Vulnerabilities > CVE-2007-4131 - Remote Directory Traversal vulnerability in GNU Tar Dot_Dot Function

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

redhat

rpath

gnu

nessus

NVD

Published: 2007-08-25

Updated: 2018-10-15

Summary

Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.

Vulnerable Configurations

Part	Description	Count
OS	Redhat Redhat Enterprise Linux 4.0 Redhat Enterprise Linux 5.0 Redhat Enterprise Linux Desktop 5.0	6
OS	Rpath Rpath Rpath Linux 1	1
Application	Gnu GNU TAR 1.13 GNU TAR 1.13.5 GNU TAR 1.13.11 GNU TAR 1.13.14 GNU TAR 1.13.16 GNU TAR 1.13.17 GNU TAR 1.13.18 GNU TAR 1.13.19 GNU TAR 1.13.25 GNU TAR 1.14 GNU TAR 1.14.90 GNU TAR 1.15 GNU TAR 1.15.1 GNU TAR 1.15.90 GNU TAR 1.15.91 GNU TAR 1.16	16

Nessus

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_SECUPD2007-009.NASL
description	The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have Security Update 2007-009 applied. This update contains several security fixes for a large number of programs.
last seen	2020-06-01
modified	2020-06-02
plugin id	29723
published	2007-12-18
reporter	This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/29723
title	Mac OS X Multiple Vulnerabilities (Security Update 2007-009)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(29723); script_version("1.27"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_cve_id("CVE-2006-0024", "CVE-2007-1218", "CVE-2007-1659", "CVE-2007-1660", "CVE-2007-1661", "CVE-2007-1662", "CVE-2007-3798", "CVE-2007-3876", "CVE-2007-4131", "CVE-2007-4351", "CVE-2007-4572", "CVE-2007-4708", "CVE-2007-4709", "CVE-2007-4710", "CVE-2007-4766", "CVE-2007-4767", "CVE-2007-4768", "CVE-2007-4965", "CVE-2007-5116", "CVE-2007-5379", "CVE-2007-5380", "CVE-2007-5398", "CVE-2007-5476", "CVE-2007-5770", "CVE-2007-5847", "CVE-2007-5848", "CVE-2007-5849", "CVE-2007-5850", "CVE-2007-5851", "CVE-2007-5853", "CVE-2007-5854", "CVE-2007-5855", "CVE-2007-5856", "CVE-2007-5857", "CVE-2007-5858", "CVE-2007-5859", "CVE-2007-5860", "CVE-2007-5861", "CVE-2007-5863", "CVE-2007-6077", "CVE-2007-6165"); script_bugtraq_id(17106, 22772, 24965, 25417, 25696, 26096, 26268, 26274, 26346, 26350, 26421, 26454, 26455, 26510, 26598, 26908, 26910, 26926); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2007-009)"); script_summary(english:"Check for the presence of Security Update 2007-009"); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes various security issues."); script_set_attribute(attribute:"description", value: "The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have Security Update 2007-009 applied. This update contains several security fixes for a large number of programs."); script_set_attribute(attribute:"see_also", value:"http://docs.info.apple.com/article.html?artnum=307179"); script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"); script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/advisories/13649"); script_set_attribute(attribute:"solution", value:"Install Security Update 2007-009."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Mail.app Image Attachment Command Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_cwe_id(16, 20, 22, 79, 119, 134, 189, 200, 264, 287, 310, 362, 399); script_set_attribute(attribute:"vuln_publication_date", value:"2006/03/15"); script_set_attribute(attribute:"patch_publication_date", value:"2007/10/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/18"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages", "Host/uname"); exit(0); } uname = get_kb_item("Host/uname"); if ( ! uname ) exit(0); if ( egrep(pattern:"Darwin.* (8\.[0-9]\.\|8\.1[01]\.)", string:uname) ) { packages = get_kb_item("Host/MacOSX/packages"); if ( ! packages ) exit(0); if (!egrep(pattern:"^SecUpd(Srvr)?(2007-009\|200[89]-\|20[1-9][0-9]-)", string:packages)) security_hole(0); } else if ( egrep(pattern:"Darwin.* (9\.[01]\.)", string:uname) ) { packages = get_kb_item("Host/MacOSX/packages/boms"); if ( ! packages ) exit(0); if ( !egrep(pattern:"^com\.apple\.pkg\.update\.security\.2007\.009\.bom", string:packages) ) security_hole(0); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_STAR-4173.NASL
description	This update fixes a directory traversal bug in star. (CVE-2007-4131)
last seen	2020-06-01
modified	2020-06-02
plugin id	27459
published	2007-10-17
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/27459
title	openSUSE 10 Security Update : star (star-4173)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update star-4173. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(27459); script_version ("1.12"); script_cvs_date("Date: 2019/10/25 13:36:30"); script_cve_id("CVE-2007-4131"); script_name(english:"openSUSE 10 Security Update : star (star-4173)"); script_summary(english:"Check for the star-4173 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value:"This update fixes a directory traversal bug in star. (CVE-2007-4131)" ); script_set_attribute(attribute:"solution", value:"Update the affected star package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:star"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2"); script_set_attribute(attribute:"patch_publication_date", value:"2007/08/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.1\|SUSE10\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1 / 10.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.1", reference:"star-1.5a70-12.6") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"star-1.5a70-35") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "star"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2007-683.NASL
description	- Wed Aug 29 2007 Radek Brich <rbrich at redhat.com> 2:1.15.1-26 - Fix CVE-2007-4131 tar directory traversal vulnerability (#253685) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	25977
published	2007-09-05
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/25977
title	Fedora Core 6 : tar-1.15.1-26.fc6 (2007-683)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2007-683. # include("compat.inc"); if (description) { script_id(25977); script_version ("1.13"); script_cvs_date("Date: 2019/08/02 13:32:26"); script_xref(name:"FEDORA", value:"2007-683"); script_name(english:"Fedora Core 6 : tar-1.15.1-26.fc6 (2007-683)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Wed Aug 29 2007 Radek Brich <rbrich at redhat.com> 2:1.15.1-26 - Fix CVE-2007-4131 tar directory traversal vulnerability (#253685) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/package-announce/2007-August/003617.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?187ea9c5" ); script_set_attribute( attribute:"solution", value:"Update the affected tar and / or tar-debuginfo packages." ); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tar-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:6"); script_set_attribute(attribute:"patch_publication_date", value:"2007/08/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/09/05"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^6([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 6.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC6", reference:"tar-1.15.1-26.fc6")) flag++; if (rpm_check(release:"FC6", reference:"tar-debuginfo-1.15.1-26.fc6")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tar / tar-debuginfo"); }

