National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2007-4476 Detail

Description

Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."

Source:  MITRE      Last Modified:  09/04/2007

Quick Info

CVE Dictionary Entry:
CVE-2007-4476
Original release date:
09/04/2007
Last revised:
09/28/2017
Source:
US-CERT/NIST

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:
7.5 HIGH
Vector:
(AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore:
6.4
Exploitability Subscore:
10.0
CVSS Version 2 Metrics:
Access Vector:
Network exploitable
Access Complexity:
Low
Authentication:
Not required to exploit
Impact Type:
Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

Vendor Statements (disclaimer)

Official Statement from Red Hat (03/15/2010)

This issue was addressed in Red Hat Enterprise Linux 4 and 5 via https://rhn.redhat.com/errata/RHSA-2010-0141.html for tar. It did not affect the version of tar as shipped with Red Hat Enterprise Linux 3. This issue was also addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0144.html for cpio. It did not affect the version of cpio as shipped with Red Hat Enterprise Linux 3 and 4.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
http://bugs.gentoo.org/show_bug.cgi?id=196978 External Source CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=196978
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691 External Source CONFIRM http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 External Source CONFIRM http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://security.gentoo.org/glsa/glsa-200711-18.xml External Source GENTOO GLSA-200711-18
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021680.1-1 External Source SUNALERT 1021680
http://www.debian.org/security/2007/dsa-1438 External Source DEBIAN DSA-1438
http://www.debian.org/security/2008/dsa-1566 External Source DEBIAN DSA-1566
http://www.mandriva.com/security/advisories?name=MDKSA-2007:197 External Source MANDRIVA MDKSA-2007:197
http://www.mandriva.com/security/advisories?name=MDKSA-2007:233 External Source MANDRIVA MDKSA-2007:233
http://www.novell.com/linux/security/advisories/2007_18_sr.html External Source SUSE SUSE-SR:2007:018
http://www.novell.com/linux/security/advisories/2007_19_sr.html External Source SUSE SUSE-SR:2007:019
http://www.redhat.com/support/errata/RHSA-2010-0141.html External Source REDHAT RHSA-2010:0141
http://www.redhat.com/support/errata/RHSA-2010-0144.html External Source REDHAT RHSA-2010:0144
http://www.securityfocus.com/bid/26445 External Source BID 26445
http://www.ubuntu.com/usn/usn-650-1 External Source UBUNTU USN-650-1
http://www.ubuntu.com/usn/usn-709-1 External Source UBUNTU USN-709-1
http://www.vupen.com/english/advisories/2010/0628 External Source VUPEN ADV-2010-0628
http://www.vupen.com/english/advisories/2010/0629 External Source VUPEN ADV-2010-0629
https://bugzilla.redhat.com/show_bug.cgi?id=280961 External Source CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=280961
https://issues.rpath.com/browse/RPL-1861 External Source CONFIRM https://issues.rpath.com/browse/RPL-1861
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7114 External Source OVAL oval:org.mitre.oval:def:7114
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8599 External Source OVAL oval:org.mitre.oval:def:8599
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9336 External Source OVAL oval:org.mitre.oval:def:9336
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00073.html External Source FEDORA FEDORA-2007-735
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00370.html External Source FEDORA FEDORA-2007-2673

References to Check Content

Identifier:
oval:org.mitre.oval:def:7114
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:7114
Identifier:
oval:org.mitre.oval:def:8599
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:8599
Identifier:
oval:org.mitre.oval:def:9336
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:9336

Technical Details

Vulnerability Type (View All)

Change History 4 change records found - show changes