Executive Summary

Summary
Title Sun Alert 273551 Two Security Vulnerabilities in GNU tar (see gtar(1)) May Lead to Files Being Overwritten, Execution of Arbitrary Code, or a Denial of Service (DoS)
Informations
Name SUN-273551 First vendor Publication 2009-12-02
Vendor Sun Last vendor Modification 2010-03-23
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Solaris 9, Solaris 10, OpenSolaris

Two security vulnerabilities have been found in the GNU tar gtar(1)archiving program bundled with Solaris 9, Solaris 10 and OpenSolaris.

The first issue is a directory traversal vulnerability that may allow a local or remote unprivileged user who provides a specially crafted archive to overwrite arbitrary files which the user executing gtar(1) has permission to modify.

The second issue is a buffer overflow which may allow a local or remote unprivileged user who provides a specially crafted tar archive to execute arbitrary commands with the privileges of the user executing gtar(1) or to cause gtar(1) to crash.  The ability to cause a program crash is a type of Denial of Service (DoS).

Additional information regarding these issues is available at:
State: Resolved
First released: 02-Dec-2009

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_273551_two_security

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10420
 
Oval ID: oval:org.mitre.oval:def:10420
Title: Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.
Description: Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.
Family: unix Class: vulnerability
Reference(s): CVE-2007-4131
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13929
 
Oval ID: oval:org.mitre.oval:def:13929
Title: USN-709-1 -- tar vulnerability
Description: Dmitry V. Levin discovered a buffer overflow in tar. If a user or automated system were tricked into opening a specially crafted tar file, an attacker could crash tar or possibly execute arbitrary code with the privileges of the user invoking the program.
Family: unix Class: patch
Reference(s): USN-709-1
CVE-2007-4476
Version: 5
Platform(s): Ubuntu 7.10
Ubuntu 6.06
Product(s): tar
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17510
 
Oval ID: oval:org.mitre.oval:def:17510
Title: USN-506-1 -- tar vulnerability
Description: Dmitry V. Levin discovered that tar did not correctly detect the ".." file path element when unpacking archives.
Family: unix Class: patch
Reference(s): USN-506-1
CVE-2007-4131
Version: 7
Platform(s): Ubuntu 6.06
Ubuntu 6.10
Ubuntu 7.04
Product(s): tar
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17789
 
Oval ID: oval:org.mitre.oval:def:17789
Title: USN-650-1 -- cpio vulnerability
Description: A buffer overflow was discovered in cpio.
Family: unix Class: patch
Reference(s): USN-650-1
CVE-2007-4476
Version: 7
Platform(s): Ubuntu 6.06
Ubuntu 7.04
Ubuntu 7.10
Product(s): cpio
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18211
 
Oval ID: oval:org.mitre.oval:def:18211
Title: DSA-1566-1 cpio - programming error
Description: Dmitry Levin discovered a vulnerability in path handling code used by the cpio archive utility. The weakness could enable a denial of service (crash) or potentially the execution of arbitrary code if a vulnerable version of cpio is used to extract or to list the contents of a maliciously crafted archive.
Family: unix Class: patch
Reference(s): DSA-1566-1
CVE-2007-4476
Version: 7
Platform(s): Debian GNU/Linux 4.0
Product(s): cpio
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20059
 
Oval ID: oval:org.mitre.oval:def:20059
Title: DSA-1438-1 tar
Description: Several vulnerabilities have been discovered in GNU Tar.
Family: unix Class: patch
Reference(s): DSA-1438-1
CVE-2007-4131
CVE-2007-4476
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): tar
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22513
 
Oval ID: oval:org.mitre.oval:def:22513
Title: ELSA-2007:0860: tar security update (Moderate)
Description: Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.
Family: unix Class: patch
Reference(s): ELSA-2007:0860-02
CVE-2007-4131
Version: 6
Platform(s): Oracle Linux 5
Product(s): tar
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7114
 
Oval ID: oval:org.mitre.oval:def:7114
Title: VMware ESX,Service Console update for cpio and tar.
Description: Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."
Family: unix Class: vulnerability
Reference(s): CVE-2007-4476
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7779
 
Oval ID: oval:org.mitre.oval:def:7779
Title: Security Vulnerabilities in GNU tar (see gtar(1)) May Lead to Files Being Overwritten, Execution of Arbitrary Code, or a Denial of Service (DoS)
Description: Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.
Family: unix Class: vulnerability
Reference(s): CVE-2007-4131
Version: 2
Platform(s): Sun Solaris 9
Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8098
 
