Oval Definition:	oval:org.mitre.oval:def:10420
Revision Date: 2013-04-29 Version: 12 Title: Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive. Description: Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive. Family: unix Class: vulnerability Status: ACCEPTED Reference(s): CVE-2007-4131 Platform(s): CentOS Linux 4 CentOS Linux 5 Oracle Linux 4 Oracle Linux 5 Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Product(s): Definition Synopsis OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 OR CentOS Linux 4.x OR Oracle Linux 4.x AND tar is earlier than 0:1.14-12.5.1.RHEL4 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 OR The operating system installed on the system is CentOS Linux 5.x OR Oracle Linux 5.x AND tar is earlier than 2:1.15.1-23.0.1.el5
BACK