Red Hat Bugzilla – Bug 251921
CVE-2007-4131 tar directory traversal vulnerability
Last modified: 2010-02-16 00:09:30 EST
Directory traversal vulnerability was discovered in GNU tar. Vulnerability can
be exploited by specially crafted tar archive to overwrite arbitrary file
writable by user running tar. Problem occurs in contains_dot_dot function,
which does not properly check names of directory symlinks.
Red Hat would like to thank Dmitry V. Levin for reporting this issue.
Created attachment 161175 [details]
Patch by Dmitry V. Levin used by Owl.
Patch is in upstream cvs, embargo removed.
This issue did not affect tar packages as distributed with Red Hat
Enterprise Linux 2.1 or 3.
Issue fixed on all supported platforms, closing Security Response bug.