{"api_version":"1","generated_at":"2026-04-22T23:29:23+00:00","cve":"CVE-2007-4131","urls":{"html":"https://cve.report/CVE-2007-4131","api":"https://cve.report/api/cve/CVE-2007-4131.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2007-4131","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2007-4131"},"summary":{"title":"CVE-2007-4131","description":"Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2007-08-25 00:17:00","updated_at":"2018-10-15 21:33:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"http://secunia.com/advisories/27861","name":"27861","refsource":"SECUNIA","tags":[],"title":"FreeBSD update for gtar - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.redhat.com/support/errata/RHSA-2007-0860.html","name":"RHSA-2007:0860","refsource":"REDHAT","tags":["Patch"],"title":"rhn.redhat.com | Red Hat Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10420","name":"oval:org.mitre.oval:def:10420","refsource":"OVAL","tags":[],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.mandriva.com/security/advisories?name=MDKSA-2007:173","name":"MDKSA-2007:173","refsource":"MANDRIVA","tags":[],"title":"Advisories | Mandriva","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/26781","name":"26781","refsource":"SECUNIA","tags":[],"title":"Gentoo update for tar - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/28136","name":"28136","refsource":"SECUNIA","tags":[],"title":"Apple Mac OS X Security Update Fixes Multiple Vulnerabilities - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.trustix.org/errata/2007/0026/","name":"2007-0026","refsource":"TRUSTIX","tags":[],"title":"","mime":"text/plain","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.us-cert.gov/cas/techalerts/TA07-352A.html","name":"TA07-352A","refsource":"CERT","tags":["US Government Resource"],"title":"US-CERT Technical Cyber Security Alert TA07-352A -- Apple Updates for Multiple Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/26603","name":"26603","refsource":"SECUNIA","tags":[],"title":"Ubuntu update for tar - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2007/dsa-1438","name":"DSA-1438","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-1438-1 tar","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://docs.info.apple.com/article.html?artnum=307179","name":"http://docs.info.apple.com/article.html?artnum=307179","refsource":"CONFIRM","tags":[],"title":"About Security Update 2007-009","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7779","name":"oval:org.mitre.oval:def:7779","refsource":"OVAL","tags":[],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2007/2958","name":"ADV-2007-2958","refsource":"VUPEN","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021680.1-1","name":"1021680","refsource":"SUNALERT","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html","name":"APPLE-SA-2007-12-17","refsource":"APPLE","tags":[],"title":"APPLE-SA-2007-12-17 Security Update 2007-009","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.novell.com/linux/security/advisories/2007_18_sr.html","name":"SUSE-SR:2007:018","refsource":"SUSE","tags":[],"title":"Security Announcement","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://secunia.com/advisories/26673","name":"26673","refsource":"SECUNIA","tags":[],"title":"rPath update for star - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://support.avaya.com/elmodocs2/security/ASA-2007-383.htm","name":"http://support.avaya.com/elmodocs2/security/ASA-2007-383.htm","refsource":"CONFIRM","tags":[],"title":"ASA-2007-383 (RHSA-2007-0860)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00370.html","name":"FEDORA-2007-2673","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 7 Update: tar-1.15.1-28.fc7","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/26674","name":"26674","refsource":"SECUNIA","tags":[],"title":"SUSE Updates for Multiple Packages - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2007/4238","name":"ADV-2007-4238","refsource":"VUPEN","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=251921","name":"http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=251921","refsource":"MISC","tags":[],"title":"251921 – (CVE-2007-4131) CVE-2007-4131 tar directory traversal vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/28255","name":"28255","refsource":"SECUNIA","tags":[],"title":"Debian update for tar - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/26655","name":"26655","refsource":"SECUNIA","tags":[],"title":"Mandriva update for tar - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/26590","name":"26590","refsource":"SECUNIA","tags":[],"title":"Red Hat update for tar - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/27453","name":"27453","refsource":"SECUNIA","tags":[],"title":"Fedora update for tar - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/usn-506-1","name":"USN-506-1","refsource":"UBUNTU","tags":[],"title":"USN-506-1: tar vulnerability | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://security.FreeBSD.org/advisories/FreeBSD-SA-07:10.gtar.asc","name":"FreeBSD-SA-07:10","refsource":"FREEBSD","tags":[],"title":"","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/477865/100/0/threaded","name":"20070827 FLEA-2007-0049-1 tar","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://secunia.com/advisories/26573","name":"26573","refsource":"SECUNIA","tags":[],"title":"GNU tar Directory Traversal Vulnerability - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/477731/100/0/threaded","name":"20070825 rPSA-2007-0172-1 tar","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://secunia.com/advisories/26604","name":"26604","refsource":"SECUNIA","tags":[],"title":"rPath update for tar - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/25417","name":"25417","refsource":"BID","tags":[],"title":"GNU Tar Dot_Dot Function Remote Directory Traversal Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://secunia.com/advisories/26822","name":"26822","refsource":"SECUNIA","tags":[],"title":"Trustix Update for Multiple Packages - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://issues.rpath.com/browse/RPL-1631","name":"https://issues.rpath.com/browse/RPL-1631","refsource":"CONFIRM","tags":[],"title":"[#RPL-1631] tar, star, CVE-2001-1267 CVE-2002-0399 CVE-2007-4131 - rPath Issue Tracking System","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://secunia.com/advisories/26984","name":"26984","refsource":"SECUNIA","tags":[],"title":"Avaya Products tar Directory Traversal Vulnerability - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://security.gentoo.org/glsa/glsa-200709-09.xml","name":"GLSA-200709-09","refsource":"GENTOO","tags":[],"title":"Gentoo Linux Documentation\n--\n  GNU Tar: Directory traversal vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1018599","name":"1018599","refsource":"SECTRACK","tags":[],"title":"SecurityTracker.com Archives - GNU tar contains_dot_dot() Directory Traversal Bug Lets Remote