Directory Traversal Vulnerability in GNU tar
CVE-2007-4131

Currently unrated

Key Information:

Vendor

Gnu
Status
Tar
Vendor
CVE Published:
25 August 2007

What is CVE-2007-4131?

The vulnerability in GNU tar arises from improper handling of directory symlinks, enabling a user-assisted remote attacker to overwrite arbitrary files through crafted TAR archive inputs. The exploit leverages specific sequences of '//' followed by '..' to traverse directories, posing a serious threat to system integrity. Users of affected versions are urged to upgrade and implement preventative measures to mitigate risks associated with this vulnerability.

References

http://www.securitytracker.com/id?1018599
vdb-entryx_refsource_SECTRACK
http://sunsolve.sun.com/search/document.do?assetkey=1-77-...
vendor-advisoryx_refsource_SUNALERT
http://support.avaya.com/elmodocs2/security/ASA-2007-383.htm
x_refsource_CONFIRM

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.