cvelistv5 - CVE-2007-4829

CVE-2007-4829 (GCVE-0-2007-4829)

Vulnerability from cvelistv5 – Published: 2007-11-02 16:00 – Updated: 2024-08-07 15:08

Summary

Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has ".." sequences.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://secunia.com/advisories/33116	third-party-advisoryx_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://rt.cpan.org/Public/Bug/Display.html?id=29517	x_refsource_MISC
	http://www.vupen.com/english/advisories/2007/3755	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/bid/26355	vdb-entryx_refsource_BID
	http://www.ubuntu.com/usn/usn-700-1	vendor-advisoryx_refsource_UBUNTU
	http://osvdb.org/40410	vdb-entryx_refsource_OSVDB
	https://issues.rpath.com/browse/RPL-1716	x_refsource_CONFIRM
	http://secunia.com/advisories/27539	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/33314	third-party-advisoryx_refsource_SECUNIA
	https://bugzilla.redhat.com/show_bug.cgi?id=295021	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/usn-700-2	vendor-advisoryx_refsource_UBUNTU
	http://www.gentoo.org/security/en/glsa/glsa-20081…	vendor-advisoryx_refsource_GENTOO
	http://rt.cpan.org/Public/Bug/Display.html?id=30380	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:08:33.734Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "33116",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33116"
          },
          {
            "name": "oval:org.mitre.oval:def:11658",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11658"
          },
          {
            "name": "perl-archivetar-directory-traversal(38285)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38285"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://rt.cpan.org/Public/Bug/Display.html?id=29517"
          },
          {
            "name": "ADV-2007-3755",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3755"
          },
          {
            "name": "26355",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26355"
          },
          {
            "name": "USN-700-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-700-1"
          },
          {
            "name": "40410",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/40410"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-1716"
          },
          {
            "name": "27539",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27539"
          },
          {
            "name": "33314",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33314"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=295021"
          },
          {
            "name": "USN-700-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-700-2"
          },
          {
            "name": "GLSA-200812-10",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200812-10.xml"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://rt.cpan.org/Public/Bug/Display.html?id=30380"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-09-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has \"..\" sequences."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "33116",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33116"
        },
        {
          "name": "oval:org.mitre.oval:def:11658",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11658"
        },
        {
          "name": "perl-archivetar-directory-traversal(38285)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38285"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://rt.cpan.org/Public/Bug/Display.html?id=29517"
        },
        {
          "name": "ADV-2007-3755",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3755"
        },
        {
          "name": "26355",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26355"
        },
        {
          "name": "USN-700-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-700-1"
        },
        {
          "name": "40410",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/40410"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-1716"
        },
        {
          "name": "27539",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27539"
        },
        {
          "name": "33314",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33314"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=295021"
        },
        {
          "name": "USN-700-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-700-2"
        },
        {
          "name": "GLSA-200812-10",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200812-10.xml"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://rt.cpan.org/Public/Bug/Display.html?id=30380"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2007-4829",
    "datePublished": "2007-11-02T16:00:00",
    "dateReserved": "2007-09-12T00:00:00",
    "dateUpdated": "2024-08-07T15:08:33.734Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:archive\\\\:\\\\:tar_project:archive\\\\:\\\\:tar:*:*:*:*:*:perl:*:*\", \"versionEndIncluding\": \"1.36\", \"matchCriteriaId\": \"0662E689-46AB-4BFA-88E7-55A87B49E17F\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"823BF8BE-2309-4F67-A5E2-EAD98F723468\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"C91D2DBF-6DA7-4BA2-9F29-8BD2725A4701\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4747CC68-FAF4-482F-929A-9DA6C24CB663\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has \\\"..\\\" sequences.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de salto de directorio en el m\\u00f3dulo Archive::Tar Perl versiones 1.36 y anteriores, permite a atacantes remotos asistidos por el usuario sobrescribir archivos arbitrarios por medio de un archivo TAR que contiene un archivo cuyo nombre es una ruta (path) absoluta o presenta secuencias \\\"..\\u201d\"}]",
