Описание
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
It was found that the Archive::Tar module did not properly sanitize symbolic links when extracting tar archives. An attacker, able to provide a specially crafted archive for processing, could use this flaw to write or overwrite arbitrary files in the context of the Perl interpreter.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | perl-Archive-Tar | Will not fix | ||
| Red Hat Enterprise Linux 6 | perl | Will not fix | ||
| Red Hat Enterprise Linux 8 | perl-Archive-Tar | Not affected | ||
| Red Hat Software Collections | rh-perl520-perl-Archive-Tar | Will not fix | ||
| Red Hat Software Collections | rh-perl524-perl-Archive-Tar | Out of support scope | ||
| Red Hat Software Collections | rh-perl526-perl-Archive-Tar | Will not fix | ||
| Red Hat Software Collections | rh-perl530-perl-Archive-Tar | Not affected | ||
| Red Hat Enterprise Linux 7 | perl-Archive-Tar | Fixed | RHSA-2019:2097 | 06.08.2019 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.4 Medium
CVSS3
Связанные уязвимости
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
In Perl through 5.26.2, the Archive::Tar module allows remote attacker ...
EPSS
5.4 Medium
CVSS3