Bug 253856 (CVE-2007-4134)

Summary: CVE-2007-4134 star directory traversal vulnerability
Product: [Other] Security Response Reporter: Tomas Hoger <thoger>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: kreilly, mvadkert, pvrabec
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-01-07 13:01:36 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 254128, 254129, 254130, 254131, 254132, 254133, 254134    
Bug Blocks:    
Attachments:
Description Flags
Patch propsed by upstream. none

Description Tomas Hoger 2007-08-22 13:26:00 UTC 
A directory traversal vulnerability has been discovered in star.  Directory
traversal check implemented in has_dotdot() function in extract.c does not
correctly handle paths which have '/' character doubled, e.g. 'dir//..//..//'.

More info:

https://bugs.gentoo.org/show_bug.cgi?id=189690

Acknowledgements:

Red Hat would like to thank Robert Buchholz for reporting this issue.
Comment 1 Tomas Hoger 2007-08-22 13:29:21 UTC 
Created attachment 162052 [details]
Patch propsed by upstream.
Comment 6 Tomas Hoger 2007-08-30 06:58:41 UTC 
Another CVE name - CVE-2007-4558 - was assigned by Mitre to this issue on
2007-08-27.
Comment 8 Tomas Hoger 2007-08-31 07:55:27 UTC 
CVE-2007-4558 rejected as duplicate of CVE-2007-4134 on 2007-08-30.
Comment 11 Tomas Hoger 2008-01-07 13:01:36 UTC 
Fixed in all affected products:

Red Hat Enterprise Linux:  	
  http://rhn.redhat.com/errata/RHSA-2007-0873.html

Fedora:
  updated to fixed upstream version 1.5a84