CVE-2007-4829

Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has ".." sequences.
References
Link Resource
http://osvdb.org/40410 Broken Link
http://rt.cpan.org/Public/Bug/Display.html?id=29517 Mailing List Third Party Advisory
http://rt.cpan.org/Public/Bug/Display.html?id=30380 Mailing List Third Party Advisory
http://secunia.com/advisories/27539 Third Party Advisory
http://secunia.com/advisories/33116 Third Party Advisory
http://secunia.com/advisories/33314 Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200812-10.xml Third Party Advisory
http://www.securityfocus.com/bid/26355 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-700-1 Third Party Advisory
http://www.ubuntu.com/usn/usn-700-2 Third Party Advisory
http://www.vupen.com/english/advisories/2007/3755 Permissions Required
https://bugzilla.redhat.com/show_bug.cgi?id=295021 Issue Tracking Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/38285 Third Party Advisory VDB Entry
https://issues.rpath.com/browse/RPL-1716 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11658 Third Party Advisory
http://osvdb.org/40410 Broken Link
http://rt.cpan.org/Public/Bug/Display.html?id=29517 Mailing List Third Party Advisory
http://rt.cpan.org/Public/Bug/Display.html?id=30380 Mailing List Third Party Advisory
http://secunia.com/advisories/27539 Third Party Advisory
http://secunia.com/advisories/33116 Third Party Advisory
http://secunia.com/advisories/33314 Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200812-10.xml Third Party Advisory
http://www.securityfocus.com/bid/26355 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-700-1 Third Party Advisory
http://www.ubuntu.com/usn/usn-700-2 Third Party Advisory
http://www.vupen.com/english/advisories/2007/3755 Permissions Required
https://bugzilla.redhat.com/show_bug.cgi?id=295021 Issue Tracking Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/38285 Third Party Advisory VDB Entry
https://issues.rpath.com/browse/RPL-1716 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11658 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:archive\:\:tar_project:archive\:\:tar:*:*:*:*:*:perl:*:*

Configuration 2 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*

History

21 Nov 2024, 00:36

Type Values Removed Values Added
References () http://osvdb.org/40410 - Broken Link () http://osvdb.org/40410 - Broken Link
References () http://rt.cpan.org/Public/Bug/Display.html?id=29517 - Mailing List, Third Party Advisory () http://rt.cpan.org/Public/Bug/Display.html?id=29517 - Mailing List, Third Party Advisory
References () http://rt.cpan.org/Public/Bug/Display.html?id=30380 - Mailing List, Third Party Advisory () http://rt.cpan.org/Public/Bug/Display.html?id=30380 - Mailing List, Third Party Advisory
References () http://secunia.com/advisories/27539 - Third Party Advisory () http://secunia.com/advisories/27539 - Third Party Advisory
References () http://secunia.com/advisories/33116 - Third Party Advisory () http://secunia.com/advisories/33116 - Third Party Advisory
References () http://secunia.com/advisories/33314 - Third Party Advisory () http://secunia.com/advisories/33314 - Third Party Advisory
References () http://www.gentoo.org/security/en/glsa/glsa-200812-10.xml - Third Party Advisory () http://www.gentoo.org/security/en/glsa/glsa-200812-10.xml - Third Party Advisory
References () http://www.securityfocus.com/bid/26355 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/26355 - Third Party Advisory, VDB Entry
References () http://www.ubuntu.com/usn/usn-700-1 - Third Party Advisory () http://www.ubuntu.com/usn/usn-700-1 - Third Party Advisory
References () http://www.ubuntu.com/usn/usn-700-2 - Third Party Advisory () http://www.ubuntu.com/usn/usn-700-2 - Third Party Advisory
References () http://www.vupen.com/english/advisories/2007/3755 - Permissions Required () http://www.vupen.com/english/advisories/2007/3755 - Permissions Required
References () https://bugzilla.redhat.com/show_bug.cgi?id=295021 - Issue Tracking, Third Party Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=295021 - Issue Tracking, Third Party Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/38285 - Third Party Advisory, VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/38285 - Third Party Advisory, VDB Entry
References () https://issues.rpath.com/browse/RPL-1716 - Broken Link () https://issues.rpath.com/browse/RPL-1716 - Broken Link
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11658 - Third Party Advisory () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11658 - Third Party Advisory

Information

Published : 2007-11-02 16:46

Updated : 2024-11-21 00:36


NVD link : CVE-2007-4829

Mitre link : CVE-2007-4829

CVE.ORG link : CVE-2007-4829


JSON object : View

Products Affected

archive\

  • \

canonical

  • ubuntu_linux
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')