CVE-2007-4131

Description

Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.

How to fix CVE-2007-4131

To remediate CVE-2007-4131, upgrade the affected package to a fixed version below.

• Debian/tar—upgrade to 1.18-2 or later
• Debian/tar—upgrade to 1.16-2etch1 or later

Is CVE-2007-4131 being exploited?

Moderate — EPSS is 8.4%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

• from 0, < 1.18-2
• from 0, < 1.16-2etch1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2007-4131