Vulnerabilities > CVE-2018-12015 - Link Following vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE

Summary

In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

Vulnerable Configurations

Part Description Count
OS
Canonical
5
OS
Debian
2
OS
Apple
158
Application
Perl
419
Application
Archive\
84
Application
Netapp
4

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Symlink Attack
    An attacker positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name. The endpoint file may be either output or input. If the file is output, the result is that the endpoint is modified, instead of a file at the intended location. Modifications to the endpoint file may include appending, overwriting, corrupting, changing permissions, or other modifications. In some variants of this attack the attacker may be able to control the change to a file while in other cases they cannot. The former is especially damaging since the attacker may be able to grant themselves increased privileges or insert false information, but the latter can also be damaging as it can expose sensitive information or corrupt or destroy vital system or application files. Alternatively, the endpoint file may serve as input to the targeted application. This can be used to feed malformed input into the target or to cause the target to process different information, possibly allowing the attacker to control the actions of the target or to cause the target to expose information to the attacker. Moreover, the actions taken on the endpoint file are undertaken with the permissions of the targeted user or application, which may exceed the permissions that the attacker would normally have.
  • Accessing, Modifying or Executing Executable Files
    An attack of this type exploits a system's configuration that allows an attacker to either directly access an executable file, for example through shell access; or in a possible worst case allows an attacker to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
  • Leverage Executable Code in Non-Executable Files
    An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
  • Manipulating Input to File System Calls
    An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.

Nessus

  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1078.NASL
    descriptionAccording to the version of the perl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.(CVE-2018-12015) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122770
    published2019-03-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122770
    titleEulerOS Virtualization 2.5.2 : perl (EulerOS-SA-2019-1078)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(122770);
      script_version("1.4");
      script_cvs_date("Date: 2020/02/05");
    
      script_cve_id(
        "CVE-2018-12015"
      );
    
      script_name(english:"EulerOS Virtualization 2.5.2 : perl (EulerOS-SA-2019-1078)");
      script_summary(english:"Checks the rpm output for the updated package.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "According to the version of the perl packages installed, the EulerOS
    Virtualization installation on the remote host is affected by the
    following vulnerability :
    
