Directory Traversal Vulnerability in Perl's Archive::Tar Module
CVE-2018-12015

7.5HIGH

Key Information:

Vendor: Canonical
Status: Ubuntu Linux
Vendor: CVE Published:; 7 June 2018

What is CVE-2018-12015?

The Archive::Tar module in Perl versions up to 5.26.2 has a vulnerability that allows attackers to exploit a directory traversal flaw. This vulnerability permits malicious actors to bypass the intended directory traversal protections. By crafting an archive that contains both a symlink and a regular file with the same name, an attacker can overwrite arbitrary files on the server. This capability poses significant security risks, enabling potential unauthorized access and manipulation of sensitive files within the affected systems.

References

http://www.securityfocus.com/bid/104423

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1041048

vdb-entryx_refsource_SECTRACK

https://www.debian.org/security/2018/dsa-4226

vendor-advisoryx_refsource_DEBIAN

EPSS Score

38% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 7, 2018
Vulnerability Reserved
Jun 7, 2018

Canonical

What is CVE-2018-12015?

References

EPSS Score

CVSS V3.1

Timeline