      "id": "CVE-2007-4829",
      "lastModified": "2024-11-21T00:36:32.903",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": true, \"userInteractionRequired\": true}]}",
      "published": "2007-11-02T16:46:00.000",
      "references": "[{\"url\": \"http://osvdb.org/40410\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://rt.cpan.org/Public/Bug/Display.html?id=29517\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://rt.cpan.org/Public/Bug/Display.html?id=30380\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27539\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/33116\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/33314\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.gentoo.org/security/en/glsa/glsa-200812-10.xml\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/26355\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.ubuntu.com/usn/usn-700-1\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.ubuntu.com/usn/usn-700-2\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/3755\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=295021\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/38285\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://issues.rpath.com/browse/RPL-1716\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11658\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://osvdb.org/40410\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://rt.cpan.org/Public/Bug/Display.html?id=29517\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://rt.cpan.org/Public/Bug/Display.html?id=30380\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27539\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/33116\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/33314\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.gentoo.org/security/en/glsa/glsa-200812-10.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/26355\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.ubuntu.com/usn/usn-700-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.ubuntu.com/usn/usn-700-2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/3755\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=295021\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/38285\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://issues.rpath.com/browse/RPL-1716\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11658\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-4829\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2007-11-02T16:46:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has \\\"..\\\" sequences.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de salto de directorio en el m\u00f3dulo Archive::Tar Perl versiones 1.36 y anteriores, permite a atacantes remotos asistidos por el usuario sobrescribir archivos arbitrarios por medio de un archivo TAR que contiene un archivo cuyo nombre es una ruta (path) absoluta o presenta secuencias \\\"..\u201d\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:archive\\\\:\\\\:tar_project:archive\\\\:\\\\:tar:*:*:*:*:*:perl:*:*\",\"versionEndIncluding\":\"1.36\",\"matchCriteriaId\":\"0662E689-46AB-4BFA-88E7-55A87B49E17F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"823BF8BE-2309-4F67-A5E2-EAD98F723468\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"C91D2DBF-6DA7-4BA2-9F29-8BD2725A4701\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4747CC68-FAF4-482F-929A-9DA6C24CB663\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/40410\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://rt.cpan.org/Public/Bug/Display.html?id=29517\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://rt.cpan.org/Public/Bug/Display.html?id=30380\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/27539\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/33116\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/33314\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200812-10.xml\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/26355\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/usn-700-1\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/usn-700-2\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/3755\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=295021\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/38285\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://issues.rpath.com/browse/RPL-1716\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11658\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://osvdb.org/40410\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://rt.cpan.org/Public/Bug/Display.html?id=29517\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://rt.cpan.org/Public/Bug/Display.html?id=30380\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/27539\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/33116\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/33314\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200812-10.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/26355\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/usn-700-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/usn-700-2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/3755\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=295021\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/38285\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://issues.rpath.com/browse/RPL-1716\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11658\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