NASL family	NewStart CGSL Local Security Checks
NASL id	NEWSTART_CGSL_NS-SA-2019-0089_TAR.NASL
description	The remote NewStart CGSL host, running version MAIN 4.06, has tar packages installed that are affected by multiple vulnerabilities: - Buffer overflow in tar 1.14 through 1.15.90 allows user- assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers. (CVE-2006-0300) - GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216. (CVE-2006-6097) - Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive. (CVE-2007-4131) - Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a crashing stack. (CVE-2007-4476) - Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character. (CVE-2010-0624) - Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER. (CVE-2016-6321) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	127307
published	2019-08-12
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/127307
title	NewStart CGSL MAIN 4.06 : tar Multiple Vulnerabilities (NS-SA-2019-0089)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from ZTE advisory NS-SA-2019-0089. The text # itself is copyright (C) ZTE, Inc. include("compat.inc"); if (description) { script_id(127307); script_version("1.3"); script_cvs_date("Date: 2019/09/24 11:01:33"); script_cve_id( "CVE-2006-0300", "CVE-2006-6097", "CVE-2007-4131", "CVE-2007-4476", "CVE-2010-0624", "CVE-2016-6321" ); script_name(english:"NewStart CGSL MAIN 4.06 : tar Multiple Vulnerabilities (NS-SA-2019-0089)"); script_set_attribute(attribute:"synopsis", value: "The remote machine is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote NewStart CGSL host, running version MAIN 4.06, has tar packages installed that are affected by multiple vulnerabilities: - Buffer overflow in tar 1.14 through 1.15.90 allows user- assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers. (CVE-2006-0300) - GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216. (CVE-2006-6097) - Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive. (CVE-2007-4131) - Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a crashing stack. (CVE-2007-4476) - Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character. (CVE-2010-0624) - Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER. (CVE-2016-6321) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2019-0089"); script_set_attribute(attribute:"solution", value: "Upgrade the vulnerable CGSL tar packages. Note that updated packages may not be available yet. Please contact ZTE for more information."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2007-4476"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(119); script_set_attribute(attribute:"vuln_publication_date", value:"2006/02/24"); script_set_attribute(attribute:"patch_publication_date", value:"2019/07/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12"); script_set_attribute(attribute:"plugin_type", value:"local"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"NewStart CGSL Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/ZTE-CGSL/release"); if (isnull(release) \|\| release !~ "^CGSL (MAIN\|CORE)") audit(AUDIT_OS_NOT, "NewStart Carrier Grade Server Linux"); if (release !~ "CGSL MAIN 4.06") audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 4.06'); if (!get_kb_item("Host/ZTE-CGSL/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "NewStart Carrier Grade Server Linux", cpu); flag = 0; pkgs = { "CGSL MAIN 4.06": [ "tar-1.23-15.el6_8.cgslv4_6.0.1.gff7e116", "tar-debuginfo-1.23-15.el6_8.cgslv4_6.0.1.gff7e116" ] }; pkg_list = pkgs[release]; foreach (pkg in pkg_list) if (rpm_check(release:"ZTE " + release, reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tar"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2007-2673.NASL
description	- Wed Oct 24 2007 Radek Brich <rbrich at redhat.com> 2:1.15.1-28 - backported upstream patch for CVE-2007-4476 (tar stack crashing in safer_name_suffix) - Tue Aug 28 2007 Radek Brich <rbrich at redhat.com> 2:1.15.1-27 - fixed CVE-2007-4131 tar directory traversal vulnerability (#253684) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	27789
published	2007-11-06
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/27789
title	Fedora 7 : tar-1.15.1-28.fc7 (2007-2673)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2007-2673. # include("compat.inc"); if (description) { script_id(27789); script_version ("1.15"); script_cvs_date("Date: 2019/08/02 13:32:25"); script_cve_id("CVE-2007-4131", "CVE-2007-4476"); script_bugtraq_id(25417); script_xref(name:"FEDORA", value:"2007-2673"); script_name(english:"Fedora 7 : tar-1.15.1-28.fc7 (2007-2673)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Wed Oct 24 2007 Radek Brich <rbrich at redhat.com> 2:1.15.1-28 - backported upstream patch for CVE-2007-4476 (tar stack crashing in safer_name_suffix) - Tue Aug 28 2007 Radek Brich <rbrich at redhat.com> 2:1.15.1-27 - fixed CVE-2007-4131 tar directory traversal vulnerability (#253684) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=280961" ); # https://lists.fedoraproject.org/pipermail/package-announce/2007-October/004340.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6d61005a" ); script_set_attribute( attribute:"solution", value:"Update the affected tar and / or tar-debuginfo packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tar-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:7"); script_set_attribute(attribute:"patch_publication_date", value:"2007/10/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^7([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 7.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC7", reference:"tar-1.15.1-28.fc7")) flag++; if (rpm_check(release:"FC7", reference:"tar-debuginfo-1.15.1-28.fc7")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tar / tar-debuginfo"); }

