CVE-2007-4131

Currently unrated

Key Information:

Vendor: Gnu
Status: Tar
Vendor: CVE Published:; 25 August 2007

Summary

Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.

References

http://www.securitytracker.com/id?1018599

vdb-entryx_refsource_SECTRACK

http://sunsolve.sun.com/search/document.do?assetkey=1-77-...

vendor-advisoryx_refsource_SUNALERT

http://support.avaya.com/elmodocs2/security/ASA-2007-383.htm

x_refsource_CONFIRM

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 25, 2007
Vulnerability Reserved
Aug 2, 2007