Vulnerabilities > CVE-2018-12015 - Link Following vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Symlink Attack An attacker positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name. The endpoint file may be either output or input. If the file is output, the result is that the endpoint is modified, instead of a file at the intended location. Modifications to the endpoint file may include appending, overwriting, corrupting, changing permissions, or other modifications. In some variants of this attack the attacker may be able to control the change to a file while in other cases they cannot. The former is especially damaging since the attacker may be able to grant themselves increased privileges or insert false information, but the latter can also be damaging as it can expose sensitive information or corrupt or destroy vital system or application files. Alternatively, the endpoint file may serve as input to the targeted application. This can be used to feed malformed input into the target or to cause the target to process different information, possibly allowing the attacker to control the actions of the target or to cause the target to expose information to the attacker. Moreover, the actions taken on the endpoint file are undertaken with the permissions of the targeted user or application, which may exceed the permissions that the attacker would normally have.
- Accessing, Modifying or Executing Executable Files An attack of this type exploits a system's configuration that allows an attacker to either directly access an executable file, for example through shell access; or in a possible worst case allows an attacker to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
- Leverage Executable Code in Non-Executable Files An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
- Manipulating Input to File System Calls An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.
Nessus
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1078.NASL description According to the version of the perl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.(CVE-2018-12015) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 122770 published 2019-03-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122770 title EulerOS Virtualization 2.5.2 : perl (EulerOS-SA-2019-1078) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(122770); script_version("1.4"); script_cvs_date("Date: 2020/02/05"); script_cve_id( "CVE-2018-12015" ); script_name(english:"EulerOS Virtualization 2.5.2 : perl (EulerOS-SA-2019-1078)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS Virtualization host is missing a security update."); script_set_attribute(attribute:"description", value: "According to the version of the perl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.(CVE-2018-12015) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1078 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?76bede6b"); script_set_attribute(attribute:"solution", value: "Update the affected perl package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2019/03/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/12"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perl-Pod-Escapes"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perl-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perl-macros"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:2.5.2"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (uvp != "2.5.2") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.5.2"); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["perl-5.16.3-292.h3", "perl-Pod-Escapes-1.04-292.h3", "perl-libs-5.16.3-292.h3", "perl-macros-5.16.3-292.h3"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl"); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-2097.NASL description An update for perl-Archive-Tar is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Archive::Tar module provides a mechanism for Perl scripts to manipulate tar archive files. Security Fix(es) : * perl: Directory traversal in Archive::Tar (CVE-2018-12015) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 127670 published 2019-08-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127670 title RHEL 7 : perl-Archive-Tar (RHSA-2019:2097) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-2_0-0084_PERL.NASL description An update of the perl package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 121982 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121982 title Photon OS 2.0: Perl PHSA-2018-2.0-0084 NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2019-1287.NASL description It was found that the Archive::Tar module did not properly sanitize symbolic links when extracting tar archives. An attacker, able to provide a specially crafted archive for processing, could use this flaw to write or overwrite arbitrary files in the context of the Perl interpreter.(CVE-2018-12015) last seen 2020-06-01 modified 2020-06-02 plugin id 129014 published 2019-09-19 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129014 title Amazon Linux AMI : perl-Archive-Tar (ALAS-2019-1287) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2019-2097.NASL description An update for perl-Archive-Tar is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Archive::Tar module provides a mechanism for Perl scripts to manipulate tar archive files. Security Fix(es) : * perl: Directory traversal in Archive::Tar (CVE-2018-12015) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 128351 published 2019-08-30 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128351 title CentOS 7 : perl-Archive-Tar (CESA-2019:2097) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2415.NASL description According to the version of the perl-Archive-Tar package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.(CVE-2018-12015) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-12-10 plugin id 131907 published 2019-12-10 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131907 title EulerOS 2.0 SP2 : perl-Archive-Tar (EulerOS-SA-2019-2415) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-528.NASL description This update for perl fixes the following issues : - CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files (bsc#1096718) This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 123223 published 2019-03-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123223 title openSUSE Security Update : perl (openSUSE-2019-528) NASL family Fedora Local Security Checks NASL id FEDORA_2018-10AE521EFA.NASL description This release fixes CVE-2018-12015 vulnerability (a directory traversal). It also fixes creating a file with a trailing white space on the file name. It also allows to archive absolute path names and it speeds up extracting large archives. