Bug 253856 (CVE-2007-4134) - CVE-2007-4134 star directory traversal vulnerability
Summary: CVE-2007-4134 star directory traversal vulnerability
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2007-4134
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 254128 254129 254130 254131 254132 254133 254134
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-08-22 13:26 UTC by Tomas Hoger
Modified: 2023-05-11 12:47 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2008-01-07 13:01:36 UTC
Embargoed:

Attachments (Terms of Use)
Patch propsed by upstream. (278 bytes, patch)
2007-08-22 13:29 UTC, Tomas Hoger 		no flags Details | Diff
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2007:0873 0 normal SHIPPED_LIVE Moderate: star security update 2008-01-08 00:04:31 UTC

Description Tomas Hoger 2007-08-22 13:26:00 UTC 
A directory traversal vulnerability has been discovered in star.  Directory
traversal check implemented in has_dotdot() function in extract.c does not
correctly handle paths which have '/' character doubled, e.g. 'dir//..//..//'.

More info:

https://bugs.gentoo.org/show_bug.cgi?id=189690

Acknowledgements:

Red Hat would like to thank Robert Buchholz for reporting this issue.
Comment 1 Tomas Hoger 2007-08-22 13:29:21 UTC 
Created attachment 162052 [details]
Patch propsed by upstream.
Comment 6 Tomas Hoger 2007-08-30 06:58:41 UTC 
Another CVE name - CVE-2007-4558 - was assigned by Mitre to this issue on
2007-08-27.
Comment 8 Tomas Hoger 2007-08-31 07:55:27 UTC 
CVE-2007-4558 rejected as duplicate of CVE-2007-4134 on 2007-08-30.
Comment 11 Tomas Hoger 2008-01-07 13:01:36 UTC 
Fixed in all affected products:

Red Hat Enterprise Linux:  	
  http://rhn.redhat.com/errata/RHSA-2007-0873.html

Fedora:
  updated to fixed upstream version 1.5a84
Note You need to log in before you can comment on or make changes to this bug.