Directory Traversal Vulnerability in GNU tar
CVE-2007-4131

Currently unrated

Key Information:

Vendor: Gnu
Status: Tar
Vendor: CVE Published:; 25 August 2007

Summary

The vulnerability in GNU tar arises from improper handling of directory symlinks, enabling a user-assisted remote attacker to overwrite arbitrary files through crafted TAR archive inputs. The exploit leverages specific sequences of '//' followed by '..' to traverse directories, posing a serious threat to system integrity. Users of affected versions are urged to upgrade and implement preventative measures to mitigate risks associated with this vulnerability.

References

http://www.securitytracker.com/id?1018599

vdb-entryx_refsource_SECTRACK

http://sunsolve.sun.com/search/document.do?assetkey=1-77-...

vendor-advisoryx_refsource_SUNALERT

http://support.avaya.com/elmodocs2/security/ASA-2007-383.htm

x_refsource_CONFIRM

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 25, 2007
Vulnerability Reserved
Aug 2, 2007