Your submission was sent successfully! Close

CVE-2007-4131

Published: 25 August 2007

Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.

Priority

Unknown

Status

Package Release Status
tar
Launchpad, Ubuntu, Debian
dapper
Released (1.15.1-2ubuntu2.2)
edgy
Released (1.15.91-2ubuntu0.4)
feisty
Released (1.16-2ubuntu0.1)
upstream Needs triage