Users Overwrite Files","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2007-4131","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-4131","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2007","cve_id":"4131","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"tar","cpe6":"1.13","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4131","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"tar","cpe6":"1.13.11","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4131","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"tar","cpe6":"1.13.14","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4131","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"tar","cpe6":"1.13.16","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4131","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"tar","cpe6":"1.13.17","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4131","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"tar","cpe6":"1.13.18","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4131","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"tar","cpe6":"1.13.19","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4131","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"tar","cpe6":"1.13.25","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4131","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"tar","cpe6":"1.13.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4131","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"tar","cpe6":"1.14","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4131","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"tar","cpe6":"1.14.90","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4131","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"tar","cpe6":"1.15","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4131","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"tar","cpe6":"1.15.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4131","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"tar","cpe6":"1.15.90","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4131","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"tar","cpe6":"1.15.91","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4131","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"tar","cpe6":"1.16","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4131","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"tar","cpe6":"1.13","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4131","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"tar","cpe6":"1.13.11","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4131","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"tar","cpe6":"1.13.14","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4131","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"tar","cpe6":"1.13.16","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4131","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"tar","cpe6":"1.13.17","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4131","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"tar","cpe6":"1.13.18","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4131","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"tar","cpe6":"1.13.19","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4131","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"tar","cpe6":"1.13.25","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4131","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"tar","cpe6":"1.13.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4131","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"tar","cpe6":"1.14","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4131","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"tar","cpe6":"1.14.90","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4131","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"tar","cpe6":"1.15","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4131","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"tar","cpe6":"1.15.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4131","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"tar","cpe6":"1.15.90","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4131","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"tar","cpe6":"1.15.91","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4131","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"tar","cpe6":"1.16","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4131","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"4.0","cpe7":"*","cpe8":"as","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4131","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"4.0","cpe7":"*","cpe8":"desktop","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4131","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"4.0","cpe7":"*","cpe8":"es","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4131","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"4.0","cpe7":"*","cpe8":"ws","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4131","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"5.0","cpe7":"*","cpe8":"server","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4131","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"4.0","cpe7":"*","cpe8":"as","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4131","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"4.0","cpe7":"*","cpe8":"desktop","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4131","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"4.0","cpe7":"*","cpe8":"es","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4131","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"4.0","cpe7":"*","cpe8":"ws","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4131","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"5.0","cpe7":"*","cpe8":"server","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4131","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_desktop","cpe6":"5.0","cpe7":"*","cpe8":"client","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4131","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_desktop","cpe6":"5.0","cpe7":"*","cpe8":"client","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4131","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"rpath","cpe5":"rpath_linux","cpe6":"1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4131","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"rpath","cpe5":"rpath_linux","cpe6":"1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2007-4131","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_affected":"=","version_value":"n/a"}]}}]}}]}},"references":{"reference_data":[{"url":"http://secunia.com/advisories/26822","refsource":"MISC","name":"http://secunia.com/advisories/26822"},{"url":"http://www.trustix.org/errata/2007/0026/","refsource":"MISC","name":"http://www.trustix