Test ID:	1.3.6.1.4.1.25623.1.0.60070
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-1438-1)
Summary:	The remote host is missing an update for the Debian 'tar' package(s) announced via the DSA-1438-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'tar' package(s) announced via the DSA-1438-1 advisory. Vulnerability Insight: Several vulnerabilities have been discovered in GNU Tar. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-4131 A directory traversal vulnerability enables attackers using specially crafted archives to extract contents outside the directory tree created by tar. CVE-2007-4476 A stack-based buffer overflow in the file name checking code may lead to arbitrary code execution when processing maliciously crafted archives. For the old stable distribution (sarge), these problems have been fixed in version 1.14-2.4. For the stable distribution (etch), these problems have been fixed in version 1.16-2etch1. For the unstable distribution (sid), these problems have been fixed in version 1.18-2. We recommend that you upgrade your tar package. Affected Software/OS: 'tar' package(s) on Debian 3.1, Debian 4. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-4131 1018599 http://www.securitytracker.com/id?1018599 1021680 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021680.1-1 2007-0026 http://www.trustix.org/errata/2007/0026/ 20070825 rPSA-2007-0172-1 tar http://www.securityfocus.com/archive/1/477731/100/0/threaded 20070827 FLEA-2007-0049-1 tar http://www.securityfocus.com/archive/1/477865/100/0/threaded 25417 http://www.securityfocus.com/bid/25417 26573 http://secunia.com/advisories/26573 26590 http://secunia.com/advisories/26590 26603 http://secunia.com/advisories/26603 26604 http://secunia.com/advisories/26604 26655 http://secunia.com/advisories/26655 26673 http://secunia.com/advisories/26673 26674 http://secunia.com/advisories/26674 26781 http://secunia.com/advisories/26781 26822 http://secunia.com/advisories/26822 26984 http://secunia.com/advisories/26984 27453 http://secunia.com/advisories/27453 27861 http://secunia.com/advisories/27861 28136 http://secunia.com/advisories/28136 28255 http://secunia.com/advisories/28255 ADV-2007-2958 http://www.vupen.com/english/advisories/2007/2958 ADV-2007-4238 http://www.vupen.com/english/advisories/2007/4238 APPLE-SA-2007-12-17 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html DSA-1438 http://www.debian.org/security/2007/dsa-1438 FEDORA-2007-2673 https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00370.html FreeBSD-SA-07:10 http://security.FreeBSD.org/advisories/FreeBSD-SA-07:10.gtar.asc GLSA-200709-09 http://security.gentoo.org/glsa/glsa-200709-09.xml MDKSA-2007:173 http://www.mandriva.com/security/advisories?name=MDKSA-2007:173 RHSA-2007:0860 http://www.redhat.com/support/errata/RHSA-2007-0860.html SUSE-SR:2007:018 http://www.novell.com/linux/security/advisories/2007_18_sr.html TA07-352A http://www.us-cert.gov/cas/techalerts/TA07-352A.html USN-506-1 http://www.ubuntu.com/usn/usn-506-1 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=251921 http://docs.info.apple.com/article.html?artnum=307179 http://support.avaya.com/elmodocs2/security/ASA-2007-383.htm https://issues.rpath.com/browse/RPL-1631 oval:org.mitre.oval:def:10420 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10420 oval:org.mitre.oval:def:7779 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7779 Common Vulnerability Exposure (CVE) ID: CVE-2007-4476 26445 http://www.securityfocus.com/bid/26445 26987 http://secunia.com/advisories/26987 27331 http://secunia.com/advisories/27331 27514 http://secunia.com/advisories/27514 27681 http://secunia.com/advisories/27681 27857 http://secunia.com/advisories/27857 29968 http://secunia.com/advisories/29968 32051 http://secunia.com/advisories/32051 33567 http://secunia.com/advisories/33567 39008 http://secunia.com/advisories/39008 ADV-2010-0628 http://www.vupen.com/english/advisories/2010/0628 ADV-2010-0629 http://www.vupen.com/english/advisories/2010/0629 DSA-1566 http://www.debian.org/security/2008/dsa-1566 FEDORA-2007-735 https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00073.html GLSA-200711-18 http://security.gentoo.org/glsa/glsa-200711-18.xml MDKSA-2007:197 http://www.mandriva.com/security/advisories?name=MDKSA-2007:197 MDKSA-2007:233 http://www.mandriva.com/security/advisories?name=MDKSA-2007:233 RHSA-2010:0141 http://www.redhat.com/support/errata/RHSA-2010-0141.html RHSA-2010:0144 http://www.redhat.com/support/errata/RHSA-2010-0144.html SUSE-SR:2007:019 http://www.novell.com/linux/security/advisories/2007_19_sr.html USN-650-1 http://www.ubuntu.com/usn/usn-650-1 USN-709-1 http://www.ubuntu.com/usn/usn-709-1 http://bugs.gentoo.org/show_bug.cgi?id=196978 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 https://bugzilla.redhat.com/show_bug.cgi?id=280961 https://issues.rpath.com/browse/RPL-1861 oval:org.mitre.oval:def:7114 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7114 oval:org.mitre.oval:def:8599 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8599 oval:org.mitre.oval:def:9336 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9336
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.