 |
with SecurityTracker! | |
|
|
with SecurityTracker! | |
| Home | View Topics | Search | |
|
|
| Category: Application (Generic) > Perl | Vendors: Wall, Larry |
|
Perl Directory Traversal Flaw in Archive::Tar Lets Remote Users Ovewrite Files on the Target System
| ||||||
| SecurityTracker Alert ID: 1041048 | ||||||
| SecurityTracker URL: https://securitytracker.com/id/1041048 | ||||||
| CVE Reference: CVE-2018-12015 (Links to External Site) | ||||||
|
Date: Jun 8 2018
| ||||||
|
Impact:
Modification of user information | ||||||
|
Vendor Confirmed: Yes | ||||||
|
| ||||||
|
Description:
A vulnerability was reported in Perl. A remote user can overwrite files on the target system. A remote user can create a specially crafted tar archive containing a file and a symbolic link (symlink) with the same name that, when extracted by the target user, will create a file outside of the current working directory. This can be exploited to create or overwrite files on the target system with the privileges of the target user. The Archive::Tar module is affected. Jakub Wilk reported this vulnerability. | ||||||
|
Impact:
A remote user can overwrite files on the target system. | ||||||
|
Solution:
No solution was available at the time of this entry. The vendor advisory is available at: https://rt.cpan.org/Public/Bug/Display.html?id=125523 | ||||||
|
Vendor URL: perl.org/ (Links to External Site)
| ||||||
|
Cause:
Access control error, Input validation error | ||||||
| Underlying OS: Linux (Any), UNIX (Any), Windows (Any) | ||||||
|
| ||||||
Message History:
This archive entry has one or more follow-up message(s) listed below.
| ||||||
Source Message Contents | ||||||
| ||||||