CVE-2007-4476: Buffer Overflow
First published: Fri Aug 17 2007(Updated: )
Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/tar | <0:1.14-13.el4_8.1 | 0:1.14-13.el4_8.1 |
| redhat/tar | <2:1.15.1-23.0.1.el5_4.2 | 2:1.15.1-23.0.1.el5_4.2 |
| redhat/cpio | <0:2.6-23.el5_4.1 | 0:2.6-23.el5_4.1 |
| Ubuntu tar | <1.19 | |
| Debian | =3.1 | |
| Debian | =4.0 | |
| Ubuntu Linux | =7.04 | |
| Ubuntu Linux | =7.10 | |
| Ubuntu Linux | =6.06 | |
| Ubuntu | =6.06 | |
| Ubuntu | =7.04 | |
| Ubuntu | =7.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.novell.com/linux/security/advisories/2007_18_sr.html
- http://secunia.com/advisories/26674
- https://issues.rpath.com/browse/RPL-1861
- https://bugzilla.redhat.com/show_bug.cgi?id=280961
- http://bugs.gentoo.org/show_bug.cgi?id=196978
- https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00370.html
- https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00073.html
- http://security.gentoo.org/glsa/glsa-200711-18.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:197
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:233
- http://www.novell.com/linux/security/advisories/2007_19_sr.html
- http://www.securityfocus.com/bid/26445
- http://secunia.com/advisories/26987
- http://secunia.com/advisories/27331
- http://secunia.com/advisories/27453
- http://secunia.com/advisories/27514
- http://secunia.com/advisories/27681
- http://secunia.com/advisories/27857
- http://www.debian.org/security/2007/dsa-1438
- http://secunia.com/advisories/28255
- http://www.debian.org/security/2008/dsa-1566
- http://secunia.com/advisories/29968
- http://www.ubuntu.com/usn/usn-709-1
- http://secunia.com/advisories/33567
- http://www.ubuntu.com/usn/usn-650-1
- http://secunia.com/advisories/32051
- http://www.redhat.com/support/errata/RHSA-2010-0141.html
- http://www.redhat.com/support/errata/RHSA-2010-0144.html
- http://www.vupen.com/english/advisories/2010/0629
- http://www.vupen.com/english/advisories/2010/0628
- http://secunia.com/advisories/39008
- http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021680.1-1
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9336
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8599
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7114
- https://access.redhat.com/security/cve/CVE-2007-4476
- http://lists.gnu.org/archive/html/bug-cpio/2007-08/msg00002.html
- http://cvs.savannah.gnu.org/viewvc/paxutils/paxutils/paxlib/names.c?r1=1.2&r2=1.4
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=236281&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=236281&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=280961#c1
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=245931&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=245931&action=edit
- https://rhn.redhat.com/errata/RHSA-2010-0141.html
- https://rhn.redhat.com/errata/RHSA-2010-0144.html
- https://www.cve.org/CVERecord?id=CVE-2007-4476 https://nvd.nist.gov/vuln/detail/CVE-2007-4476
- https://access.redhat.com/errata/RHSA-2010:0141
- https://access.redhat.com/errata/RHSA-2010:0144
- https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4476.json
Frequently Asked Questions
What is the severity of CVE-2007-4476?
CVE-2007-4476 is considered a high severity vulnerability due to the potential for buffer overflow leading to crashes.
How do I fix CVE-2007-4476?
To fix CVE-2007-4476, update to the recommended versions of the GNU tar or cpio packages as specified by your software provider.
What systems are affected by CVE-2007-4476?
CVE-2007-4476 affects various versions of GNU tar, Debian Linux 3.1 and 4.0, and Ubuntu Linux 6.06, 7.04, and 7.10.
What type of vulnerability is CVE-2007-4476?
CVE-2007-4476 is a buffer overflow vulnerability that occurs within the safer_name_suffix function of GNU tar.
What are the potential impacts of CVE-2007-4476?
The potential impacts of CVE-2007-4476 include application crashes and the possibility of executing arbitrary code.
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2007-4476
- agent/references
- agent/author
- agent/severity
- agent/description
- agent/remedy
- collector/redhat-cve
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- agent/weakness
- collector/nvd-historical
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- package-manager/redhat
- vendor/gnu
- canonical/ubuntu tar
- vendor/debian
- canonical/debian
- version/debian/3.1
- version/debian/4.0
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/7.04
- version/ubuntu linux/7.10
- version/ubuntu linux/6.06
- canonical/ubuntu
- version/ubuntu/6.06
- version/ubuntu/7.04
- version/ubuntu/7.10