CVE-2007-4131

Dmitry V Levin discovered that tar did not correctly detect the “” file path element when unpacking archives If a user or an automated system were tricked into unpacking a specially crafted tar file, arbitrary files could be overwritten with user privileges ...

Debian Bug report logs - #441444 CVE-2007-4476 Buffer overflow in the safer_name_suffix function Package: tar; Maintainer for tar is Bdale Garbee <bdale@gagcom>; Source for tar is src:tar (PTS, buildd, popcon) Reported by: Nico Golde <nion@debianorg> Date: Sun, 9 Sep 2007 21:00:01 UTC Severity: normal Tags: patch ...

Debian Bug report logs - #439335 CVE-2007-4131: GNU tar Directory Traversal Vulnerability Package: tar; Maintainer for tar is Bdale Garbee <bdale@gagcom>; Source for tar is src:tar (PTS, buildd, popcon) Reported by: Luca Bruno <lucabr@unoit> Date: Fri, 24 Aug 2007 09:42:02 UTC Severity: important Tags: patch, sec ...

Several vulnerabilities have been discovered in GNU Tar The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-4131 A directory traversal vulnerability enables attackers using specially crafted archives to extract contents outside the directory tree created by tar CVE-2007-4476 ...