GSD-2007-4829

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-4829

Aliases

CVE-2007-4829

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-4829",
    "description": "Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has \"..\" sequences.",
    "id": "GSD-2007-4829",
    "references": [
      "https://www.suse.com/security/cve/CVE-2007-4829.html",
      "https://access.redhat.com/errata/RHSA-2010:0505",
      "https://linux.oracle.com/cve/CVE-2007-4829.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-4829"
      ],
      "details": "Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has \"..\" sequences.",
      "id": "GSD-2007-4829",
      "modified": "2023-12-13T01:21:36.514054Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2007-4829",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has \"..\" sequences."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://osvdb.org/40410",
            "refsource": "MISC",
            "url": "http://osvdb.org/40410"
          },
          {
            "name": "http://rt.cpan.org/Public/Bug/Display.html?id=29517",
            "refsource": "MISC",
            "url": "http://rt.cpan.org/Public/Bug/Display.html?id=29517"
          },
          {
            "name": "http://rt.cpan.org/Public/Bug/Display.html?id=30380",
            "refsource": "MISC",
            "url": "http://rt.cpan.org/Public/Bug/Display.html?id=30380"
          },
          {
            "name": "http://secunia.com/advisories/27539",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/27539"
          },
          {
            "name": "http://secunia.com/advisories/33116",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/33116"
          },
          {
            "name": "http://secunia.com/advisories/33314",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/33314"
          },
          {
            "name": "http://www.gentoo.org/security/en/glsa/glsa-200812-10.xml",
            "refsource": "MISC",
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200812-10.xml"
          },
          {
            "name": "http://www.securityfocus.com/bid/26355",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/26355"
          },
          {
            "name": "http://www.ubuntu.com/usn/usn-700-1",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/usn-700-1"
          },
          {
            "name": "http://www.ubuntu.com/usn/usn-700-2",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/usn-700-2"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2007/3755",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2007/3755"
          },
          {
            "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38285",
            "refsource": "MISC",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38285"
          },
          {
            "name": "https://issues.rpath.com/browse/RPL-1716",
            "refsource": "MISC",
            "url": "https://issues.rpath.com/browse/RPL-1716"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11658",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11658"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=295021",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=295021"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:archive\\:\\:tar_project:archive\\:\\:tar:*:*:*:*:*:perl:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.36",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2007-4829"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has \"..\" sequences."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://rt.cpan.org/Public/Bug/Display.html?id=29517",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://rt.cpan.org/Public/Bug/Display.html?id=29517"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=295021",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Third Party Advisory"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=295021"
            },
            {
              "name": "http://rt.cpan.org/Public/Bug/Display.html?id=30380",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://rt.cpan.org/Public/Bug/Display.html?id=30380"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-1716",
              "refsource": "CONFIRM",
              "tags": [
                "Broken Link"
              ],
              "url": "https://issues.rpath.com/browse/RPL-1716"
            },
            {
              "name": "26355",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/26355"
            },
            {
              "name": "27539",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/27539"
            },
            {
              "name": "40410",
              "refsource": "OSVDB",
              "tags": [
                "Broken Link"
              ],
              "url": "http://osvdb.org/40410"
            },
            {
              "name": "USN-700-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.ubuntu.com/usn/usn-700-1"
            },
            {
              "name": "33314",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/33314"
            },
            {
              "name": "USN-700-2",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.ubuntu.com/usn/usn-700-2"
            },
            {
              "name": "GLSA-200812-10",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200812-10.xml"
            },
            {
              "name": "33116",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/33116"
            },
            {
              "name": "ADV-2007-3755",
              "refsource": "VUPEN",
              "tags": [
                "Permissions Required"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/3755"
            },
            {
              "name": "perl-archivetar-directory-traversal(38285)",
              "refsource": "XF",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38285"
            },
            {
              "name": "oval:org.mitre.oval:def:11658",
              "refsource": "OVAL",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11658"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-08-08T13:48Z",
      "publishedDate": "2007-11-02T16:46Z"
    }
  }
}

