Published: 02/11/2007 Updated: 08/08/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and previous versions allows user-assisted remote malicious users to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has ".." sequences.

Vulnerable Product	Search on Vulmon	Subscribe to Product
archive\\ \\ tar_project
canonical ubuntu linux 8.04
canonical ubuntu linux 6.06
canonical ubuntu linux 8.10
canonical ubuntu linux 7.10

Debian Bug report logs - #449544 CVE-2007-4829 directory traversal vulnerability Package: libarchive-tar-perl; Maintainer for libarchive-tar-perl is (unknown); Reported by: Nico Golde <nion@debianorg> Date: Tue, 6 Nov 2007 14:15:01 UTC Severity: important Tags: security Fixed in version libarchive-tar-perl/138-1 Done: ...

Jonathan Smith discovered that the Archive::Tar Perl module did not correctly handle symlinks when extracting archives If a user or automated system were tricked into opening a specially crafted tar file, a remote attacker could over-write arbitrary files (CVE-2007-4829) ...

USN-700-1 fixed vulnerabilities in Perl Due to problems with the Ubuntu 804 build, some Perl ph files were missing from the resulting update This update fixes the problem We apologize for the inconvenience ...

CWE-22 http://rt.cpan.org/Public/Bug/Display.html?id=29517 https://bugzilla.redhat.com/show_bug.cgi?id=295021 http://rt.cpan.org/Public/Bug/Display.html?id=30380 https://issues.rpath.com/browse/RPL-1716 http://www.securityfocus.com/bid/26355 http://secunia.com/advisories/27539 http://osvdb.org/40410 http://www.ubuntu.com/usn/usn-700-1 http://secunia.com/advisories/33314 http://www.ubuntu.com/usn/usn-700-2 http://www.gentoo.org/security/en/glsa/glsa-200812-10.xml http://secunia.com/advisories/33116 http://www.vupen.com/english/advisories/2007/3755 https://exchange.xforce.ibmcloud.com/vulnerabilities/38285 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11658 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449544 https://nvd.nist.gov https://usn.ubuntu.com/700-1/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-4829

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect