Mandrake Linux Security Advisory : tar (MDKSA-2007:173)

Medium Nessus Plugin ID 25983


The remote Mandrake Linux host is missing a security update.


Dmitry V. Levin discovered a path traversal flaw in how GNU tar extracted archives. A malicious user could create a tar archive that could write to arbitrary fiels that the user running tar has write access to.

Updated packages have been patched to prevent these issues.


Update the affected tar package.

Plugin Details

Severity: Medium

ID: 25983

File Name: mandrake_MDKSA-2007-173.nasl

Version: $Revision: 1.14 $

Type: local

Published: 2007/09/05

Modified: 2015/03/19

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:tar, cpe:/o:mandriva:linux:2007, cpe:/o:mandriva:linux:2007.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2007/09/04

Reference Information

CVE: CVE-2007-4131

BID: 25417

MDKSA: 2007:173