Oval ID: oval:org.mitre.oval:def:8098
Title: DSA-1566 cpio -- programming error
Description: Dmitry Levin discovered a vulnerability in path handling code used by the cpio archive utility. The weakness could enable a denial of service (crash) or potentially the execution of arbitrary code if a vulnerable version of cpio is used to extract or to list the contents of a maliciously crafted archive.
Family: unix Class: patch
Reference(s): DSA-1566
CVE-2007-4476
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): cpio
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8599
 
Oval ID: oval:org.mitre.oval:def:8599
Title: Security Vulnerabilities in GNU tar (see gtar(1)) May Lead to Files Being Overwritten, Execution of Arbitrary Code, or a Denial of Service (DoS)
Description: Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."
Family: unix Class: vulnerability
Reference(s): CVE-2007-4476
Version: 2
Platform(s): Sun Solaris 9
Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9336
 
Oval ID: oval:org.mitre.oval:def:9336
Title: Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."
Description: Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."
Family: unix Class: vulnerability
Reference(s): CVE-2007-4476
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 21
Os 3
Os 2

OpenVAS Exploits

Date Description
2011-08-09 Name : CentOS Update for cpio CESA-2010:0144 centos5 i386
File : nvt/gb_CESA-2010_0144_cpio_centos5_i386.nasl
2011-08-09 Name : CentOS Update for tar CESA-2010:0141 centos5 i386
File : nvt/gb_CESA-2010_0141_tar_centos5_i386.nasl
2010-05-12 Name : Mac OS X Security Update 2007-009
File : nvt/macosx_secupd_2007-009.nasl
2010-03-22 Name : RedHat Update for tar RHSA-2010:0141-01
File : nvt/gb_RHSA-2010_0141-01_tar.nasl
2010-03-22 Name : RedHat Update for cpio RHSA-2010:0144-01
File : nvt/gb_RHSA-2010_0144-01_cpio.nasl
2010-03-22 Name : CentOS Update for tar CESA-2010:0141 centos4 i386
File : nvt/gb_CESA-2010_0141_tar_centos4_i386.nasl
2009-10-13 Name : SLES10: Security update for star
File : nvt/sles10_star.nasl
2009-10-10 Name : SLES9: Security update for tar
File : nvt/sles9p5012056.nasl
2009-10-10 Name : SLES9: Security update for cpio
File : nvt/sles9p5013486.nasl
2009-06-05 Name : Ubuntu USN-707-1 (cupsys)
File : nvt/ubuntu_707_1.nasl
2009-04-09 Name : Mandriva Update for cpio MDKSA-2007:233 (cpio)
File : nvt/gb_mandriva_MDKSA_2007_233.nasl
2009-04-09 Name : Mandriva Update for tar MDKSA-2007:197 (tar)
File : nvt/gb_mandriva_MDKSA_2007_197.nasl
2009-04-09 Name : Mandriva Update for tar MDKSA-2007:173 (tar)
File : nvt/gb_mandriva_MDKSA_2007_173.nasl
2009-03-23 Name : Ubuntu Update for cpio vulnerability USN-650-1
File : nvt/gb_ubuntu_USN_650_1.nasl
2009-03-23 Name : Ubuntu Update for tar vulnerability USN-506-1
File : nvt/gb_ubuntu_USN_506_1.nasl
2009-02-27 Name : Fedora Update for cpio FEDORA-2007-2744
File : nvt/gb_fedora_2007_2744_cpio_fc7.nasl
2009-02-27 Name : Fedora Update for cpio FEDORA-2007-742
File : nvt/gb_fedora_2007_742_cpio_fc6.nasl
2009-02-27 Name : Fedora Update for tar FEDORA-2007-735
File : nvt/gb_fedora_2007_735_tar_fc6.nasl
2009-02-27 Name : Fedora Update for tar FEDORA-2007-683
File : nvt/gb_fedora_2007_683_tar_fc6.nasl
2009-02-27 Name : Fedora Update for cpio FEDORA-2007-2827
File : nvt/gb_fedora_2007_2827_cpio_fc8.nasl
2009-02-27 Name : Fedora Update for tar FEDORA-2007-2800
File : nvt/gb_fedora_2007_2800_tar_fc8.nasl
2009-02-27 Name : Fedora Update for tar FEDORA-2007-2673
File : nvt/gb_fedora_2007_2673_tar_fc7.nasl
2009-02-27 Name : Fedora Update for tar FEDORA-2007-1890
File : nvt/gb_fedora_2007_1890_tar_fc7.nasl
2009-01-20 Name : Ubuntu USN-709-1 (tar)
File : nvt/ubuntu_709_1.nasl
2009-01-20 Name : Ubuntu USN-708-1 (hplip)
File : nvt/ubuntu_708_1.nasl
2009-01-20 Name : FreeBSD Ports: gtar
File : nvt/freebsd_gtar2.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200711-18 (cpio)
File : nvt/glsa_200711_18.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200709-09 (tar)
File : nvt/glsa_200709_09.nasl
2008-09-04 Name : FreeBSD Security Advisory (FreeBSD-SA-07:10.gtar.asc)
File : nvt/freebsdsa_gtar1.nasl
2008-09-04 Name : FreeBSD Ports: gtar
File : nvt/freebsd_gtar1.nasl
2008-05-12 Name : Debian Security Advisory DSA 1566-1 (cpio)
File : nvt/deb_1566_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1438-1 (tar)
File : nvt/deb_1438_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
42149 GNU tar safer_name_suffix Function Unspecified Overflow

