CVE-2018-12015
perl: Directory traversal in Archive::Tar
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
En Perl hasta la versión 5.26.2, el módulo Archive::Tar permite que atacantes remotos omitan un mecanismo de protección de salto de directorio y sobrescriban archivos arbitrarios mediante un archivo comprimido que contiene un symlink y un archivo normal con el mismo nombre.
It was found that the Archive::Tar module did not properly sanitize symbolic links when extracting tar archives. An attacker, able to provide a specially crafted archive for processing, could use this flaw to write or overwrite arbitrary files in the context of the Perl interpreter.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-06-07 CVE Reserved
- 2018-06-07 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2024-09-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- CWE-59: Improper Link Resolution Before File Access ('Link Following')
CAPEC
References (14)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/fulldisclosure/2019/Mar/49 | Mailing List |
|
| http://www.securityfocus.com/bid/104423 | Third Party Advisory | |
| http://www.securitytracker.com/id/1041048 | Third Party Advisory | |
| https://seclists.org/bugtraq/2019/Mar/42 | Mailing List |
|
| https://support.apple.com/kb/HT209600 | Third Party Advisory |
|
| https://www.oracle.com/security-alerts/cpujul2020.html | X_refsource_misc |
|
| URL | Date | SRC |
|---|---|---|
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900834 | 2024-08-05 |
| URL | Date | SRC |
|---|---|---|
| https://security.netapp.com/advisory/ntap-20180927-0001 | 2020-08-24 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2019:2097 | 2020-08-24 | |
| https://usn.ubuntu.com/3684-1 | 2020-08-24 | |
| https://usn.ubuntu.com/3684-2 | 2020-08-24 | |
| https://www.debian.org/security/2018/dsa-4226 | 2020-08-24 | |
| https://access.redhat.com/security/cve/CVE-2018-12015 | 2019-08-06 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1588760 | 2019-08-06 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 17.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "17.10" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | <= 5.26.2 Search vendor "Perl" for product "Perl" and version " <= 5.26.2" | - |
Affected
| ||||||
| Archive::tar Project Search vendor "Archive::tar Project" | Archive::tar Search vendor "Archive::tar Project" for product "Archive::tar" | <= 2.28 Search vendor "Archive::tar Project" for product "Archive::tar" and version " <= 2.28" | perl |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | < 10.14.4 Search vendor "Apple" for product "Mac Os X" and version " < 10.14.4" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Data Ontap Edge Search vendor "Netapp" for product "Data Ontap Edge" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Oncommand Workflow Automation Search vendor "Netapp" for product "Oncommand Workflow Automation" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Snap Creator Framework Search vendor "Netapp" for product "Snap Creator Framework" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Snapdrive Search vendor "Netapp" for product "Snapdrive" | - | unix |
Affected
| ||||||