CVE-2007-4131

Impact:
Moderate
Public Date:
2007-08-12
Bugzilla:
251921: CVE-2007-4131 tar directory traversal vulnerability

The MITRE CVE dictionary describes this issue as:

Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.

Find out more about CVE-2007-4131 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 4 (tar) RHSA-2007:0860 2007-08-23
Red Hat Enterprise Linux 5 (tar) RHSA-2007:0860 2007-08-23

Acknowledgements

Red Hat would like to thank Dmitry V. Levin for reporting this issue.
Last Modified

CVE description copyright © 2017, The MITRE Corporation