CVE-2007-4134

Name of the Vulnerable Software and Affected Versions: star versions prior to 1.5a84

Description: The issue allows remote attackers to exploit a directory traversal vulnerability in the extract.c component of the star package. This can be achieved by using certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive, potentially leading to the overwriting of arbitrary files. The exploitation of this issue may result in the disruption of confidentiality, integrity, and availability of protected information.

Recommendations: For versions prior to 1.5a84, update to version 1.5a84 or later to resolve the issue. As a temporary workaround, consider restricting the use of the extract.c component in the star package until a patch is available. Avoid using the star package to extract TAR archives from untrusted sources until the issue is resolved.