FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gtar -- Directory traversal vulnerability

Affected packages
gtar < 1.18_1

Details

VuXML ID d944719e-42f4-4864-89ed-f045b541919f
Discovery 2007-08-23
Entry 2007-09-01

Red Hat reports:

A path traversal flaw was discovered in the way GNU tar extracted archives. A malicious user could create a tar archive that could write to arbitrary files to which the user running GNU tar had write access.

[source]

Red Hat credits Dmitry V. Levin for reporting the issue.

References

Bugtraq ID 25417
CVE Name CVE-2007-4131
URL http://rhn.redhat.com/errata/RHSA-2007-0860.html
URL https://bugzilla.redhat.com/show_bug.cgi?id=251921

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.