CVE-2007-4134
CVE-2007-4134
Directory traversal vulnerability in extract.c in star before 1.5a84 allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.
Produtos afetados
n/a · n/aQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
ftp://ftp.berlios.de/pub/star/alpha/AN-1.5a84ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.aschttps://bugs.gentoo.org/show_bug.cgi?id=189690http://secunia.com/advisories/26626http://secunia.com/advisories/26672http://secunia.com/advisories/26673http://secunia.com/advisories/26857http://secunia.com/advisories/27318http://secunia.com/advisories/27544http://securitytracker.com/id?1018646https://issues.rpath.com/browse/RPL-1669https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11098