CVE-2007-4829 — MEDIUM (6.8)

Q: How severe is CVE-2007-4829?

CVE-2007-4829 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2007-4829?

Check the references section above for vendor advisories and patch information. Affected products include: Archive\ \, Canonical Ubuntu Linux.

Vulnerability Description

Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has ".." sequences.

CVSS Score

6.8

MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Archive\	\	<= 1.36, tar_project
Canonical	Ubuntu Linux	6.06

Related Weaknesses (CWE)

CWE-22

References

http://osvdb.org/40410Broken Link
http://rt.cpan.org/Public/Bug/Display.html?id=29517Mailing ListThird Party Advisory
http://rt.cpan.org/Public/Bug/Display.html?id=30380Mailing ListThird Party Advisory
http://secunia.com/advisories/27539Third Party Advisory
http://secunia.com/advisories/33116Third Party Advisory
http://secunia.com/advisories/33314Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200812-10.xmlThird Party Advisory
http://www.securityfocus.com/bid/26355Third Party AdvisoryVDB Entry
http://www.ubuntu.com/usn/usn-700-1Third Party Advisory
http://www.ubuntu.com/usn/usn-700-2Third Party Advisory
http://www.vupen.com/english/advisories/2007/3755Permissions Required
https://bugzilla.redhat.com/show_bug.cgi?id=295021Issue TrackingThird Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/38285Third Party AdvisoryVDB Entry
https://issues.rpath.com/browse/RPL-1716Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Third Party Advisory

FAQ

What is CVE-2007-4829?

CVE-2007-4829 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name ...

How severe is CVE-2007-4829?

CVE-2007-4829 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-4829?

Check the references section above for vendor advisories and patch information. Affected products include: Archive\ \, Canonical Ubuntu Linux.