RHSA-2010:0505

Vulnerability from csaf_redhat - Published: 2010-07-01 18:43 - Updated: 2025-11-21 17:36

Summary

Red Hat Security Advisory: perl-Archive-Tar security update

Notes

Topic

An updated perl-Archive-Tar package that fixes multiple security issues is now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

Details

The Archive::Tar module provides a mechanism for Perl scripts to manipulate tar archive files. Multiple directory traversal flaws were discovered in the Archive::Tar module. A specially-crafted tar file could cause a Perl script, using the Archive::Tar module to extract the archive, to overwrite an arbitrary file writable by the user running the script. (CVE-2007-4829) This package upgrades the Archive::Tar module to version 1.39_01. Refer to the Archive::Tar module's changes file, linked to in the References, for a full list of changes. Users of perl-Archive-Tar are advised to upgrade to this updated package, which corrects these issues. All applications using the Archive::Tar module must be restarted for this update to take effect.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated perl-Archive-Tar package that fixes multiple security issues is\nnow available for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The Archive::Tar module provides a mechanism for Perl scripts to manipulate\ntar archive files.\n\nMultiple directory traversal flaws were discovered in the Archive::Tar\nmodule. A specially-crafted tar file could cause a Perl script, using the\nArchive::Tar module to extract the archive, to overwrite an arbitrary file\nwritable by the user running the script. (CVE-2007-4829)\n\nThis package upgrades the Archive::Tar module to version 1.39_01. Refer to\nthe Archive::Tar module\u0027s changes file, linked to in the References, for a\nfull list of changes.\n\nUsers of perl-Archive-Tar are advised to upgrade to this updated package,\nwhich corrects these issues. All applications using the Archive::Tar module\nmust be restarted for this update to take effect.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2010:0505",
        "url": "https://access.redhat.com/errata/RHSA-2010:0505"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "http://cpansearch.perl.org/src/KANE/Archive-Tar-1.39_01/CHANGES",
        "url": "http://cpansearch.perl.org/src/KANE/Archive-Tar-1.39_01/CHANGES"
      },
      {
        "category": "external",
        "summary": "295021",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=295021"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0505.json"
      }
    ],
    "title": "Red Hat Security Advisory: perl-Archive-Tar security update",
    "tracking": {
      "current_release_date": "2025-11-21T17:36:19+00:00",
      "generator": {
        "date": "2025-11-21T17:36:19+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2010:0505",
      "initial_release_date": "2010-07-01T18:43:00+00:00",
      "revision_history": [
        {
          "date": "2010-07-01T18:43:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2010-07-01T14:58:18+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:36:19+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                  "product_id": "5Client",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux (v. 5 server)",
                "product": {
                  "name": "Red Hat Enterprise Linux (v. 5 server)",
                  "product_id": "5Server",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 4",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 4",
                  "product_id": "4AS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:4::as"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop version 4",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop version 4",
                  "product_id": "4Desktop",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:4::desktop"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 4",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 4",
                  "product_id": "4ES",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:4::es"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 4",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 4",
                  "product_id": "4WS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:4::ws"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "perl-Archive-Tar-1:1.39.1-1.el5_5.1.src",
                "product": {
                  "name": "perl-Archive-Tar-1:1.39.1-1.el5_5.1.src",
                  "product_id": "perl-Archive-Tar-1:1.39.1-1.el5_5.1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-Archive-Tar@1.39.1-1.el5_5.1?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "perl-Archive-Tar-0:1.39.1-1.el4_8.1.src",
                "product": {
                  "name": "perl-Archive-Tar-0:1.39.1-1.el4_8.1.src",
                  "product_id": "perl-Archive-Tar-0:1.39.1-1.el4_8.1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-Archive-Tar@1.39.1-1.el4_8.1?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "perl-Archive-Tar-1:1.39.1-1.el5_5.1.noarch",
                "product": {
                  "name": "perl-Archive-Tar-1:1.39.1-1.el5_5.1.noarch",
                  "product_id": "perl-Archive-Tar-1:1.39.1-1.el5_5.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-Archive-Tar@1.39.1-1.el5_5.1?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch",
                "product": {
                  "name": "perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch",
                  "product_id": "perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-Archive-Tar@1.39.1-1.el4_8.1?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch as a component of Red Hat Enterprise Linux AS version 4",
          "product_id": "4AS:perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch"
        },
        "product_reference": "perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch",
        "relates_to_product_reference": "4AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-Archive-Tar-0:1.39.1-1.el4_8.1.src as a component of Red Hat Enterprise Linux AS version 4",
          "product_id": "4AS:perl-Archive-Tar-0:1.39.1-1.el4_8.1.src"
        },
        "product_reference": "perl-Archive-Tar-0:1.39.1-1.el4_8.1.src",
        "relates_to_product_reference": "4AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch as a component of Red Hat Enterprise Linux Desktop version 4",
          "product_id": "4Desktop:perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch"
        },
        "product_reference": "perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch",