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-06-19 plugin id 110597 published 2018-06-19 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110597 title Fedora 27 : perl-Archive-Tar (2018-10ae521efa) NASL family MacOS X Local Security Checks NASL id MACOS_10_14_4.NASL description The remote host is running a version of macOS / Mac OS X that is 10.14.x prior to 10.14.4. It is, therefore, affected by multiple vulnerabilities, including: - Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges. (CVE-2019-8508) - An application may be able to execute arbitrary code with kernel privileges. (CVE-2019-8529) - A malicious application may be able to execute arbitrary code with system privileges (CVE-2019-8549) last seen 2020-06-01 modified 2020-06-02 plugin id 123128 published 2019-03-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123128 title macOS 10.14.x < 10.14.4 Multiple Vulnerabilities NASL family Scientific Linux Local Security Checks NASL id SL_20190806_PERL_ARCHIVE_TAR_ON_SL7_X.NASL description Security Fix(es) : - perl: Directory traversal in Archive::Tar (CVE-2018-12015) last seen 2020-03-18 modified 2019-08-27 plugin id 128250 published 2019-08-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128250 title Scientific Linux Security Update : perl-Archive-Tar on SL7.x x86_64 (20190806) NASL family MacOS X Local Security Checks NASL id MACOS_SECUPD_10_13_6_2019-002.NASL description The remote host is running macOS 10.13.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities including: - An application may be able to execute arbitrary code with kernel privileges. (CVE-2019-8529) - A local user may be able to read kernel memory. (CVE-2019-8504) - A malicious application may be able to determine kernel memory layout. (CVE-2019-6207, CVE-2019-8510) - 802.1X - DiskArbitration - Feedback Assistant - IOKit - IOKit SCSI - Kernel - PackageKit - Perl - Security - Time Machine - Wi-Fi last seen 2020-03-18 modified 2019-03-27 plugin id 123130 published 2019-03-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123130 title macOS 10.13.6 Multiple Vulnerabilities (Security Update 2019-002) NASL family MacOS X Local Security Checks NASL id MACOS_SECUPD_10_12_6_2019-002.NASL description The remote host is running Mac OS X 10.12.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities including: - A malicious application may be able to execute arbitrary code with kernel privileges. (CVE-2019-8555) - A malicious application may be able to determine kernel memory layout. (CVE-2019-6207, CVE-2019-8510) - A malicious application may be able to read restricted memory. (CVE-2019-8520) - 802.1X - DiskArbitration - Feedback Assistant - IOKit - IOKit SCSI - Kernel - PackageKit - Perl - Security - Time Machine - Wi-Fi last seen 2020-06-01 modified 2020-06-02 plugin id 123129 published 2019-03-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123129 title macOS and Mac OS X Multiple Vulnerabilities (Security Update 2019-002) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0230_PERL-ARCHIVE-TAR.NASL description The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has perl-Archive-Tar packages installed that are affected by a vulnerability: - In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name. (CVE-2018-12015) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 132461 published 2019-12-31 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132461 title NewStart CGSL CORE 5.05 / MAIN 5.05 : perl-Archive-Tar Vulnerability (NS-SA-2019-0230) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-751.NASL description This update for perl fixes the following issues : - CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files (bsc#1096718) This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-05 modified 2018-07-20 plugin id 111199 published 2018-07-20 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111199 title openSUSE Security Update : perl (openSUSE-2018-751) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-750.NASL description This update for perl fixes the following issues : This security issue was fixed : - CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files (bsc#1096718) This non-security issue was fixed : - fix debugger crash in tab completion with Term::ReadLine::Gnu [bsc#1068565] This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-05 modified 2018-07-20 plugin id 111198 published 2018-07-20 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111198 title openSUSE Security Update : perl (openSUSE-2018-750) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-2_0-0084.NASL description An update of 'procps-ng', 'openssl', 'perl' packages of Photon OS has been released. last seen 2019-02-21 modified 2019-02-07 plugin id 112035 published 2018-08-21 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=112035 title Photon OS 2.0: Openssl / Procps-ng / Perl PHSA-2018-2.0-0084 (deprecated) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1992-1.NASL description This update for perl fixes the following issues : - CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files (bsc#1096718). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 111201 published 2018-07-20 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111201 title SUSE SLES11 Security Update : perl (SUSE-SU-2018:1992-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1158.NASL description According to the version of the perl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - It was found that the Archive::Tar module did not properly sanitize symbolic links when extracting tar archives. An attacker, able to provide a specially crafted archive for processing, could use this flaw to write or overwrite arbitrary files in the context of the Perl interpreter.i1/4^CVE-2018-12015i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-19 modified 2019-04-09 plugin id 123844 published 2019-04-09 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123844 title EulerOS Virtualization 2.5.3 : perl (EulerOS-SA-2019-1158) NASL family Fedora Local Security Checks NASL id FEDORA_2018-4E088B6D7C.NASL description This release fixes CVE-2018-12015 vulnerability (a directory traversal). It also fixes creating a file with a trailing white space on the file name. It also allows to archive absolute path names and it speeds up extracting large archives. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120409 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120409 title Fedora 28 : perl-Archive-Tar (2018-4e088b6d7c) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1464.NASL description According to the versions of the perl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.(CVE-2018-18311) - It was found that the Archive::Tar module did not properly sanitize symbolic links when extracting tar archives. An attacker, able to provide a specially crafted archive for processing, could use this flaw to write or overwrite arbitrary files in the context of the Perl interpreter.(CVE-2018-12015) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124967 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124967 title EulerOS Virtualization 3.0.1.0 : perl (EulerOS-SA-2019-1464) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3684-1.NASL description It was discovered that Perl incorrectly handled certain archive files. An attacker could possibly use this to overwrite arbitrary files. