CVE-2018-12015

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

References

http://seclists.org/fulldisclosure/2019/Mar/49

http://www.securityfocus.com/bid/104423

http://www.securitytracker.com/id/1041048

https://access.redhat.com/errata/RHSA-2019:2097

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900834

https://seclists.org/bugtraq/2019/Mar/42

https://security.netapp.com/advisory/ntap-20180927-0001/

https://support.apple.com/kb/HT209600

https://usn.ubuntu.com/3684-1/

https://usn.ubuntu.com/3684-2/

https://www.debian.org/security/2018/dsa-4226

https://www.oracle.com/security-alerts/cpujul2020.html

Details

Source: MITRE

Published: 2018-06-07

Updated: 2020-08-24

Type: CWE-59

Risk Information

CVSS v2

Base Score: 6.4

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P

Impact Score: 4.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Tenable Plugins

View all (33 total)

IDNameProductFamilySeverity
140946EulerOS Virtualization for ARM 64 3.0.6.0 : perl-Archive-Tar (EulerOS-SA-2020-1998)NessusHuawei Local Security Checks
high
132461NewStart CGSL CORE 5.05 / MAIN 5.05 : perl-Archive-Tar Vulnerability (NS-SA-2019-0230)NessusNewStart CGSL Local Security Checks
high
131907EulerOS 2.0 SP2 : perl-Archive-Tar (EulerOS-SA-2019-2415)NessusHuawei Local Security Checks
high
130643EulerOS 2.0 SP5 : perl-Archive-Tar (EulerOS-SA-2019-2181)NessusHuawei Local Security Checks
high
130226Amazon Linux 2 : perl-Archive-Tar (ALAS-2019-1330)NessusAmazon Linux Local Security Checks
high
129887NewStart CGSL CORE 5.04 / MAIN 5.04 : perl-Archive-Tar Vulnerability (NS-SA-2019-0188)NessusNewStart CGSL Local Security Checks
high
129014Amazon Linux AMI : perl-Archive-Tar (ALAS-2019-1287)NessusAmazon Linux Local Security Checks
high
128351CentOS 7 : perl-Archive-Tar (CESA-2019:2097)NessusCentOS Local Security Checks
high
128250Scientific Linux Security Update : perl-Archive-Tar on SL7.x x86_64 (20190806)NessusScientific Linux Local Security Checks
high
127670RHEL 7 : perl-Archive-Tar (RHSA-2019:2097)NessusRed Hat Local Security Checks
high
124967EulerOS Virtualization 3.0.1.0 : perl (EulerOS-SA-2019-1464)NessusHuawei Local Security Checks
critical
700522macOS 10.14.x < 10.14.4 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
critical
123844EulerOS Virtualization 2.5.3 : perl (EulerOS-SA-2019-1158)NessusHuawei Local Security Checks
high
123223openSUSE Security Update : perl (openSUSE-2019-528)NessusSuSE Local Security Checks
high
123130macOS 10.13.6 Multiple Vulnerabilities (Security Update 2019-002)NessusMacOS X Local Security Checks
critical
123129macOS and Mac OS X Multiple Vulnerabilities (Security Update 2019-002)NessusMacOS X Local Security Checks
critical
123128macOS 10.14.x < 10.14.4 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
122770EulerOS Virtualization 2.5.2 : perl (EulerOS-SA-2019-1078)NessusHuawei Local Security Checks
high
121982Photon OS 2.0: Perl PHSA-2018-2.0-0084NessusPhotonOS Local Security Checks
critical
121876Photon OS 1.0: Perl PHSA-2018-1.0-0175NessusPhotonOS Local Security Checks
critical
120409Fedora 28 : perl-Archive-Tar (2018-4e088b6d7c)NessusFedora Local Security Checks
high
120049SUSE SLED15 / SLES15 Security Update : perl (SUSE-SU-2018:1977-1)NessusSuSE Local Security Checks
high
118275SUSE SLES12 Security Update : perl (SUSE-SU-2018:1972-2)NessusSuSE Local Security Checks
critical
117751EulerOS 2.0 SP3 : perl (EulerOS-SA-2018-1308)NessusHuawei Local Security Checks
high
117750EulerOS 2.0 SP2 : perl (EulerOS-SA-2018-1307)NessusHuawei Local Security Checks
high
112035Photon OS 2.0: Openssl / Procps-ng / Perl PHSA-2018-2.0-0084 (deprecated)NessusPhotonOS Local Security Checks
critical
111201SUSE SLES11 Security Update : perl (SUSE-SU-2018:1992-1)NessusSuSE Local Security Checks
high
111199openSUSE Security Update : perl (openSUSE-2018-751)NessusSuSE Local Security Checks
high
111198openSUSE Security Update : perl (openSUSE-2018-750)NessusSuSE Local Security Checks
high
111150SUSE SLED12 / SLES12 Security Update : perl (SUSE-SU-2018:1972-1)NessusSuSE Local Security Checks
critical
110597Fedora 27 : perl-Archive-Tar (2018-10ae521efa)NessusFedora Local Security Checks
high
110533Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : Perl vulnerability (USN-3684-1)NessusUbuntu Local Security Checks
high
110464Debian DSA-4226-1 : perl - security updateNessusDebian Local Security Checks
high