        "relates_to_product_reference": "4Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-Archive-Tar-0:1.39.1-1.el4_8.1.src as a component of Red Hat Enterprise Linux Desktop version 4",
          "product_id": "4Desktop:perl-Archive-Tar-0:1.39.1-1.el4_8.1.src"
        },
        "product_reference": "perl-Archive-Tar-0:1.39.1-1.el4_8.1.src",
        "relates_to_product_reference": "4Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch as a component of Red Hat Enterprise Linux ES version 4",
          "product_id": "4ES:perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch"
        },
        "product_reference": "perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch",
        "relates_to_product_reference": "4ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-Archive-Tar-0:1.39.1-1.el4_8.1.src as a component of Red Hat Enterprise Linux ES version 4",
          "product_id": "4ES:perl-Archive-Tar-0:1.39.1-1.el4_8.1.src"
        },
        "product_reference": "perl-Archive-Tar-0:1.39.1-1.el4_8.1.src",
        "relates_to_product_reference": "4ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch as a component of Red Hat Enterprise Linux WS version 4",
          "product_id": "4WS:perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch"
        },
        "product_reference": "perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch",
        "relates_to_product_reference": "4WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-Archive-Tar-0:1.39.1-1.el4_8.1.src as a component of Red Hat Enterprise Linux WS version 4",
          "product_id": "4WS:perl-Archive-Tar-0:1.39.1-1.el4_8.1.src"
        },
        "product_reference": "perl-Archive-Tar-0:1.39.1-1.el4_8.1.src",
        "relates_to_product_reference": "4WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-Archive-Tar-1:1.39.1-1.el5_5.1.noarch as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:perl-Archive-Tar-1:1.39.1-1.el5_5.1.noarch"
        },
        "product_reference": "perl-Archive-Tar-1:1.39.1-1.el5_5.1.noarch",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-Archive-Tar-1:1.39.1-1.el5_5.1.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:perl-Archive-Tar-1:1.39.1-1.el5_5.1.src"
        },
        "product_reference": "perl-Archive-Tar-1:1.39.1-1.el5_5.1.src",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-Archive-Tar-1:1.39.1-1.el5_5.1.noarch as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:perl-Archive-Tar-1:1.39.1-1.el5_5.1.noarch"
        },
        "product_reference": "perl-Archive-Tar-1:1.39.1-1.el5_5.1.noarch",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-Archive-Tar-1:1.39.1-1.el5_5.1.src as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:perl-Archive-Tar-1:1.39.1-1.el5_5.1.src"
        },
        "product_reference": "perl-Archive-Tar-1:1.39.1-1.el5_5.1.src",
        "relates_to_product_reference": "5Server"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2007-4829",
      "discovery_date": "2007-08-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "295021"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has \"..\" sequences.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "perl-Archive-Tar directory traversal flaws",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-4829\n\nThe Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:\nhttps://access.redhat.com/security/updates/classification/",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS:perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch",
          "4AS:perl-Archive-Tar-0:1.39.1-1.el4_8.1.src",
          "4Desktop:perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch",
          "4Desktop:perl-Archive-Tar-0:1.39.1-1.el4_8.1.src",
          "4ES:perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch",
          "4ES:perl-Archive-Tar-0:1.39.1-1.el4_8.1.src",
          "4WS:perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch",
          "4WS:perl-Archive-Tar-0:1.39.1-1.el4_8.1.src",
          "5Client:perl-Archive-Tar-1:1.39.1-1.el5_5.1.noarch",
          "5Client:perl-Archive-Tar-1:1.39.1-1.el5_5.1.src",
          "5Server:perl-Archive-Tar-1:1.39.1-1.el5_5.1.noarch",
          "5Server:perl-Archive-Tar-1:1.39.1-1.el5_5.1.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-4829"
        },
        {
          "category": "external",
          "summary": "RHBZ#295021",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=295021"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-4829",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-4829"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-4829",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4829"
        }
      ],
      "release_date": "2007-08-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-07-01T18:43:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS:perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch",
            "4AS:perl-Archive-Tar-0:1.39.1-1.el4_8.1.src",
            "4Desktop:perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch",
            "4Desktop:perl-Archive-Tar-0:1.39.1-1.el4_8.1.src",
            "4ES:perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch",
            "4ES:perl-Archive-Tar-0:1.39.1-1.el4_8.1.src",
            "4WS:perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch",
            "4WS:perl-Archive-Tar-0:1.39.1-1.el4_8.1.src",
            "5Client:perl-Archive-Tar-1:1.39.1-1.el5_5.1.noarch",
            "5Client:perl-Archive-Tar-1:1.39.1-1.el5_5.1.src",
            "5Server:perl-Archive-Tar-1:1.39.1-1.el5_5.1.noarch",
            "5Server:perl-Archive-Tar-1:1.39.1-1.el5_5.1.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0505"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "4AS:perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch",
            "4AS:perl-Archive-Tar-0:1.39.1-1.el4_8.1.src",
            "4Desktop:perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch",
            "4Desktop:perl-Archive-Tar-0:1.39.1-1.el4_8.1.src",
            "4ES:perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch",
            "4ES:perl-Archive-Tar-0:1.39.1-1.el4_8.1.src",
            "4WS:perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch",
            "4WS:perl-Archive-Tar-0:1.39.1-1.el4_8.1.src",
            "5Client:perl-Archive-Tar-1:1.39.1-1.el5_5.1.noarch",
            "5Client:perl-Archive-Tar-1:1.39.1-1.el5_5.1.src",
            "5Server:perl-Archive-Tar-1:1.39.1-1.el5_5.1.noarch",
            "5Server:perl-Archive-Tar-1:1.39.1-1.el5_5.1.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "perl-Archive-Tar directory traversal flaws"
    }
  ]
}

