CVE-2018-12015

Опубликовано: 07 июн. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 6.4

EPSS Средний

Описание

In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

Ссылки

http://seclists.org/fulldisclosure/2019/Mar/49
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/104423
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1041048
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2019:2097
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900834
Exploit
Mailing List
Third Party Advisory
https://seclists.org/bugtraq/2019/Mar/42
Mailing List
Third Party Advisory
https://security.netapp.com/advisory/ntap-20180927-0001/
Patch
Third Party Advisory
https://support.apple.com/kb/HT209600
Third Party Advisory
https://usn.ubuntu.com/3684-1/
Third Party Advisory
https://usn.ubuntu.com/3684-2/
Third Party Advisory
https://www.debian.org/security/2018/dsa-4226
Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html
http://seclists.org/fulldisclosure/2019/Mar/49
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/104423
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1041048
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2019:2097
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900834
Exploit
Mailing List
Third Party Advisory
https://seclists.org/bugtraq/2019/Mar/42
Mailing List
Third Party Advisory
https://security.netapp.com/advisory/ntap-20180927-0001/
Patch
Third Party Advisory
https://support.apple.com/kb/HT209600
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*

Версия до 5.26.2 (включая)

Конфигурация 4

cpe:2.3:a:archive\:\:tar_project:archive\:\:tar:*:*:*:*:*:perl:*:*

Версия до 2.28 (включая)

Конфигурация 5

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Версия до 10.14.4 (исключая)

Конфигурация 6

Одно из

cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*

EPSS

Процентиль: 94%

0.15065

Средний

7.5 High

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-59

Связанные уязвимости

CVE-2018-12015

CVSS3: 7.5

ubuntu

больше 7 лет назад

CVE-2018-12015

CVSS3: 5.4

redhat

больше 7 лет назад

CVE-2018-12015

CVSS3: 7.5

debian

больше 7 лет назад

In Perl through 5.26.2, the Archive::Tar module allows remote attacker ...

openSUSE-SU-2018:2011-1

suse-cvrf

больше 7 лет назад

Security update for perl

openSUSE-SU-2018:2010-1

suse-cvrf

больше 7 лет назад

Security update for perl

EPSS

Процентиль: 94%

0.15065

Средний

7.5 High

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-59