Lucene search

ROSA LABROSA-SA-2021-1894

HistoryJul 02, 2021 - 5:17 p.m.

Advisory ROSA-SA-2021-1894

2021-07-0217:17:20

ROSA LAB

abf.rosalinux.ru

libtar 1.2.11

directory traversal

file overwrite

remote attackers

cobalt 7.9

cve-2013-4420

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.003

Percentile

71.6%

JSON

Software: libtar 1.2.11
OS: Cobalt 7.9

CVE-ID: CVE-2013-4420
CVE-Crit: HIGH
CVE-DESC: Multiple directory traversal vulnerabilities in the (1) tar_extract_glob and (2) tar_extract_all functions in libtar 1.2.20 and earlier allow remote attackers to overwrite arbitrary files with a . (dot) in a created tar file.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2013-4420
CVE-Crit: HIGH
CVE-DESC: Multiple directory traversal vulnerabilities in the (1) tar_extract_glob and (2) tar_extract_all functions in libtar 1.2.20 and earlier allow remote attackers to overwrite arbitrary files with . (dot) in a created tar file.
CVE-STATUS: default
CVE-REV: default

OSVersionArchitecturePackageVersionFilename
Cobaltanynoarchlibtar< 1.2.11UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Cobalt	any	noarch	libtar	< 1.2.11	UNKNOWN

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.003

Percentile

71.6%

JSON

Related for ROSA-SA-2021-1894