RHSA-2010_0505

Vulnerability from csaf_redhat - Published: 2010-07-01 18:43 - Updated: 2024-11-22 03:25

Summary

Red Hat Security Advisory: perl-Archive-Tar security update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated perl-Archive-Tar package that fixes multiple security issues is\nnow available for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The Archive::Tar module provides a mechanism for Perl scripts to manipulate\ntar archive files.\n\nMultiple directory traversal flaws were discovered in the Archive::Tar\nmodule. A specially-crafted tar file could cause a Perl script, using the\nArchive::Tar module to extract the archive, to overwrite an arbitrary file\nwritable by the user running the script. (CVE-2007-4829)\n\nThis package upgrades the Archive::Tar module to version 1.39_01. Refer to\nthe Archive::Tar module\u0027s changes file, linked to in the References, for a\nfull list of changes.\n\nUsers of perl-Archive-Tar are advised to upgrade to this updated package,\nwhich corrects these issues. All applications using the Archive::Tar module\nmust be restarted for this update to take effect.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2010:0505",
        "url": "https://access.redhat.com/errata/RHSA-2010:0505"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "http://cpansearch.perl.org/src/KANE/Archive-Tar-1.39_01/CHANGES",
        "url": "http://cpansearch.perl.org/src/KANE/Archive-Tar-1.39_01/CHANGES"
      },
      {
        "category": "external",
        "summary": "295021",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=295021"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0505.json"
      }
    ],
    "title": "Red Hat Security Advisory: perl-Archive-Tar security update",
    "tracking": {
      "current_release_date": "2024-11-22T03:25:50+00:00",
      "generator": {
        "date": "2024-11-22T03:25:50+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2010:0505",
      "initial_release_date": "2010-07-01T18:43:00+00:00",
      "revision_history": [
        {
          "date": "2010-07-01T18:43:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2010-07-01T14:58:18+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T03:25:50+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                  "product_id": "5Client",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux (v. 5 server)",
                "product": {
                  "name": "Red Hat Enterprise Linux (v. 5 server)",
                  "product_id": "5Server",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 4",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 4",
                  "product_id": "4AS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:4::as"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop version 4",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop version 4",
                  "product_id": "4Desktop",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:4::desktop"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 4",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 4",
                  "product_id": "4ES",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:4::es"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 4",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 4",
                  "product_id": "4WS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:4::ws"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "perl-Archive-Tar-1:1.39.1-1.el5_5.1.src",
                "product": {
                  "name": "perl-Archive-Tar-1:1.39.1-1.el5_5.1.src",
                  "product_id": "perl-Archive-Tar-1:1.39.1-1.el5_5.1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-Archive-Tar@1.39.1-1.el5_5.1?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "perl-Archive-Tar-0:1.39.1-1.el4_8.1.src",
                "product": {
                  "name": "perl-Archive-Tar-0:1.39.1-1.el4_8.1.src",
                  "product_id": "perl-Archive-Tar-0:1.39.1-1.el4_8.1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-Archive-Tar@1.39.1-1.el4_8.1?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "perl-Archive-Tar-1:1.39.1-1.el5_5.1.noarch",
                "product": {
                  "name": "perl-Archive-Tar-1:1.39.1-1.el5_5.1.noarch",
                  "product_id": "perl-Archive-Tar-1:1.39.1-1.el5_5.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-Archive-Tar@1.39.1-1.el5_5.1?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch",
                "product": {
                  "name": "perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch",
                  "product_id": "perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-Archive-Tar@1.39.1-1.el4_8.1?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch as a component of Red Hat Enterprise Linux AS version 4",
          "product_id": "4AS:perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch"
        },
        "product_reference": "perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch",
        "relates_to_product_reference": "4AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-Archive-Tar-0:1.39.1-1.el4_8.1.src as a component of Red Hat Enterprise Linux AS version 4",
          "product_id": "4AS:perl-Archive-Tar-0:1.39.1-1.el4_8.1.src"
        },
        "product_reference": "perl-Archive-Tar-0:1.39.1-1.el4_8.1.src",
        "relates_to_product_reference": "4AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch as a component of Red Hat Enterprise Linux Desktop version 4",
          "product_id": "4Desktop:perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch"
        },
        "product_reference": "perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch",
        "relates_to_product_reference": "4Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-Archive-Tar-0:1.39.1-1.el4_8.1.src as a component of Red Hat Enterprise Linux Desktop version 4",
          "product_id": "4Desktop:perl-Archive-Tar-0:1.39.1-1.el4_8.1.src"
        },
        "product_reference": "perl-Archive-Tar-0:1.39.1-1.el4_8.1.src",
        "relates_to_product_reference": "4Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch as a component of Red Hat Enterprise Linux ES version 4",