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200709-09.NASL
description	The remote host is affected by the vulnerability described in GLSA-200709-09 (GNU Tar: Directory traversal vulnerability) Dmitry V. Levin discovered a directory traversal vulnerability in the contains_dot_dot() function in file src/names.c. Impact : By enticing a user to extract a specially crafted tar archive, a remote attacker could extract files to arbitrary locations outside of the specified directory with the permissions of the user running GNU Tar. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	26099
published	2007-09-24
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/26099
title	GLSA-200709-09 : GNU Tar: Directory traversal vulnerability
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200709-09. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(26099); script_version("1.13"); script_cvs_date("Date: 2019/08/02 13:32:44"); script_cve_id("CVE-2007-4131"); script_xref(name:"GLSA", value:"200709-09"); script_name(english:"GLSA-200709-09 : GNU Tar: Directory traversal vulnerability"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200709-09 (GNU Tar: Directory traversal vulnerability) Dmitry V. Levin discovered a directory traversal vulnerability in the contains_dot_dot() function in file src/names.c. Impact : By enticing a user to extract a specially crafted tar archive, a remote attacker could extract files to arbitrary locations outside of the specified directory with the permissions of the user running GNU Tar. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200709-09" ); script_set_attribute( attribute:"solution", value: "All GNU Tar users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-arch/tar-1.18-r2'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:tar"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/09/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/09/24"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/08/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"app-arch/tar", unaffected:make_list("ge 1.18-r2"), vulnerable:make_list("lt 1.18-r2"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "GNU Tar"); }

