CVE-2018-12015

perl: Directory traversal in Archive::Tar

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

En Perl hasta la versión 5.26.2, el módulo Archive::Tar permite que atacantes remotos omitan un mecanismo de protección de salto de directorio y sobrescriban archivos arbitrarios mediante un archivo comprimido que contiene un symlink y un archivo normal con el mismo nombre.

It was found that the Archive::Tar module did not properly sanitize symbolic links when extracting tar archives. An attacker, able to provide a specially crafted archive for processing, could use this flaw to write or overwrite arbitrary files in the context of the Perl interpreter.

USN-3684-1 fixed a vulnerability in perl. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Perl incorrectly handled certain archive files. An attacker could possibly use this to overwrite arbitrary files.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

Low

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2018-06-07 CVE Reserved
2018-06-07 CVE Published
2024-08-05 CVE Updated
2024-08-05 First Exploit
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-59: Improper Link Resolution Before File Access ('Link Following')

CAPEC

References (14)

URL	Tag	Source
http://seclists.org/fulldisclosure/2019/Mar/49	Mailing List
http://www.securityfocus.com/bid/104423	Third Party Advisory
http://www.securitytracker.com/id/1041048	Third Party Advisory
https://seclists.org/bugtraq/2019/Mar/42	Mailing List
https://support.apple.com/kb/HT209600	Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html	X_refsource_misc

URL	Date	SRC
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900834	2024-08-05

URL	Date	SRC
https://security.netapp.com/advisory/ntap-20180927-0001	2020-08-24

URL	Date	SRC
https://access.redhat.com/errata/RHSA-2019:2097	2020-08-24
https://usn.ubuntu.com/3684-1	2020-08-24
https://usn.ubuntu.com/3684-2	2020-08-24
https://www.debian.org/security/2018/dsa-4226	2020-08-24
https://access.redhat.com/security/cve/CVE-2018-12015	2019-08-06
https://bugzilla.redhat.com/show_bug.cgi?id=1588760	2019-08-06

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				17.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "17.10"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04"		lts		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0"		-		Affected
Perl Search vendor "Perl"		Perl Search vendor "Perl" for product "Perl"				<= 5.26.2 Search vendor "Perl" for product "Perl" and version " <= 5.26.2"		-		Affected
Archive::tar Project Search vendor "Archive::tar Project"		Archive::tar Search vendor "Archive::tar Project" for product "Archive::tar"				<= 2.28 Search vendor "Archive::tar Project" for product "Archive::tar" and version " <= 2.28"		perl		Affected
Apple Search vendor "Apple"		Mac Os X Search vendor "Apple" for product "Mac Os X"				< 10.14.4 Search vendor "Apple" for product "Mac Os X" and version " < 10.14.4"		-		Affected
Netapp Search vendor "Netapp"		Data Ontap Edge Search vendor "Netapp" for product "Data Ontap Edge"				-		-		Affected
Netapp Search vendor "Netapp"		Oncommand Workflow Automation Search vendor "Netapp" for product "Oncommand Workflow Automation"				-		-		Affected
Netapp Search vendor "Netapp"		Snap Creator Framework Search vendor "Netapp" for product "Snap Creator Framework"				-		-		Affected
Netapp Search vendor "Netapp"		Snapdrive Search vendor "Netapp" for product "Snapdrive"				-		unix		Affected