          "product_id": "4ES:perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch"
        },
        "product_reference": "perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch",
        "relates_to_product_reference": "4ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-Archive-Tar-0:1.39.1-1.el4_8.1.src as a component of Red Hat Enterprise Linux ES version 4",
          "product_id": "4ES:perl-Archive-Tar-0:1.39.1-1.el4_8.1.src"
        },
        "product_reference": "perl-Archive-Tar-0:1.39.1-1.el4_8.1.src",
        "relates_to_product_reference": "4ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch as a component of Red Hat Enterprise Linux WS version 4",
          "product_id": "4WS:perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch"
        },
        "product_reference": "perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch",
        "relates_to_product_reference": "4WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-Archive-Tar-0:1.39.1-1.el4_8.1.src as a component of Red Hat Enterprise Linux WS version 4",
          "product_id": "4WS:perl-Archive-Tar-0:1.39.1-1.el4_8.1.src"
        },
        "product_reference": "perl-Archive-Tar-0:1.39.1-1.el4_8.1.src",
        "relates_to_product_reference": "4WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-Archive-Tar-1:1.39.1-1.el5_5.1.noarch as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:perl-Archive-Tar-1:1.39.1-1.el5_5.1.noarch"
        },
        "product_reference": "perl-Archive-Tar-1:1.39.1-1.el5_5.1.noarch",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-Archive-Tar-1:1.39.1-1.el5_5.1.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:perl-Archive-Tar-1:1.39.1-1.el5_5.1.src"
        },
        "product_reference": "perl-Archive-Tar-1:1.39.1-1.el5_5.1.src",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-Archive-Tar-1:1.39.1-1.el5_5.1.noarch as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:perl-Archive-Tar-1:1.39.1-1.el5_5.1.noarch"
        },
        "product_reference": "perl-Archive-Tar-1:1.39.1-1.el5_5.1.noarch",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-Archive-Tar-1:1.39.1-1.el5_5.1.src as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:perl-Archive-Tar-1:1.39.1-1.el5_5.1.src"
        },
        "product_reference": "perl-Archive-Tar-1:1.39.1-1.el5_5.1.src",
        "relates_to_product_reference": "5Server"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2007-4829",
      "discovery_date": "2007-08-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "295021"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has \"..\" sequences.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "perl-Archive-Tar directory traversal flaws",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-4829\n\nThe Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:\nhttps://access.redhat.com/security/updates/classification/",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS:perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch",
          "4AS:perl-Archive-Tar-0:1.39.1-1.el4_8.1.src",
          "4Desktop:perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch",
          "4Desktop:perl-Archive-Tar-0:1.39.1-1.el4_8.1.src",
          "4ES:perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch",
          "4ES:perl-Archive-Tar-0:1.39.1-1.el4_8.1.src",
          "4WS:perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch",
          "4WS:perl-Archive-Tar-0:1.39.1-1.el4_8.1.src",
          "5Client:perl-Archive-Tar-1:1.39.1-1.el5_5.1.noarch",
          "5Client:perl-Archive-Tar-1:1.39.1-1.el5_5.1.src",
          "5Server:perl-Archive-Tar-1:1.39.1-1.el5_5.1.noarch",
          "5Server:perl-Archive-Tar-1:1.39.1-1.el5_5.1.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-4829"
        },
        {
          "category": "external",
          "summary": "RHBZ#295021",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=295021"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-4829",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-4829"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-4829",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4829"
        }
      ],
      "release_date": "2007-08-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-07-01T18:43:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS:perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch",
            "4AS:perl-Archive-Tar-0:1.39.1-1.el4_8.1.src",
            "4Desktop:perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch",
            "4Desktop:perl-Archive-Tar-0:1.39.1-1.el4_8.1.src",
            "4ES:perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch",
            "4ES:perl-Archive-Tar-0:1.39.1-1.el4_8.1.src",
            "4WS:perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch",
            "4WS:perl-Archive-Tar-0:1.39.1-1.el4_8.1.src",
            "5Client:perl-Archive-Tar-1:1.39.1-1.el5_5.1.noarch",
            "5Client:perl-Archive-Tar-1:1.39.1-1.el5_5.1.src",
            "5Server:perl-Archive-Tar-1:1.39.1-1.el5_5.1.noarch",
            "5Server:perl-Archive-Tar-1:1.39.1-1.el5_5.1.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0505"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "4AS:perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch",
            "4AS:perl-Archive-Tar-0:1.39.1-1.el4_8.1.src",
            "4Desktop:perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch",
            "4Desktop:perl-Archive-Tar-0:1.39.1-1.el4_8.1.src",
            "4ES:perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch",
            "4ES:perl-Archive-Tar-0:1.39.1-1.el4_8.1.src",
            "4WS:perl-Archive-Tar-0:1.39.1-1.el4_8.1.noarch",
            "4WS:perl-Archive-Tar-0:1.39.1-1.el4_8.1.src",
            "5Client:perl-Archive-Tar-1:1.39.1-1.el5_5.1.noarch",
            "5Client:perl-Archive-Tar-1:1.39.1-1.el5_5.1.src",
            "5Server:perl-Archive-Tar-1:1.39.1-1.el5_5.1.noarch",
            "5Server:perl-Archive-Tar-1:1.39.1-1.el5_5.1.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "perl-Archive-Tar directory traversal flaws"
    }
  ]
}

