CVE-2007-4131

Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.

🔗 References (76)

• secalert@redhathttp://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=251921
• secalert@redhathttp://docs.info.apple.com/article.html?artnum=307179
• secalert@redhathttp://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
• secalert@redhathttp://secunia.com/advisories/26573
• secalert@redhathttp://secunia.com/advisories/26590
• secalert@redhathttp://secunia.com/advisories/26603
• secalert@redhathttp://secunia.com/advisories/26604
• secalert@redhathttp://secunia.com/advisories/26655
• secalert@redhathttp://secunia.com/advisories/26673
• secalert@redhathttp://secunia.com/advisories/26674
• secalert@redhathttp://secunia.com/advisories/26781
• secalert@redhathttp://secunia.com/advisories/26822
• secalert@redhathttp://secunia.com/advisories/26984
• secalert@redhathttp://secunia.com/advisories/27453
• secalert@redhathttp://secunia.com/advisories/27861