CVE-2007-4829

Publication date 2 November 2007

Last updated 24 July 2024

Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has ”..” sequences.

Read the notes from the security team

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
libarchive-tar-perl	8.10 intrepid	Not in release
	8.04 LTS hardy	Fixed 1.36-1ubuntu0.1
	7.10 gutsy	Fixed 1.31-1ubuntu0.1
	7.04 feisty	Ignored end of life, was needs-triage
	6.10 edgy	Ignored end of life, was needs-triage
	6.06 LTS dapper	Fixed 1.26-2ubuntu0.1
perl	8.10 intrepid	Fixed 5.10.0-11.1ubuntu2.2
	8.04 LTS hardy	Not affected
	7.10 gutsy	Not affected
	7.04 feisty	Not affected
	6.06 LTS dapper	Not affected

Notes

kees

module 1.38 still doesn’t fully fix the issue, but 1.39_01 does.

References

Related Ubuntu Security Notices (USN)

USN-700-1
Perl vulnerabilities
24 December 2008

Other references

https://www.cve.org/CVERecord?id=CVE-2007-4829