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2007-0860.NASL
description	Updated tar package that fixes a path traversal flaw is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GNU tar program saves many files together in one archive and can restore individual files (or all of the files) from that archive. A path traversal flaw was discovered in the way GNU tar extracted archives. A malicious user could create a tar archive that could write to arbitrary files to which the user running GNU tar had write access. (CVE-2007-4131) Red Hat would like to thank Dmitry V. Levin for reporting this issue. Users of tar should upgrade to this updated package, which contains a replacement backported patch to correct this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	25948
published	2007-08-28
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/25948
title	RHEL 4 / 5 : tar (RHSA-2007:0860)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2007:0860. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(25948); script_version ("1.24"); script_cvs_date("Date: 2019/10/25 13:36:12"); script_cve_id("CVE-2007-4131"); script_bugtraq_id(25417); script_xref(name:"RHSA", value:"2007:0860"); script_name(english:"RHEL 4 / 5 : tar (RHSA-2007:0860)"); script_summary(english:"Checks the rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing a security update." ); script_set_attribute( attribute:"description", value: "Updated tar package that fixes a path traversal flaw is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GNU tar program saves many files together in one archive and can restore individual files (or all of the files) from that archive. A path traversal flaw was discovered in the way GNU tar extracted archives. A malicious user could create a tar archive that could write to arbitrary files to which the user running GNU tar had write access. (CVE-2007-4131) Red Hat would like to thank Dmitry V. Levin for reporting this issue. Users of tar should upgrade to this updated package, which contains a replacement backported patch to correct this issue." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-4131" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2007:0860" ); script_set_attribute(attribute:"solution", value:"Update the affected tar package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tar"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/08/24"); script_set_attribute(attribute:"patch_publication_date", value:"2007/08/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/08/28"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(4\|5)([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x / 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2007:0860"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL4", reference:"tar-1.14-12.5.1.RHEL4")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"tar-1.15.1-23.0.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"tar-1.15.1-23.0.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"tar-1.15.1-23.0.1.el5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tar"); } }

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_D944719E42F4486489EDF045B541919F.NASL
description	Red Hat reports : A path traversal flaw was discovered in the way GNU tar extracted archives. A malicious user could create a tar archive that could write to arbitrary files to which the user running GNU tar had write access. Red Hat credits Dmitry V. Levin for reporting the issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	25967
published	2007-09-03
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/25967
title	FreeBSD : gtar -- Directory traversal vulnerability (d944719e-42f4-4864-89ed-f045b541919f)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(25967); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:39"); script_cve_id("CVE-2007-4131"); script_bugtraq_id(25417); script_name(english:"FreeBSD : gtar -- Directory traversal vulnerability (d944719e-42f4-4864-89ed-f045b541919f)"); script_summary(english:"Checks for updated package in pkg_info output"); script_set_attribute( attribute:"synopsis", value:"The remote FreeBSD host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Red Hat reports : A path traversal flaw was discovered in the way GNU tar extracted archives. A malicious user could create a tar archive that could write to arbitrary files to which the user running GNU tar had write access. Red Hat credits Dmitry V. Levin for reporting the issue." ); # http://rhn.redhat.com/errata/RHSA-2007-0860.html script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2007:0860" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=251921" ); # https://vuxml.freebsd.org/freebsd/d944719e-42f4-4864-89ed-f045b541919f.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f3fcd1e9" ); script_set_attribute(attribute:"solution", value:"Update the affected package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:gtar"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/08/23"); script_set_attribute(attribute:"patch_publication_date", value:"2007/09/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/09/03"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"gtar<1.18_1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	SuSE Local Security Checks
NASL id	SUSE_TAR-4125.NASL
description	This update fixes a directory traversal bug in tar. (CVE-2007-4131)
last seen	2020-06-01
modified	2020-06-02
plugin id	29586
published	2007-12-13
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/29586
title	SuSE 10 Security Update : tar (ZYPP Patch Number 4125)