.org/errata/2007/0026/"},{"url":"http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=251921","refsource":"MISC","name":"http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=251921"},{"url":"http://docs.info.apple.com/article.html?artnum=307179","refsource":"MISC","name":"http://docs.info.apple.com/article.html?artnum=307179"},{"url":"http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html","refsource":"MISC","name":"http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"},{"url":"http://secunia.com/advisories/26573","refsource":"MISC","name":"http://secunia.com/advisories/26573"},{"url":"http://secunia.com/advisories/26590","refsource":"MISC","name":"http://secunia.com/advisories/26590"},{"url":"http://secunia.com/advisories/26603","refsource":"MISC","name":"http://secunia.com/advisories/26603"},{"url":"http://secunia.com/advisories/26604","refsource":"MISC","name":"http://secunia.com/advisories/26604"},{"url":"http://secunia.com/advisories/26655","refsource":"MISC","name":"http://secunia.com/advisories/26655"},{"url":"http://secunia.com/advisories/26673","refsource":"MISC","name":"http://secunia.com/advisories/26673"},{"url":"http://secunia.com/advisories/26674","refsource":"MISC","name":"http://secunia.com/advisories/26674"},{"url":"http://secunia.com/advisories/26781","refsource":"MISC","name":"http://secunia.com/advisories/26781"},{"url":"http://secunia.com/advisories/26984","refsource":"MISC","name":"http://secunia.com/advisories/26984"},{"url":"http://secunia.com/advisories/27453","refsource":"MISC","name":"http://secunia.com/advisories/27453"},{"url":"http://secunia.com/advisories/27861","refsource":"MISC","name":"http://secunia.com/advisories/27861"},{"url":"http://secunia.com/advisories/28136","refsource":"MISC","name":"http://secunia.com/advisories/28136"},{"url":"http://secunia.com/advisories/28255","refsource":"MISC","name":"http://secunia.com/advisories/28255"},{"url":"http://security.FreeBSD.org/advisories/FreeBSD-SA-07:10.gtar.asc","refsource":"MISC","name":"http://security.FreeBSD.org/advisories/FreeBSD-SA-07:10.gtar.asc"},{"url":"http://security.gentoo.org/glsa/glsa-200709-09.xml","refsource":"MISC","name":"http://security.gentoo.org/glsa/glsa-200709-09.xml"},{"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021680.1-1","refsource":"MISC","name":"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021680.1-1"},{"url":"http://support.avaya.com/elmodocs2/security/ASA-2007-383.htm","refsource":"MISC","name":"http://support.avaya.com/elmodocs2/security/ASA-2007-383.htm"},{"url":"http://www.debian.org/security/2007/dsa-1438","refsource":"MISC","name":"http://www.debian.org/security/2007/dsa-1438"},{"url":"http://www.mandriva.com/security/advisories?name=MDKSA-2007:173","refsource":"MISC","name":"http://www.mandriva.com/security/advisories?name=MDKSA-2007:173"},{"url":"http://www.novell.com/linux/security/advisories/2007_18_sr.html","refsource":"MISC","name":"http://www.novell.com/linux/security/advisories/2007_18_sr.html"},{"url":"http://www.redhat.com/support/errata/RHSA-2007-0860.html","refsource":"MISC","name":"http://www.redhat.com/support/errata/RHSA-2007-0860.html"},{"url":"http://www.securityfocus.com/archive/1/477731/100/0/threaded","refsource":"MISC","name":"http://www.securityfocus.com/archive/1/477731/100/0/threaded"},{"url":"http://www.securityfocus.com/archive/1/477865/100/0/threaded","refsource":"MISC","name":"http://www.securityfocus.com/archive/1/477865/100/0/threaded"},{"url":"http://www.securityfocus.com/bid/25417","refsource":"MISC","name":"http://www.securityfocus.com/bid/25417"},{"url":"http://www.securitytracker.com/id?1018599","refsource":"MISC","name":"http://www.securitytracker.com/id?1018599"},{"url":"http://www.ubuntu.com/usn/usn-506-1","refsource":"MISC","name":"http://www.ubuntu.com/usn/usn-506-1"},{"url":"http://www.us-cert.gov/cas/techalerts/TA07-352A.html","refsource":"MISC","name":"http://www.us-cert.gov/cas/techalerts/TA07-352A.html"},{"url":"http://www.vupen.com/english/advisories/2007/2958","refsource":"MISC","name":"http://www.vupen.com/english/advisories/2007/2958"},{"url":"http://www.vupen.com/english/advisories/2007/4238","refsource":"MISC","name":"http://www.vupen.com/english/advisories/2007/4238"},{"url":"https://issues.rpath.com/browse/RPL-1631","refsource":"MISC","name":"https://issues.rpath.com/browse/RPL-1631"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10420","refsource":"MISC","name":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10420"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7779","refsource":"MISC","name":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7779"},{"url":"https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00370.html","refsource":"MISC","name":"https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00370.html"}]}},"nvd":{"publishedDate":"2007-08-25 00:17:00","lastModifiedDate":"2018-10-15 21:33:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:4.0:*:desktop:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:4.0:*:es:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:4.0:*:ws:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:4.0:*:as:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:5.0:*:server:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:client:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:rpath:rpath_linux:1:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnu:tar:1.13:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnu:tar:1.13.5:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnu:tar:1.13.11:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnu:tar:1.13.14:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnu:tar:1.13.16:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnu:tar:1.13.17:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnu:tar:1.13.18:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnu:tar:1.13.19:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnu:tar:1.13.25:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnu:tar:1.14:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnu:tar:1.14.90:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnu:tar:1.15:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnu:tar:1.15.1:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnu:tar:1.15.90:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnu:tar:1.15.91:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnu:tar:1.16:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2007","CveId":"4131","Ordinal":"26798","Title":"CVE-2007-4131","CVE":"CVE-2007-4131","Year":"2007"},"notes":[{"CveYear":"2007","CveId":"4131","Ordinal":"1","NoteData":"Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.","Type":"Description","Title":null},{"CveYear":"2007","CveId":"4131","Ordinal":"2","NoteData":"2007-08-24","Type":"Other","Title":"Published"},{"CveYear":"2007","CveId":"4131","Ordinal":"3","NoteData":"2018-10-15","Type":"Other","Title":"Modified"}]}}}