      - In Perl through 5.26.2, the Archive::Tar module allows
        remote attackers to bypass a directory-traversal
        protection mechanism, and overwrite arbitrary files,
        via an archive file containing a symlink and a regular
        file with the same name.(CVE-2018-12015)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1078
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?76bede6b");
      script_set_attribute(attribute:"solution", value:
    "Update the affected perl package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/03/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/12");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perl-Pod-Escapes");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perl-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perl-macros");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:2.5.2");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "2.5.2") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.5.2");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["perl-5.16.3-292.h3",
            "perl-Pod-Escapes-1.04-292.h3",
            "perl-libs-5.16.3-292.h3",
            "perl-macros-5.16.3-292.h3"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-2097.NASL
    descriptionAn update for perl-Archive-Tar is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Archive::Tar module provides a mechanism for Perl scripts to manipulate tar archive files. Security Fix(es) : * perl: Directory traversal in Archive::Tar (CVE-2018-12015) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id127670
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127670
    titleRHEL 7 : perl-Archive-Tar (RHSA-2019:2097)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-2_0-0084_PERL.NASL
    descriptionAn update of the perl package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121982
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121982
    titlePhoton OS 2.0: Perl PHSA-2018-2.0-0084
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2019-1287.NASL
    descriptionIt was found that the Archive::Tar module did not properly sanitize symbolic links when extracting tar archives. An attacker, able to provide a specially crafted archive for processing, could use this flaw to write or overwrite arbitrary files in the context of the Perl interpreter.(CVE-2018-12015)
    last seen2020-06-01
    modified2020-06-02
    plugin id129014
    published2019-09-19
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129014
    titleAmazon Linux AMI : perl-Archive-Tar (ALAS-2019-1287)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-2097.NASL
    descriptionAn update for perl-Archive-Tar is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Archive::Tar module provides a mechanism for Perl scripts to manipulate tar archive files. Security Fix(es) : * perl: Directory traversal in Archive::Tar (CVE-2018-12015) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id128351
    published2019-08-30
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128351
    titleCentOS 7 : perl-Archive-Tar (CESA-2019:2097)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2415.NASL
    descriptionAccording to the version of the perl-Archive-Tar package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.(CVE-2018-12015) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-10
    plugin id131907
    published2019-12-10
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131907
    titleEulerOS 2.0 SP2 : perl-Archive-Tar (EulerOS-SA-2019-2415)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-528.NASL
    descriptionThis update for perl fixes the following issues : - CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files (bsc#1096718) This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id123223
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123223
    titleopenSUSE Security Update : perl (openSUSE-2019-528)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-10AE521EFA.NASL
    descriptionThis release fixes CVE-2018-12015 vulnerability (a directory traversal). It also fixes creating a file with a trailing white space on the file name. It also allows to archive absolute path names and it speeds up extracting large archives. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-06-19
    plugin id110597
    published2018-06-19
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110597
    titleFedora 27 : perl-Archive-Tar (2018-10ae521efa)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_10_14_4.NASL
    descriptionThe remote host is running a version of macOS / Mac OS X that is 10.14.x prior to 10.14.4. It is, therefore, affected by multiple vulnerabilities, including: - Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges. (CVE-2019-8508) - An application may be able to execute arbitrary code with kernel privileges. (CVE-2019-8529) - A malicious application may be able to execute arbitrary code with system privileges (CVE-2019-8549)
    last seen2020-06-01
    modified2020-06-02
    plugin id123128
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123128
    titlemacOS 10.14.x < 10.14.4 Multiple Vulnerabilities
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190806_PERL_ARCHIVE_TAR_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - perl: Directory traversal in Archive::Tar (CVE-2018-12015)
    last seen2020-03-18
    modified2019-08-27
    plugin id128250
    published2019-08-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128250
    titleScientific Linux Security Update : perl-Archive-Tar on SL7.x x86_64 (20190806)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_SECUPD_10_13_6_2019-002.NASL
    descriptionThe remote host is running macOS 10.13.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities including: - An application may be able to execute arbitrary code with kernel privileges. (CVE-2019-8529) - A local user may be able to read kernel memory. (CVE-2019-8504) - A malicious application may be able to determine kernel memory layout. (CVE-2019-6207, CVE-2019-8510) - 802.1X - DiskArbitration - Feedback Assistant - IOKit - IOKit SCSI - Kernel - PackageKit - Perl - Security - Time Machine - Wi-Fi
    last seen2020-03-18
    modified2019-03-27
    plugin id123130
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123130
    titlemacOS 10.13.6 Multiple Vulnerabilities (Security Update 2019-002)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_SECUPD_10_12_6_2019-002.NASL
    descriptionThe remote host is running Mac OS X 10.12.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities including: - A malicious application may be able to execute arbitrary code with kernel privileges. (CVE-2019-8555) - A malicious application may be able to determine kernel memory layout. (CVE-2019-6207, CVE-2019-8510) - A malicious application may be able to read restricted memory. (CVE-2019-8520) - 802.1X - DiskArbitration - Feedback Assistant - IOKit - IOKit SCSI - Kernel - PackageKit - Perl - Security - Time Machine - Wi-Fi
    last seen2020-06-01
    modified2020-06-02
    plugin id123129
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123129
    titlemacOS and Mac OS X Multiple Vulnerabilities (Security Update 2019-002)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0230_PERL-ARCHIVE-TAR.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has perl-Archive-Tar packages installed that are affected by a vulnerability: - In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name. (CVE-2018-12015) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id132461
    published2019-12-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132461
    titleNewStart CGSL CORE 5.05 / MAIN 5.05 : perl-Archive-Tar Vulnerability (NS-SA-2019-0230)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-751.NASL
    descriptionThis update for perl fixes the following issues : - CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files (bsc#1096718) This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-05
    modified2018-07-20
    plugin id111199
    published2018-07-20
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111199
    titleopenSUSE Security Update : perl (openSUSE-2018-751)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-750.NASL
    descriptionThis update for perl fixes the following issues : This security issue was fixed : - CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files (bsc#1096718) This non-security issue was fixed : - fix debugger crash in tab completion with Term::ReadLine::Gnu [bsc#1068565] This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2018-07-20
    plugin id111198
    published2018-07-20
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111198
    titleopenSUSE Security Update : perl (openSUSE-2018-750)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-2_0-0084.NASL
    descriptionAn update of 'procps-ng', 'openssl', 'perl' packages of Photon OS has been released.
    last seen2019-02-21
    modified2019-02-07
    plugin id112035
    published2018-08-21
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=112035
