007-4829 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2007-4829
Revision history
| Version | Date of the revision | Summary of the revision |
|---|---|---|
| 1 | Fri Nov 2 00:00:00 2007 | First release |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/