REDHAT-BUG-295021
First published: Tue Sep 18 2007(Updated: )
Directory traversal vulnerability in Archive::Tar perl module allows user-assisted remote attackers to overwrite arbitrary files writable by user running application using this module via an absolute path or a .. (dot dot) sequence in filenames in a TAR archive. Similar issues were reported and fixed for GNU tar during past several years, e.g.: <a href="https://access.redhat.com/security/cve/CVE-2001-1267">CVE-2001-1267</a>, <a href="https://access.redhat.com/security/cve/CVE-2002-0399">CVE-2002-0399</a>, <a href="https://access.redhat.com/security/cve/CVE-2002-1216">CVE-2002-1216</a> and <a href="https://access.redhat.com/security/cve/CVE-2007-4131">CVE-2007-4131</a>. This issue is important when this module is used to extract tar archives from untrusted sources. However, some of such applications either implement workarounds / own checks (sa-update in spamassassin) or dropped module support at all (amavisd-new).
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PEAR Archive_Tar |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/cve/CVE-2001-1267
- https://access.redhat.com/security/cve/CVE-2002-0399
- https://access.redhat.com/security/cve/CVE-2002-1216
- https://access.redhat.com/security/cve/CVE-2007-4131
- http://rt.cpan.org/Public/Bug/Display.html?id=29517
- http://marc.info/?l=bugtraq&m=90674255917321
- http://rt.cpan.org/Ticket/Display.html?id=30380#txn-436899
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=295021#c12
- http://admin.fedoraproject.org/updates/perl-5.10.0-52.fc10
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=514322
- https://www.redhat.com/security/data/cve/CVE-2007-4829.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=295021#c16
- https://rhn.redhat.com/errata/RHSA-2010-0505.html
- https://bugzilla.redhat.com/show_bug.cgi?id=295021
Frequently Asked Questions
What is the severity of REDHAT-BUG-295021?
The severity of REDHAT-BUG-295021 is considered high due to the potential for remote attackers to overwrite arbitrary files.
How do I fix REDHAT-BUG-295021?
To fix REDHAT-BUG-295021, update the Archive::Tar module to the latest version that addresses this vulnerability.
Who is affected by REDHAT-BUG-295021?
Users running applications that utilize the Archive::Tar module in Perl are affected by REDHAT-BUG-295021.
What exploit methods are used in REDHAT-BUG-295021?
Attackers can exploit REDHAT-BUG-295021 by using absolute paths or dot dot sequences in filenames within a TAR archive.
Are there any workarounds for REDHAT-BUG-295021?
A possible workaround for REDHAT-BUG-295021 is to restrict the file permissions to prevent the application from overwriting critical files.
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2007-4829
- agent/severity
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/perl
- canonical/pear archive_tar