CVE-2007-4829

perl-Archive-Tar directory traversal flaws

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has ".." sequences.

Una vulnerabilidad de salto de directorio en el módulo Archive::Tar Perl versiones 1.36 y anteriores, permite a atacantes remotos asistidos por el usuario sobrescribir archivos arbitrarios por medio de un archivo TAR que contiene un archivo cuyo nombre es una ruta (path) absoluta o presenta secuencias "..”

Jonathan Smith discovered that the Archive::Tar Perl module did not correctly handle symlinks when extracting archives. If a user or automated system were tricked into opening a specially crafted tar file, a remote attacker could over-write arbitrary files. Tavis Ormandy and Will Drewry discovered that Perl did not correctly handle certain utf8 characters in regular expressions. If a user or automated system were tricked into using a specially crafted expression, a remote attacker could crash the application, leading to a denial of service. Ubuntu 8.10 was not affected by this issue. A race condition was discovered in the File::Path Perl module's rmtree function. If a local attacker successfully raced another user's call of rmtree, they could create arbitrary setuid binaries. Ubuntu 6.06 and 8.10 were not affected by this issue. A race condition was discovered in the File::Path Perl module's rmtree function. If a local attacker successfully raced another user's call of rmtree, they could delete arbitrary files. Ubuntu 6.06 was not affected by this issue.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-09-12 CVE Reserved
2007-11-02 CVE Published
2024-08-07 CVE Updated
2025-06-06 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CAPEC

References (15)

URL	Tag	Source
http://osvdb.org/40410	Broken Link
http://rt.cpan.org/Public/Bug/Display.html?id=29517	Mailing List
http://rt.cpan.org/Public/Bug/Display.html?id=30380	Mailing List
http://secunia.com/advisories/27539	Third Party Advisory
http://secunia.com/advisories/33116	Third Party Advisory
http://secunia.com/advisories/33314	Third Party Advisory
http://www.securityfocus.com/bid/26355	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/38285	Third Party Advisory
https://issues.rpath.com/browse/RPL-1716	Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11658	Signature

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://www.gentoo.org/security/en/glsa/glsa-200812-10.xml	2018-08-08
http://www.ubuntu.com/usn/usn-700-1	2018-08-08
http://www.ubuntu.com/usn/usn-700-2	2018-08-08
https://bugzilla.redhat.com/show_bug.cgi?id=295021	2010-07-01
https://access.redhat.com/security/cve/CVE-2007-4829	2010-07-01

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Archive::tar Project Search vendor "Archive::tar Project"		Archive::tar Search vendor "Archive::tar Project" for product "Archive::tar"				<= 1.36 Search vendor "Archive::tar Project" for product "Archive::tar" and version " <= 1.36"		perl		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				6.06 Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				7.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "7.10"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				8.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "8.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				8.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "8.10"		-		Affected