GHSA-RWHC-G7XJ-H37Q

Vulnerability from github – Published: 2022-05-01 18:27 – Updated: 2022-05-01 18:27

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-4829"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-11-02T16:46:00Z",
    "severity": "MODERATE"
  },
  "details": "Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has \"..\" sequences.",
  "id": "GHSA-rwhc-g7xj-h37q",
  "modified": "2022-05-01T18:27:41Z",
  "published": "2022-05-01T18:27:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4829"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=295021"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38285"
    },
    {
      "type": "WEB",
      "url": "https://issues.rpath.com/browse/RPL-1716"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11658"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/40410"
    },
    {
      "type": "WEB",
      "url": "http://rt.cpan.org/Public/Bug/Display.html?id=29517"
    },
    {
      "type": "WEB",
      "url": "http://rt.cpan.org/Public/Bug/Display.html?id=30380"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27539"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/33116"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/33314"
    },
    {
      "type": "WEB",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200812-10.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/26355"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-700-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-700-2"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/3755"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2007-4829

Vulnerability from fkie_nvd - Published: 2007-11-02 16:46 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://osvdb.org/40410	Broken Link
secalert@redhat.com	http://rt.cpan.org/Public/Bug/Display.html?id=29517	Mailing List, Third Party Advisory
secalert@redhat.com	http://rt.cpan.org/Public/Bug/Display.html?id=30380	Mailing List, Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/27539	Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/33116	Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/33314	Third Party Advisory
secalert@redhat.com	http://www.gentoo.org/security/en/glsa/glsa-200812-10.xml	Third Party Advisory
secalert@redhat.com	http://www.securityfocus.com/bid/26355	Third Party Advisory, VDB Entry
secalert@redhat.com	http://www.ubuntu.com/usn/usn-700-1	Third Party Advisory
secalert@redhat.com	http://www.ubuntu.com/usn/usn-700-2	Third Party Advisory
secalert@redhat.com	http://www.vupen.com/english/advisories/2007/3755	Permissions Required
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=295021	Issue Tracking, Third Party Advisory
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/38285	Third Party Advisory, VDB Entry
secalert@redhat.com	https://issues.rpath.com/browse/RPL-1716	Broken Link
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11658	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/40410	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://rt.cpan.org/Public/Bug/Display.html?id=29517	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://rt.cpan.org/Public/Bug/Display.html?id=30380	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27539	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33116	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33314	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.gentoo.org/security/en/glsa/glsa-200812-10.xml	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/26355	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-700-1	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-700-2	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/3755	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=295021	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/38285	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://issues.rpath.com/browse/RPL-1716	Broken Link
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11658	Third Party Advisory

Impacted products

Vendor	Product	Version
archive\	\	tar_project
canonical	ubuntu_linux	6.06
canonical	ubuntu_linux	7.10
canonical	ubuntu_linux	8.04
canonical	ubuntu_linux	8.10

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:archive\\:\\:tar_project:archive\\:\\:tar:*:*:*:*:*:perl:*:*",
              "matchCriteriaId": "0662E689-46AB-4BFA-88E7-55A87B49E17F",
              "versionEndIncluding": "1.36",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
              "matchCriteriaId": "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "823BF8BE-2309-4F67-A5E2-EAD98F723468",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "C91D2DBF-6DA7-4BA2-9F29-8BD2725A4701",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has \"..\" sequences."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de salto de directorio en el m\u00f3dulo Archive::Tar Perl versiones 1.36 y anteriores, permite a atacantes remotos asistidos por el usuario sobrescribir archivos arbitrarios por medio de un archivo TAR que contiene un archivo cuyo nombre es una ruta (path) absoluta o presenta secuencias \"..\u201d"
    }
  ],
  "id": "CVE-2007-4829",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-11-02T16:46:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/40410"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://rt.cpan.org/Public/Bug/Display.html?id=29517"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://rt.cpan.org/Public/Bug/Display.html?id=30380"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/27539"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/33116"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/33314"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200812-10.xml"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/26355"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/usn-700-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/usn-700-2"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/3755"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=295021"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38285"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "https://issues.rpath.com/browse/RPL-1716"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11658"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/40410"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://rt.cpan.org/Public/Bug/Display.html?id=29517"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://rt.cpan.org/Public/Bug/Display.html?id=30380"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/27539"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/33116"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/33314"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200812-10.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/26355"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/usn-700-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/usn-700-2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/3755"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=295021"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38285"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://issues.rpath.com/browse/RPL-1716"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11658"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-4829 (GCVE-0-2007-4829)

GSD-2007-4829

RHSA-2010:0505

RHSA-2010_0505

GHSA-RWHC-G7XJ-H37Q

FKIE_CVE-2007-4829

Tags

Sightings

Nomenclature