NASL family	SuSE Local Security Checks
NASL id	SUSE9_11723.NASL
description	This update fixes a directory traversal bug in tar. (CVE-2007-4131)
last seen	2020-06-01
modified	2020-06-02
plugin id	41149
published	2009-09-24
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/41149
title	SuSE9 Security Update : tar (YOU Patch Number 11723)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-1438.NASL
description	Several vulnerabilities have been discovered in GNU Tar. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-4131 A directory traversal vulnerability enables attackers using specially crafted archives to extract contents outside the directory tree created by tar. - CVE-2007-4476 A stack-based buffer overflow in the file name checking code may lead to arbitrary code execution when processing maliciously crafted archives.
last seen	2020-06-01
modified	2020-06-02
plugin id	29805
published	2007-12-31
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/29805
title	Debian DSA-1438-1 : tar - several vulnerabilities

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2007-173.NASL
description	Dmitry V. Levin discovered a path traversal flaw in how GNU tar extracted archives. A malicious user could create a tar archive that could write to arbitrary fiels that the user running tar has write access to. Updated packages have been patched to prevent these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	25983
published	2007-09-05
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/25983
title	Mandrake Linux Security Advisory : tar (MDKSA-2007:173)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2007-0860.NASL
description	Updated tar package that fixes a path traversal flaw is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GNU tar program saves many files together in one archive and can restore individual files (or all of the files) from that archive. A path traversal flaw was discovered in the way GNU tar extracted archives. A malicious user could create a tar archive that could write to arbitrary files to which the user running GNU tar had write access. (CVE-2007-4131) Red Hat would like to thank Dmitry V. Levin for reporting this issue. Users of tar should upgrade to this updated package, which contains a replacement backported patch to correct this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	25949
published	2007-08-28
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/25949
title	CentOS 4 / 5 : tar (CESA-2007:0860)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2007-1890.NASL
description	- Tue Aug 28 2007 Radek Brich <rbrich at redhat.com> 2:1.15.1-27 - fixed CVE-2007-4131 tar directory traversal vulnerability (#253684) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	27740
published	2007-11-06
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/27740
title	Fedora 7 : tar-1.15.1-27.fc7 (2007-1890)

NASL family	NewStart CGSL Local Security Checks
NASL id	NEWSTART_CGSL_NS-SA-2019-0153_TAR.NASL
description	The remote NewStart CGSL host, running version MAIN 4.05, has tar packages installed that are affected by multiple vulnerabilities: - Buffer overflow in tar 1.14 through 1.15.90 allows user- assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers. (CVE-2006-0300) - GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216. (CVE-2006-6097) - Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive. (CVE-2007-4131) - Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a crashing stack. (CVE-2007-4476) - Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character. (CVE-2010-0624) - Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER. (CVE-2016-6321) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	127428
published	2019-08-12
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/127428
title	NewStart CGSL MAIN 4.05 : tar Multiple Vulnerabilities (NS-SA-2019-0153)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20070823_TAR_ON_SL5_X.NASL
description	A path traversal flaw was discovered in the way GNU tar extracted archives. A malicious user could create a tar archive that could write to arbitrary files to which the user running GNU tar had write access. (CVE-2007-4131)
last seen	2020-06-01
modified	2020-06-02
plugin id	60242
published	2012-08-01
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/60242
title	Scientific Linux Security Update : tar on SL5.x, SL4.x i386/x86_64

NASL family	SuSE Local Security Checks
NASL id	SUSE_TAR-4124.NASL
description	This update fixes a directory traversal bug in tar. (CVE-2007-4131)
last seen	2020-06-01
modified	2020-06-02
plugin id	27464
published	2007-10-17
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/27464
title	openSUSE 10 Security Update : tar (tar-4124)

