CVE-2007-4134

Publication date 30 August 2007

Last updated 17 July 2025


Ubuntu priority

Description

Directory traversal vulnerability in extract.c in star before 1.5a84 allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.

Status

Package Ubuntu Release Status
star 9.10 karmic
Fixed 1.5a67-1.1ubuntu1
9.04 jaunty
Fixed 1.5a67-1.1ubuntu1
8.10 intrepid
Fixed 1.5a67-1.1ubuntu1
8.04 LTS hardy
Fixed 1.5a67-1.1ubuntu1
7.10 gutsy
Fixed 1.5a67-1.1ubuntu1
7.04 feisty Ignored end of life, was needed
6.10 edgy Ignored end of life, was needed
6.06 LTS dapper Ignored end of life


Access our resources on patching vulnerabilities