CVE-2007-4476

GNU TAR 1.15.91 / CPIO 2.5.90 - 'safer_name_suffix' Remote Denial of Service

Severity Score

10.0

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."

Desbordamiento de búfer en la función safer_name_suffix en GNU tar tienen un vector de ataque sin especificar y un impacto, teniendo como resultado una "caida de pila".

Buffer overflow in the safer_name_suffix function in GNU cpio has unspecified attack vectors and impact, resulting in a crashing stack. This problem is originally found in tar, but affects cpio too, due to similar code fragments. Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file. This is an old issue, affecting only Mandriva Corporate Server 4 and Mandriva Linux 2007.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-08-22 CVE Reserved
2007-09-05 CVE Published
2017-11-14 First Exploit
2024-08-07 CVE Updated
2025-05-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (37)

URL	Tag	Source
http://bugs.gentoo.org/show_bug.cgi?id=196978	Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691	Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705	Third Party Advisory
http://secunia.com/advisories/26987	Third Party Advisory
http://secunia.com/advisories/27331	Third Party Advisory
http://secunia.com/advisories/27453	Third Party Advisory
http://secunia.com/advisories/27514	Third Party Advisory
http://secunia.com/advisories/27681	Third Party Advisory
http://secunia.com/advisories/27857	Third Party Advisory
http://secunia.com/advisories/28255	Third Party Advisory
http://secunia.com/advisories/29968	Third Party Advisory
http://secunia.com/advisories/32051	Third Party Advisory
http://secunia.com/advisories/33567	Third Party Advisory
http://secunia.com/advisories/39008	Third Party Advisory
http://www.securityfocus.com/bid/26445	Third Party Advisory
https://issues.rpath.com/browse/RPL-1861	Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7114	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8599	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9336	Signature

URL	Date	SRC
https://www.exploit-db.com/exploits/30766	2017-11-14

URL	Date	SRC
http://secunia.com/advisories/26674	2021-05-17

URL	Date	SRC
http://security.gentoo.org/glsa/glsa-200711-18.xml	2021-05-17
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021680.1-1	2021-05-17
http://www.debian.org/security/2007/dsa-1438	2021-05-17
http://www.debian.org/security/2008/dsa-1566	2021-05-17
http://www.mandriva.com/security/advisories?name=MDKSA-2007:197	2021-05-17
http://www.mandriva.com/security/advisories?name=MDKSA-2007:233	2021-05-17
http://www.novell.com/linux/security/advisories/2007_18_sr.html	2021-05-17
http://www.novell.com/linux/security/advisories/2007_19_sr.html	2021-05-17
http://www.redhat.com/support/errata/RHSA-2010-0141.html	2021-05-17
http://www.redhat.com/support/errata/RHSA-2010-0144.html	2021-05-17
http://www.ubuntu.com/usn/usn-650-1	2021-05-17
http://www.ubuntu.com/usn/usn-709-1	2021-05-17
https://bugzilla.redhat.com/show_bug.cgi?id=280961	2010-03-16
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00073.html	2021-05-17
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00370.html	2021-05-17
https://access.redhat.com/security/cve/CVE-2007-4476	2010-03-16

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Gnu Search vendor "Gnu"		Tar Search vendor "Gnu" for product "Tar"				< 1.19 Search vendor "Gnu" for product "Tar" and version " < 1.19"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				3.1 Search vendor "Debian" for product "Debian Linux" and version "3.1"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				4.0 Search vendor "Debian" for product "Debian Linux" and version "4.0"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				6.06 Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				7.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "7.04"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				7.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "7.10"		-		Affected