NASL family	SuSE Local Security Checks
NASL id	SUSE_STAR-4174.NASL
description	This update fixes a directory traversal bug in star. (CVE-2007-4131)
last seen	2020-06-01
modified	2020-06-02
plugin id	29583
published	2007-12-13
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/29583
title	SuSE 10 Security Update : star (ZYPP Patch Number 4174)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-506-1.NASL
description	Dmitry V. Levin discovered that tar did not correctly detect the
last seen	2020-06-01
modified	2020-06-02
plugin id	28110
published	2007-11-10
reporter	Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/28110
title	Ubuntu 6.06 LTS / 6.10 / 7.04 : tar vulnerability (USN-506-1)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2007-0860.NASL
description	From Red Hat Security Advisory 2007:0860 : Updated tar package that fixes a path traversal flaw is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GNU tar program saves many files together in one archive and can restore individual files (or all of the files) from that archive. A path traversal flaw was discovered in the way GNU tar extracted archives. A malicious user could create a tar archive that could write to arbitrary files to which the user running GNU tar had write access. (CVE-2007-4131) Red Hat would like to thank Dmitry V. Levin for reporting this issue. Users of tar should upgrade to this updated package, which contains a replacement backported patch to correct this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	67563
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67563
title	Oracle Linux 4 / 5 : tar (ELSA-2007-0860)

Oval

accepted

2013-04-29T04:05:30.959-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990
comment The operating system installed on the system is Red Hat Enterprise Linux 5
oval oval:org.mitre.oval:def:11414
comment The operating system installed on the system is CentOS Linux 5.x
oval oval:org.mitre.oval:def:15802
comment Oracle Linux 5.x
oval oval:org.mitre.oval:def:15459

description

family

unix

oval:org.mitre.oval:def:10420

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

accepted

2010-06-07T04:00:50.880-04:00

class

vulnerability

contributors

name	Pai Peng
organization	Hewlett-Packard

definition_extensions

comment Solaris 9 (SPARC) is installed
oval oval:org.mitre.oval:def:1457
comment Solaris 10 (SPARC) is installed
oval oval:org.mitre.oval:def:1440
comment Solaris 9 (x86) is installed
oval oval:org.mitre.oval:def:1683
comment Solaris 10 (x86) is installed
oval oval:org.mitre.oval:def:1926

description

family

unix

oval:org.mitre.oval:def:7779

status

accepted

submitted

2010-03-26T14:24:08.000-04:00

title

Security Vulnerabilities in GNU tar (see gtar(1)) May Lead to Files Being Overwritten, Execution of Arbitrary Code, or a Denial of Service (DoS)

version

Redhat

advisories

bugzilla

id	251921
title	CVE-2007-4131 tar directory traversal vulnerability

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 4 is installed
oval oval:com.redhat.rhba:tst:20070304025
comment tar is earlier than 0:1.14-12.5.1.RHEL4
oval oval:com.redhat.rhsa:tst:20070860001
comment tar is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060232002

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005
comment tar is earlier than 2:1.15.1-23.0.1.el5
oval oval:com.redhat.rhsa:tst:20070860004
comment tar is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070860005

rhsa

id	RHSA-2007:0860
released	2008-01-07
severity	Moderate
title	RHSA-2007:0860: tar security update (Moderate)

rpms

tar-0:1.14-12.5.1.RHEL4
tar-2:1.15.1-23.0.1.el5
tar-debuginfo-0:1.14-12.5.1.RHEL4
tar-debuginfo-2:1.15.1-23.0.1.el5

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 25417 CVE(CAN) ID: CVE-2007-4131 GNU tar可创建和解压tar文档，并进行各种存档文件管理。 GNU tar在处理符号链接时存在漏洞，本地攻击者可能利用此漏洞提升权限或破坏文件。 GNU tar的contains_dot_dot函数没有正确地检查目录符号链接的名称，恶意用户所创建tar文档可以写入运行GNU tar的用户可写访问的任意文件。 GNU tar <= 1.15.91 RedHat已经为此发布了一个安全公告（RHSA-2007:0860-01）以及相应补丁: RHSA-2007:0860-01：Moderate: tar security update 链接：<a href="https://www.redhat.com/support/errata/RHSA-2007-0860.html" target="_blank">https://www.redhat.com/support/errata/RHSA-2007-0860.html</a>
id	SSV:2159
last seen	2017-11-19
modified	2007-08-24
published	2007-08-24
reporter	Root
title	GNU Tar contains_dot_dot函数远程目录遍历漏洞

Summary

Vulnerable Configurations

Nessus

Oval

Redhat

Seebug

References