FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gtar -- Directory traversal vulnerability

Affected packages
gtar < 1.18_1

Details

VuXML ID d944719e-42f4-4864-89ed-f045b541919f
Discovery 2007-08-23
Entry 2007-09-01

Red Hat reports:

A path traversal flaw was discovered in the way GNU tar extracted archives. A malicious user could create a tar archive that could write to arbitrary files to which the user running GNU tar had write access.

Red Hat credits Dmitry V. Levin for reporting the issue.

References

Bugtraq ID 25417
CVE Name CVE-2007-4131
URL http://rhn.redhat.com/errata/RHSA-2007-0860.html
URL https://bugzilla.redhat.com/show_bug.cgi?id=251921