CVE-2007-4131

Name of the Vulnerable Software and Affected Versions: Debian GNU/Linux (affected versions not specified) GNU tar (affected versions not specified)

Description: The issue concerns multiple vulnerabilities in the tar package of Debian GNU/Linux, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. A directory traversal vulnerability in the contains dot dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.

Recommendations: For Debian GNU/Linux, update the tar package to a version that includes the fix for the directory traversal vulnerability. For GNU tar, avoid using the contains dot dot function until a patch is available, and restrict access to the src/names.c module to minimize the risk of exploitation.