Red Hat Bugzilla – Bug 253856
CVE-2007-4134 star directory traversal vulnerability
Last modified: 2010-02-16 00:16:44 EST
A directory traversal vulnerability has been discovered in star. Directory
traversal check implemented in has_dotdot() function in extract.c does not
correctly handle paths which have '/' character doubled, e.g. 'dir//..//..//'.
Red Hat would like to thank Robert Buchholz for reporting this issue.
Created attachment 162052 [details]
Patch propsed by upstream.
Another CVE name - CVE-2007-4558 - was assigned by Mitre to this issue on
CVE-2007-4558 rejected as duplicate of CVE-2007-4134 on 2007-08-30.
Fixed in all affected products:
Red Hat Enterprise Linux:
updated to fixed upstream version 1.5a84