Vulnerabilites related to archive\ - \
cve-2018-12015
Vulnerability from cvelistv5
Published
2018-06-07 13:00
Modified
2024-08-05 08:24
Severity ?
EPSS score ?
Summary
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/104423 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1041048 | vdb-entry, x_refsource_SECTRACK | |
| https://www.debian.org/security/2018/dsa-4226 | vendor-advisory, x_refsource_DEBIAN | |
| https://usn.ubuntu.com/3684-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://usn.ubuntu.com/3684-2/ | vendor-advisory, x_refsource_UBUNTU | |
| https://seclists.org/bugtraq/2019/Mar/42 | mailing-list, x_refsource_BUGTRAQ | |
| http://seclists.org/fulldisclosure/2019/Mar/49 | mailing-list, x_refsource_FULLDISC | |
| https://access.redhat.com/errata/RHSA-2019:2097 | vendor-advisory, x_refsource_REDHAT | |
| https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC | |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900834 | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20180927-0001/ | x_refsource_CONFIRM | |
| https://support.apple.com/kb/HT209600 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:24:03.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104423",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104423"
},
{
"name": "1041048",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041048"
},
{
"name": "DSA-4226",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4226"
},
{
"name": "USN-3684-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3684-1/"
},
{
"name": "USN-3684-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3684-2/"
},
{
"name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Mar/42"
},
{
"name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Mar/49"
},
{
"name": "RHSA-2019:2097",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2097"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900834"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180927-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209600"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T02:22:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "104423",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104423"
},
{
"name": "1041048",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041048"
},
{
"name": "DSA-4226",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4226"
},
{
"name": "USN-3684-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3684-1/"
},
{
"name": "USN-3684-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3684-2/"
},
{
"name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Mar/42"
},
{
"name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Mar/49"
},
{
"name": "RHSA-2019:2097",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2097"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900834"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20180927-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT209600"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104423",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104423"
},
{
"name": "1041048",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041048"
},
{
"name": "DSA-4226",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4226"
},
{
"name": "USN-3684-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3684-1/"
},
{
"name": "USN-3684-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3684-2/"
},
{
"name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Mar/42"
},
{
"name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Mar/49"
},
{
"name": "RHSA-2019:2097",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2097"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900834",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900834"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180927-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180927-0001/"
},
{
"name": "https://support.apple.com/kb/HT209600",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT209600"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12015",
"datePublished": "2018-06-07T13:00:00",
"dateReserved": "2018-06-07T00:00:00",
"dateUpdated": "2024-08-05T08:24:03.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-4829
Vulnerability from cvelistv5
Published
2007-11-02 16:00
Modified
2024-08-07 15:08
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has ".." sequences.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:08:33.734Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33116",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33116"
},
{
"name": "oval:org.mitre.oval:def:11658",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11658"
},
{
"name": "perl-archivetar-directory-traversal(38285)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38285"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rt.cpan.org/Public/Bug/Display.html?id=29517"
},
{
"name": "ADV-2007-3755",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3755"
},
{
"name": "26355",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26355"
},
{
"name": "USN-700-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-700-1"
},
{
"name": "40410",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/40410"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1716"
},
{
"name": "27539",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27539"
},
{
"name": "33314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33314"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=295021"
},
{
"name": "USN-700-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-700-2"
},
{
"name": "GLSA-200812-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-10.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rt.cpan.org/Public/Bug/Display.html?id=30380"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has \"..\" sequences."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "33116",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33116"
},
{
"name": "oval:org.mitre.oval:def:11658",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11658"
},
{
"name": "perl-archivetar-directory-traversal(38285)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38285"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rt.cpan.org/Public/Bug/Display.html?id=29517"
},
{
"name": "ADV-2007-3755",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3755"
},
{
"name": "26355",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26355"
},
{
"name": "USN-700-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-700-1"
},
{
"name": "40410",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/40410"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1716"
},
{
"name": "27539",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27539"
},
{
"name": "33314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33314"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=295021"
},
{
"name": "USN-700-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-700-2"
},
{
"name": "GLSA-200812-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-10.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rt.cpan.org/Public/Bug/Display.html?id=30380"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2007-4829",
"datePublished": "2007-11-02T16:00:00",
"dateReserved": "2007-09-12T00:00:00",
"dateUpdated": "2024-08-07T15:08:33.734Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2018-06-07 13:29
Modified
2024-11-21 03:44
Severity ?