    titlePhoton OS 2.0: Openssl / Procps-ng / Perl PHSA-2018-2.0-0084 (deprecated)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1992-1.NASL
    descriptionThis update for perl fixes the following issues : - CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files (bsc#1096718). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id111201
    published2018-07-20
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111201
    titleSUSE SLES11 Security Update : perl (SUSE-SU-2018:1992-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1158.NASL
    descriptionAccording to the version of the perl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - It was found that the Archive::Tar module did not properly sanitize symbolic links when extracting tar archives. An attacker, able to provide a specially crafted archive for processing, could use this flaw to write or overwrite arbitrary files in the context of the Perl interpreter.i1/4^CVE-2018-12015i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2019-04-09
    plugin id123844
    published2019-04-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123844
    titleEulerOS Virtualization 2.5.3 : perl (EulerOS-SA-2019-1158)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-4E088B6D7C.NASL
    descriptionThis release fixes CVE-2018-12015 vulnerability (a directory traversal). It also fixes creating a file with a trailing white space on the file name. It also allows to archive absolute path names and it speeds up extracting large archives. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120409
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120409
    titleFedora 28 : perl-Archive-Tar (2018-4e088b6d7c)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1464.NASL
    descriptionAccording to the versions of the perl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.(CVE-2018-18311) - It was found that the Archive::Tar module did not properly sanitize symbolic links when extracting tar archives. An attacker, able to provide a specially crafted archive for processing, could use this flaw to write or overwrite arbitrary files in the context of the Perl interpreter.(CVE-2018-12015) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124967
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124967
    titleEulerOS Virtualization 3.0.1.0 : perl (EulerOS-SA-2019-1464)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3684-1.NASL
    descriptionIt was discovered that Perl incorrectly handled certain archive files. An attacker could possibly use this to overwrite arbitrary files. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id110533
    published2018-06-14
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110533
    titleUbuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : perl vulnerability (USN-3684-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2181.NASL
    descriptionAccording to the version of the perl-Archive-Tar package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Archive::Tar provides an object oriented mechanism for handling tar files. It provides class methods for quick and easy files handling while also allowing for the creation of tar file objects for custom manipulation. If you have the IO::Zlib module installed, Archive::Tar will also support compressed or gzipped tar files.Security Fix(es):In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.(CVE-2018-12015) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-11-08
    plugin id130643
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130643
    titleEulerOS 2.0 SP5 : perl-Archive-Tar (EulerOS-SA-2019-2181)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1972-1.NASL
    descriptionThis update for perl fixes the following issues: These security issue were fixed : - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216). - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233). - CVE-2018-6797: Fixed sharp-s regexp overflow (bsc#1082234). - CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files (bsc#1096718) The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id111150
    published2018-07-18
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111150
    titleSUSE SLED12 / SLES12 Security Update : perl (SUSE-SU-2018:1972-1)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0188_PERL-ARCHIVE-TAR.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has perl-Archive-Tar packages installed that are affected by a vulnerability: - In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name. (CVE-2018-12015) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id129887
    published2019-10-15
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129887
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : perl-Archive-Tar Vulnerability (NS-SA-2019-0188)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1972-2.NASL
    descriptionThis update for perl fixes the following issues : These security issue were fixed : CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216). CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233). CVE-2018-6797: Fixed sharp-s regexp overflow (bsc#1082234). CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files (bsc#1096718) The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id118275
    published2018-10-22
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118275
    titleSUSE SLES12 Security Update : perl (SUSE-SU-2018:1972-2)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4226.NASL
    descriptionJakub Wilk discovered a directory traversal flaw in the Archive::Tar module, allowing an attacker to overwrite any file writable by the extracting user via a specially crafted tar archive.
    last seen2020-06-01
    modified2020-06-02
    plugin id110464
    published2018-06-12
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110464
    titleDebian DSA-4226-1 : perl - security update
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0175_PERL.NASL
    descriptionAn update of the perl package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121876
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121876
    titlePhoton OS 1.0: Perl PHSA-2018-1.0-0175
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1977-1.NASL
    descriptionThis update for perl fixes the following issues : - CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files (bsc#1096718) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-21
    modified2019-01-02
    plugin id120049
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120049
    titleSUSE SLED15 / SLES15 Security Update : perl (SUSE-SU-2018:1977-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1307.NASL
    descriptionAccording to the version of the perl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that the Archive::Tar module did not properly sanitize symbolic links when extracting tar archives. An attacker, able to provide a specially crafted archive for processing, could use this flaw to write or overwrite arbitrary files in the context of the Perl interpreter.(CVE-2018-12015) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2018-09-27
    plugin id117750
    published2018-09-27
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117750
    titleEulerOS 2.0 SP2 : perl (EulerOS-SA-2018-1307)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1330.NASL
    descriptionIt was found that the Archive::Tar module did not properly sanitize symbolic links when extracting tar archives. An attacker, able to provide a specially crafted archive for processing, could use this flaw to write or overwrite arbitrary files in the context of the Perl interpreter.(CVE-2018-12015)
    last seen2020-06-01
    modified2020-06-02
    plugin id130226
    published2019-10-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130226
    titleAmazon Linux 2 : perl-Archive-Tar (ALAS-2019-1330)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1308.NASL
    descriptionAccording to the version of the perl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that the Archive::Tar module did not properly sanitize symbolic links when extracting tar archives. An attacker, able to provide a specially crafted archive for processing, could use this flaw to write or overwrite arbitrary files in the context of the Perl interpreter.(CVE-2018-12015) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2018-09-27
    plugin id117751
    published2018-09-27
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117751
    titleEulerOS 2.0 SP3 : perl (EulerOS-SA-2018-1308)

Redhat

advisories
bugzilla
id1588760
titleCVE-2018-12015 perl: Directory traversal in Archive::Tar
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 7 is installed
      ovaloval:com.redhat.rhba:tst:20150364027
    • commentperl-Archive-Tar is earlier than 0:1.92-3.el7
      ovaloval:com.redhat.rhsa:tst:20192097001
    • commentperl-Archive-Tar is signed with Red Hat redhatrelease2 key
      ovaloval:com.redhat.rhsa:tst:20110558016
rhsa
idRHSA-2019:2097
released2019-08-06
severityModerate
titleRHSA-2019:2097: perl-Archive-Tar security update (Moderate)
rpmsperl-Archive-Tar-0:1.92-3.el7