38183 GNU tar src/names.c contains_dot_dot Function Traversal Arbitrary File Overwrite

Information Assurance Vulnerability Management (IAVM)

Date Description
2015-07-16 IAVM : 2015-A-0150 - Multiple Security Vulnerabilities in Juniper Networks CTPView
Severity : Category I - VMSKEY : V0061073

Nessus® Vulnerability Scanner

Date Description
2016-03-08 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2010-0013_remote.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2007-0860.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2010-0144.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2010-0141.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20100315_tar_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20100315_cpio_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20070823_tar_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2010-09-02 Name : The remote VMware ESX host is missing one or more security-related patches.
File : vmware_VMSA-2010-0013.nasl - Type : ACT_GATHER_INFO
2010-05-11 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0144.nasl - Type : ACT_GATHER_INFO
2010-05-11 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0141.nasl - Type : ACT_GATHER_INFO
2010-03-17 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2010-0144.nasl - Type : ACT_GATHER_INFO
2010-03-17 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2010-0141.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_11723.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-709-1.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-650-1.nasl - Type : ACT_GATHER_INFO
2009-01-19 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_0809ce7df67249249b3b7c74bc279b83.nasl - Type : ACT_GATHER_INFO
2008-05-09 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1566.nasl - Type : ACT_GATHER_INFO
2007-12-31 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1438.nasl - Type : ACT_GATHER_INFO
2007-12-18 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2007-009.nasl - Type : ACT_GATHER_INFO
2007-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_tar-4125.nasl - Type : ACT_GATHER_INFO
2007-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_star-4174.nasl - Type : ACT_GATHER_INFO
2007-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_cpio-4184.nasl - Type : ACT_GATHER_INFO
2007-11-29 Name : The remote Mandrake Linux host is missing a security update.
File : mandrake_MDKSA-2007-233.nasl - Type : ACT_GATHER_INFO
2007-11-15 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200711-18.nasl - Type : ACT_GATHER_INFO
2007-11-10 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-506-1.nasl - Type : ACT_GATHER_INFO
2007-11-07 Name : The remote Fedora host is missing a security update.
File : fedora_2007-2827.nasl - Type : ACT_GATHER_INFO
2007-11-07 Name : The remote Fedora host is missing a security update.
File : fedora_2007-2800.nasl - Type : ACT_GATHER_INFO
2007-11-06 Name : The remote Fedora Core host is missing a security update.
File : fedora_2007-742.nasl - Type : ACT_GATHER_INFO
2007-11-06 Name : The remote Fedora host is missing a security update.
File : fedora_2007-2744.nasl - Type : ACT_GATHER_INFO
2007-11-06 Name : The remote Fedora Core host is missing a security update.
File : fedora_2007-735.nasl - Type : ACT_GATHER_INFO
2007-11-06 Name : The remote Fedora host is missing a security update.
File : fedora_2007-2673.nasl - Type : ACT_GATHER_INFO
2007-11-06 Name : The remote Fedora host is missing a security update.
File : fedora_2007-1890.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_cpio-4180.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_star-4173.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_tar-4124.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote Mandrake Linux host is missing a security update.
File : mandrake_MDKSA-2007-197.nasl - Type : ACT_GATHER_INFO
2007-09-24 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200709-09.nasl - Type : ACT_GATHER_INFO
2007-09-05 Name : The remote Fedora Core host is missing a security update.
File : fedora_2007-683.nasl - Type : ACT_GATHER_INFO
2007-09-05 Name : The remote Mandrake Linux host is missing a security update.
File : mandrake_MDKSA-2007-173.nasl - Type : ACT_GATHER_INFO
2007-09-03 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_d944719e42f4486489edf045b541919f.nasl - Type : ACT_GATHER_INFO
2007-08-28 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2007-0860.nasl - Type : ACT_GATHER_INFO
2007-08-28 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2007-0860.nasl - Type : ACT_GATHER_INFO