CVE-2007-4559

Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.
References
Link Resource
http://mail.python.org/pipermail/python-dev/2007-August/074290.html Mailing List Vendor Advisory
http://mail.python.org/pipermail/python-dev/2007-August/074292.html Exploit Mailing List
http://secunia.com/advisories/26623 Broken Link
http://www.vupen.com/english/advisories/2007/3022 Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=263261 Issue Tracking
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVBB7NU3YIRRDOKLYVN647WPRR3IAKR6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FI55PGL47ES3OU2FQPGEHOI2EK3S2OBH/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KA4Z44ZAI4SY7THCFBUDNT5EEFO4XQ3A/
https://security.gentoo.org/glsa/202309-06
http://mail.python.org/pipermail/python-dev/2007-August/074290.html Mailing List Vendor Advisory
http://mail.python.org/pipermail/python-dev/2007-August/074292.html Exploit Mailing List
http://secunia.com/advisories/26623 Broken Link
http://www.vupen.com/english/advisories/2007/3022 Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=263261 Issue Tracking
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVBB7NU3YIRRDOKLYVN647WPRR3IAKR6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FI55PGL47ES3OU2FQPGEHOI2EK3S2OBH/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KA4Z44ZAI4SY7THCFBUDNT5EEFO4XQ3A/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVBB7NU3YIRRDOKLYVN647WPRR3IAKR6/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FI55PGL47ES3OU2FQPGEHOI2EK3S2OBH/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KA4Z44ZAI4SY7THCFBUDNT5EEFO4XQ3A/
https://security.gentoo.org/glsa/202309-06
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:35

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVBB7NU3YIRRDOKLYVN647WPRR3IAKR6/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FI55PGL47ES3OU2FQPGEHOI2EK3S2OBH/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KA4Z44ZAI4SY7THCFBUDNT5EEFO4XQ3A/ -
References () http://mail.python.org/pipermail/python-dev/2007-August/074290.html - Mailing List, Vendor Advisory () http://mail.python.org/pipermail/python-dev/2007-August/074290.html - Mailing List, Vendor Advisory
References () http://mail.python.org/pipermail/python-dev/2007-August/074292.html - Exploit, Mailing List () http://mail.python.org/pipermail/python-dev/2007-August/074292.html - Exploit, Mailing List
References () http://secunia.com/advisories/26623 - Broken Link () http://secunia.com/advisories/26623 - Broken Link
References () http://www.vupen.com/english/advisories/2007/3022 - Broken Link () http://www.vupen.com/english/advisories/2007/3022 - Broken Link
References () https://bugzilla.redhat.com/show_bug.cgi?id=263261 - Issue Tracking () https://bugzilla.redhat.com/show_bug.cgi?id=263261 - Issue Tracking
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVBB7NU3YIRRDOKLYVN647WPRR3IAKR6/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVBB7NU3YIRRDOKLYVN647WPRR3IAKR6/ -
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FI55PGL47ES3OU2FQPGEHOI2EK3S2OBH/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FI55PGL47ES3OU2FQPGEHOI2EK3S2OBH/ -
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KA4Z44ZAI4SY7THCFBUDNT5EEFO4XQ3A/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KA4Z44ZAI4SY7THCFBUDNT5EEFO4XQ3A/ -
References () https://security.gentoo.org/glsa/202309-06 - () https://security.gentoo.org/glsa/202309-06 -

23 Mar 2024, 03:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KA4Z44ZAI4SY7THCFBUDNT5EEFO4XQ3A/ -

16 Mar 2024, 03:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVBB7NU3YIRRDOKLYVN647WPRR3IAKR6/ -

16 Mar 2024, 02:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FI55PGL47ES3OU2FQPGEHOI2EK3S2OBH/ -

02 Aug 2023, 17:28

Type Values Removed Values Added
CPE cpe:2.3:a:python_software_foundation:python:*:*:*:*:*:*:*:* cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
References (SECUNIA) http://secunia.com/advisories/26623 - (SECUNIA) http://secunia.com/advisories/26623 - Broken Link
References (MLIST) http://mail.python.org/pipermail/python-dev/2007-August/074290.html - (MLIST) http://mail.python.org/pipermail/python-dev/2007-August/074290.html - Mailing List, Vendor Advisory
References (VUPEN) http://www.vupen.com/english/advisories/2007/3022 - (VUPEN) http://www.vupen.com/english/advisories/2007/3022 - Broken Link
References (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=263261 - (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=263261 - Issue Tracking
References (MLIST) http://mail.python.org/pipermail/python-dev/2007-August/074292.html - Exploit (MLIST) http://mail.python.org/pipermail/python-dev/2007-August/074292.html - Exploit, Mailing List

Information

Published : 2007-08-28 01:17

Updated : 2024-11-21 00:35


NVD link : CVE-2007-4559

Mitre link : CVE-2007-4559

CVE.ORG link : CVE-2007-4559


JSON object : View

Products Affected

python

  • python
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')