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 110533 published 2018-06-14 reporter Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110533 title Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : perl vulnerability (USN-3684-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2181.NASL description According to the version of the perl-Archive-Tar package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Archive::Tar provides an object oriented mechanism for handling tar files. It provides class methods for quick and easy files handling while also allowing for the creation of tar file objects for custom manipulation. If you have the IO::Zlib module installed, Archive::Tar will also support compressed or gzipped tar files.Security Fix(es):In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.(CVE-2018-12015) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-11-08 plugin id 130643 published 2019-11-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130643 title EulerOS 2.0 SP5 : perl-Archive-Tar (EulerOS-SA-2019-2181) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1972-1.NASL description This update for perl fixes the following issues: These security issue were fixed : - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216). - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233). - CVE-2018-6797: Fixed sharp-s regexp overflow (bsc#1082234). - CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files (bsc#1096718) The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 111150 published 2018-07-18 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111150 title SUSE SLED12 / SLES12 Security Update : perl (SUSE-SU-2018:1972-1) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0188_PERL-ARCHIVE-TAR.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has perl-Archive-Tar packages installed that are affected by a vulnerability: - In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name. (CVE-2018-12015) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 129887 published 2019-10-15 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129887 title NewStart CGSL CORE 5.04 / MAIN 5.04 : perl-Archive-Tar Vulnerability (NS-SA-2019-0188) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1972-2.NASL description This update for perl fixes the following issues : These security issue were fixed : CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216). CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233). CVE-2018-6797: Fixed sharp-s regexp overflow (bsc#1082234). CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files (bsc#1096718) The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 118275 published 2018-10-22 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118275 title SUSE SLES12 Security Update : perl (SUSE-SU-2018:1972-2) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4226.NASL description Jakub Wilk discovered a directory traversal flaw in the Archive::Tar module, allowing an attacker to overwrite any file writable by the extracting user via a specially crafted tar archive. last seen 2020-06-01 modified 2020-06-02 plugin id 110464 published 2018-06-12 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110464 title Debian DSA-4226-1 : perl - security update NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-1_0-0175_PERL.NASL description An update of the perl package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 121876 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121876 title Photon OS 1.0: Perl PHSA-2018-1.0-0175 NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1977-1.NASL description This update for perl fixes the following issues : - CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files (bsc#1096718) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-21 modified 2019-01-02 plugin id 120049 published 2019-01-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120049 title SUSE SLED15 / SLES15 Security Update : perl (SUSE-SU-2018:1977-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1307.NASL description According to the version of the perl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that the Archive::Tar module did not properly sanitize symbolic links when extracting tar archives. An attacker, able to provide a specially crafted archive for processing, could use this flaw to write or overwrite arbitrary files in the context of the Perl interpreter.(CVE-2018-12015) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2018-09-27 plugin id 117750 published 2018-09-27 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117750 title EulerOS 2.0 SP2 : perl (EulerOS-SA-2018-1307) NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2019-1330.NASL description It was found that the Archive::Tar module did not properly sanitize symbolic links when extracting tar archives. An attacker, able to provide a specially crafted archive for processing, could use this flaw to write or overwrite arbitrary files in the context of the Perl interpreter.(CVE-2018-12015) last seen 2020-06-01 modified 2020-06-02 plugin id 130226 published 2019-10-25 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130226 title Amazon Linux 2 : perl-Archive-Tar (ALAS-2019-1330) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1308.NASL description According to the version of the perl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that the Archive::Tar module did not properly sanitize symbolic links when extracting tar archives. An attacker, able to provide a specially crafted archive for processing, could use this flaw to write or overwrite arbitrary files in the context of the Perl interpreter.(CVE-2018-12015) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2018-09-27 plugin id 117751 published 2018-09-27 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117751 title EulerOS 2.0 SP3 : perl (EulerOS-SA-2018-1308)
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||
rpms | perl-Archive-Tar-0:1.92-3.el7 |
References
- http://seclists.org/fulldisclosure/2019/Mar/49
- http://seclists.org/fulldisclosure/2019/Mar/49
- http://www.securityfocus.com/bid/104423
- http://www.securityfocus.com/bid/104423
- http://www.securitytracker.com/id/1041048
- http://www.securitytracker.com/id/1041048
- https://access.redhat.com/errata/RHSA-2019:2097
- https://access.redhat.com/errata/RHSA-2019:2097
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900834
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900834
- https://seclists.org/bugtraq/2019/Mar/42
- https://seclists.org/bugtraq/2019/Mar/42
- https://security.netapp.com/advisory/ntap-20180927-0001/
- https://security.netapp.com/advisory/ntap-20180927-0001/
- https://support.apple.com/kb/HT209600
- https://support.apple.com/kb/HT209600
- https://usn.ubuntu.com/3684-1/
- https://usn.ubuntu.com/3684-1/
- https://usn.ubuntu.com/3684-2/
- https://usn.ubuntu.com/3684-2/
- https://www.debian.org/security/2018/dsa-4226
- https://www.debian.org/security/2018/dsa-4226
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html