Summary
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 | |
| canonical | ubuntu_linux | 18.04 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| perl | perl | * | |
| archive\ | \ | tar_project | |
| apple | mac_os_x | * | |
| netapp | data_ontap_edge | - | |
| netapp | oncommand_workflow_automation | - | |
| netapp | snap_creator_framework | - | |
| netapp | snapdrive | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA33F373-89C1-4FAD-9B80-7B2BD4388162",
"versionEndIncluding": "5.26.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:archive\\:\\:tar_project:archive\\:\\:tar:*:*:*:*:*:perl:*:*",
"matchCriteriaId": "52784FCD-EC91-4EF7-998B-E28F95B99B7D",
"versionEndIncluding": "2.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09CDBB72-2A0D-4321-BA1F-4FB326A5646A",
"versionEndExcluding": "10.14.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0C4B1E5-75BF-43AE-BBAC-0DD4124C71ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F4754FB-E3EB-454A-AB1A-AE3835C5350C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*",
"matchCriteriaId": "61D7EF01-F618-497F-9375-8003CEA3D380",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name."
},
{
"lang": "es",
"value": "En Perl hasta la versi\u00f3n 5.26.2, el m\u00f3dulo Archive::Tar permite que atacantes remotos omitan un mecanismo de protecci\u00f3n de salto de directorio y sobrescriban archivos arbitrarios mediante un archivo comprimido que contiene un symlink y un archivo normal con el mismo nombre."
}
],
"id": "CVE-2018-12015",
"lastModified": "2024-11-21T03:44:24.850",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-07T13:29:00.240",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Mar/49"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104423"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041048"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:2097"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900834"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Mar/42"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20180927-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT209600"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3684-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3684-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4226"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Mar/49"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:2097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Mar/42"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20180927-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT209600"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3684-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3684-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4226"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-11-02 16:46
Modified
2024-11-21 00:36
Severity ?
Summary
Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has ".." sequences.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| archive\ | \ | tar_project | |
| canonical | ubuntu_linux | 6.06 | |
| canonical | ubuntu_linux | 7.10 | |
| canonical | ubuntu_linux | 8.04 | |
| canonical | ubuntu_linux | 8.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:archive\\:\\:tar_project:archive\\:\\:tar:*:*:*:*:*:perl:*:*",
"matchCriteriaId": "0662E689-46AB-4BFA-88E7-55A87B49E17F",
"versionEndIncluding": "1.36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
"matchCriteriaId": "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "823BF8BE-2309-4F67-A5E2-EAD98F723468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "C91D2DBF-6DA7-4BA2-9F29-8BD2725A4701",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has \"..\" sequences."
},
{
"lang": "es",
"value": "Una vulnerabilidad de salto de directorio en el m\u00f3dulo Archive::Tar Perl versiones 1.36 y anteriores, permite a atacantes remotos asistidos por el usuario sobrescribir archivos arbitrarios por medio de un archivo TAR que contiene un archivo cuyo nombre es una ruta (path) absoluta o presenta secuencias \"..\u201d"
}
],
"id": "CVE-2007-4829",
"lastModified": "2024-11-21T00:36:32.903",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-11-02T16:46:00.000",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/40410"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://rt.cpan.org/Public/Bug/Display.html?id=29517"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://rt.cpan.org/Public/Bug/Display.html?id=30380"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27539"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/33116"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/33314"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-10.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/26355"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-700-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-700-2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2007/3755"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=295021"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38285"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://issues.rpath.com/browse/RPL-1716"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/40410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://rt.cpan.org/Public/Bug/Display.html?id=29517"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://rt.cpan.org/Public/Bug/Display.html?id=30380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/33116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/33314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-10.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/26355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-700-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-700-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2007/3755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=295021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://issues.rpath.com/browse/RPL-1716"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11658"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}